块密码SALT：明文或秘密？ [英] Block ciphers SALT: clear text or secret?

问题描述

网上有很多文章和报价说盐必须保密。即使是 Salt 上的维基百科条目：

为了最好的安全性，salt值是
保密，与
密码数据库分开。当数据库被盗时，这提供了
的优势，
但盐不是。为了从被盗的哈希中确定一个
密码，一个
攻击者不能简单地尝试普通的
密码（如英语b b b词或名字）。相反，他们必须
计算随机
字符的哈希值（至少对于输入的
部分是盐），
这是慢得多。

由于我偶然知道加密Salt（或初始化向量）可以与加密文本一起存储在明文中，

我的意见是问题的根源是加密盐之间的常见混乱块密码的初始化向量）和哈希'salt'。在存储散列密码是一个常见的做法是添加一个随机数或一个'salt'，并且（很少）真的这个'salt'更好地保密。这反过来使它不是一个盐，而是一个键，类似于在秘密 =nofollow noreferrer> HMAC 。如果您查看存储密码 - 完成！的文章，该文章从维基百科'Salt'条目你会看到，这是说'salt'，密码哈希。我碰巧不同意大多数这些计划，因为我认为密码存储方案也应该允许 HTTP摘要认证，在这种情况下，唯一可能的存储是用户名：realm：password的HA1摘要，请参阅在表格中存储密码和Digest身份验证。

如果您对此有任何意见，

1. 您认为区块密码加密的盐应该隐藏吗？


2. 您是否同意声明salt应该被隐藏的声明源于盐化散列，不适用于加密？


3. 我们是否可以在讨论中加入流密码（RC4）？

解决方案

blockquote>

你认为块
加密的盐应该隐藏吗？
说明为什么和如何

不应该。块密码的强度依赖于密钥。 IMO你不应该通过添加额外的秘密来增加你的加密的力量。如果密码和密钥不够强，那么您需要更改密码或密钥长度，而不是开始保持其他数据位的秘密。安全性很难，所以保持简单。

There are many articles and quotes on the web saying that a 'salt' must be kept secret. Even the Wikipedia entry on Salt:

For best security, the salt value is kept secret, separate from the password database. This provides an advantage when a database is stolen, but the salt is not. To determine a password from a stolen hash, an attacker cannot simply try common passwords (such as English language words or names). Rather, they must calculate the hashes of random characters (at least for the portion of the input they know is the salt), which is much slower.

Since I happen to know for a fact that encryption Salt (or Initialization Vectors) are OK to be stored on clear text along with the encrypted text, I want to ask why is this misconception perpetuated ?

My opinion is that the origin of the problem is a common confusion between the encryption salt (the block cipher's initialization vector) and the hashing 'salt'. In storing hashed passwords is a common practice to add a nonce, or a 'salt', and is (marginally) true that this 'salt' is better kept secret. Which in turn makes it not a salt at all, but a key, similar to the much clearly named secret in HMAC. If you look at the article Storing Passwords - done right! which is linked from the Wikipedia 'Salt' entry you'll see that is talking about this kind of 'salt', the password hash. I happen to disagree with most of these schemes because I believe that a password storage scheme should also allow for HTTP Digest authentication, in which case the only possible storage is the HA1 digest of the username:realm:password, see Storing password in tables and Digest authentication.

If you have an opinion on this issue, please post here as a response.

1. Do you think that the salt for block cipher encryption should be hidden? Explain why and how.
2. Do you agree that the blanket statement 'salts should be hidden' originates from salted hashing and does not apply to encryption?
3. Sould we include stream ciphers in discussion (RC4)?

解决方案

Do you think that the salt for block cipher encryption should be hidden? Explain why and how

No it shouldn't. The strength of a block cipher relies on the key. IMO you should not increase the strength of your encryption by adding extra secrets. If the cipher and key are not strong enough then you need to change the cipher or key length, not start keeping other bits of data secret. Security is hard enough so keep it simple.

这篇关于块密码SALT：明文或秘密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！