使用非对称加密来保护密码 [英] Using asymmetric encryption to secure passwords

问题描述

由于我们的客户的需求，用户密码必须存放在一些可读的形式，以便让帐户在稍后的日期进行转换。不幸的是，就节省了哈希值，并将其身份验证比较是不是一个不错的选择。在数据库中存储一般密码不是一种选择任一过程，但使用像的AES的加密方案可能是一个。但是，在这种情况下，密钥来解密密码都必须存储在系统操作验证，我不与很舒服。

Due to our customer's demands, user passwords must be kept in some "readable" form in order to allow accounts to be converted at a later date. Unfortunately, just saving hash values and comparing them on authentication is not an option here. Storing plain passwords in the database is not an option either of course, but using an encryption scheme like AES might be one. But in that case, the key to decrypt passwords would have to be stored on the system handling authentication and I'm not quite comfortable with that.

希望能得到两全其美，我的实现是现在使用RSA非对称加密来保护密码。密码是咸鱼和使用公共密钥加密。我禁用任何额外的内部腌制或填充机制。加密后的密码是相同的每一次，就像一个MD5或SHA1哈希密码会。这种方式，认证系统需要公共密钥，只。私钥不是必需的。

Hoping to get "best of both worlds", my implementation is now using RSA asymmetric encryption to secure the passwords. Passwords are salted and encrypted using the public key. I disabled any additional, internal salting or padding mechanisms. The encrypted password will be the same every time, just like a MD5 or SHA1 hashed password would be. This way, the authentication system needs the public key, only. The private key is not required.

私钥被打印出来，密封，在创建后在公司的安全权离线存储。但是，当账户需要被转换后，它将允许访问密码。

The private key is printed out, sealed and stored offline in the company's safe right after it is created. But when the accounts need to be converted later, it will allow access to the passwords.

在我们部署该解决方案，我想听听你对这个计划的意见。在设计任何瑕疵？任何严重的弊端相比，对称加密？别的，我们缺少？

Before we deploy this solution, I'd like to hear your opinion on this scheme. Any flaws in design? Any serious drawbacks compared to the symmetric encryption? Anything else we are missing?

非常感谢你提前！

-

更新：的
根据下文杰克的论点，我想补充的相关实施细节我们基于RSA的散列功能：

Update: In response to Jack's arguments below, I'd like to add the relevant implementation details for our RSA-based "hashing" function:

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Cipher rsa = Cipher.getInstance("RSA/None/NoPadding");
rsa.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] cryptRaw = rsa.doFinal(saltedPassword.getBytes());

已经迅速掠过杰克所说的纸，我想，我有所了解，如原和preprocessing的重要性。难道是正常的为延长我原来的问题并询问是否有应用需要preprocessing的方式，仍然有函数每次都返回相同的输出为每个输入，就像一个普通散列函数将？我会接受的答案，认为奖金问题在这里。 （或者我应该作出这样的SOF上一个单独的问题吗？）

Having quickly skimmed over the paper mentioned by Jack, I think I somewhat understand the importance of preprocessing such as OAEP. Would it be alright to extend my original question and ask if there is a way to apply the needed preprocessing and still have the function return the same output every time for each input, just as a regular hashing function would? I would accept an answer to that "bonus question" here. (Or should I make that a seperate question on SOF?)

-

更新2：的
我有一个很难接受present一个答案，因为我觉得没有确实回答我的问题。但是我不再指望任何更多的答案来，所以我会接受一个，我觉得是最有建设性的。

Update 2: I'm having a hard time accepting one of the present answers because I feel that none really does answer my question. But I no longer expect any more answers to come, so I'll accept the one that I feel is most constructive.

推荐答案

我加入这个作为另一个答案，因为不是回答提出的问题（如我的第一反应一样）这是一个解决办法/替代建议。

I'm adding this as another answer because instead of answering the question asked (as I did in the first response) this is a workaround / alternative suggestion.

简而言之：

使用哈希值，但只要用户更改其密码，也可以使用你的公钥如下：

Use hashes BUT, whenever a user changes their password, also use your public key as follows:

• 生成一个随机对称密钥，并用它来加密时间戳，用户标识符，和新的密码。
  
  
  
  • 时间戳是确保试图找到电流/最先进的最新密码，当您不要弄乱更高版本。
  
  
  • 用户名，让你知道哪个帐户正在处理。
  
  
  • 密码，因为它是一个要求。
  
  

  当你需要使用当前密码'转换'的帐户，您使用私钥并办理密码变更记录。对于每一个：

  When you need to 'convert' the accounts using the current password, you use the private key and go through the password change records. For each one:

  
  
  • 使用私钥，解密对称密钥。
  
  
  • 使用对称密钥，解密记录。
  
  
  • 如果您有此用户的记录已经，比较时间戳，并保持这是最新的密码（丢弃旧的）。
  
  
  • 车床，漂洗，重复。
  
  

  （坦白地说，我可能是加密的时间戳和不会离开它明文矫枉过正的东西，但我偏执，我有时间戳的事情。不要让我开始。）

  (Frankly I'm probably overdoing things by encrypting the timestamp and not leaving it plaintext, but I'm paranoid and I have a thing for timestamps. Don't get me started.)

  由于您只更改密码时使用的公钥，速度不是很重要。此外，你不必守在那里的明文密码被用户用于认证的服务器上加密的记录/文件/数据。这个数据可以被定期存档或以其他方式移动离开，因为它们不是必需的正常操作（这是散列是什么）。

  Since you only use the public key when changing passwords, speed isn't critical. Also, you don't have to keep the records / files / data where the plaintext password is encrypted on the server the user uses for authentication. This data can be archived or otherwise moved off regularly, as they aren't required for normal operations (that's what the hash is for).

  这篇关于使用非对称加密来保护密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！