您如何将盐添加到现有的密码哈希中? [英] How would you add salt to your existing password hashes?

问题描述

我有一个散列密码数据库，在散列之前没有添加盐.我想在新密码中加盐.显然我不能重新散列现有的.

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can't re-hash the existing ones.

您将如何迁移到新的哈希系统?

How would you migrate to a new hashing system?

推荐答案

当然可以.只需向现有哈希添加盐并再次对其进行哈希处理.当然，这将要求任何未来的登录都经过相同的过程，这意味着需要调用两个散列函数，但许多合法模式无论如何都会这样做，所以它不会像你想象的那么糟糕.

Sure you can. Just add a salt to the existing hash and hash it again. Of course this will require any future logins to go through the same process meaning two hash functions will need to be called but lots of legitimate patterns do this anyway so it doesn't smell as bad as you might think.

加盐密码是为了防御彩虹表.在这种情况下，盐不需要是秘密.

Salting a password is an effort to defend against rainbow tables. In this case the salt does not need to be a secret.

http://en.wikipedia.org/wiki/Rainbow_tables#Defense_against_rainbow_tables

其实可以在文章中看到

hash = MD5 (MD5 (password) . salt)

这与您将使用的方法完全相同.(不同的散列函数除外.)

Which is the same exact method you would be using. (Except a different hashing function.)

这篇关于您如何将盐添加到现有的密码哈希中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！