盐如何防止字典攻击？ [英] How does a salt protect against a dictionary attack?

问题描述

可能重复：

盐的目的是什么？

我刚刚阅读了一些关于盐的使用，我已经阅读的例子给在密码之前添加一个盐，以防止字典攻击。

但是，我真的不知道如何帮助 - 如果攻击者可以访问密码的哈希值（正如我在阅读的例子中），他们很可能也有权访问盐。
因此，攻击者不能在运行字典之前先将盐添加到字典中的每个项目并将其后缀化，以查看它是否与哈希匹配吗？所以他们不得不重复遍历字典多次，这似乎不是一个保护增强？

解决方案

A 字典攻击是一种攻击，攻击者需要一个大的密码列表，可能按照mighthood / probability排序，并对每个密码应用算法，检查结果。

如果是带密码的密码，如果攻击者有盐（通常假设的），这样的攻击仍然是可能的（并不显着昂贵）：只需在你的算法中输入salt。 / p>

一个盐防护的是彩虹表。 rainbow table 是一个表，包含成对的明文（例如密码）和相应的散列，按散列排序。这样的表允许在给定散列的情况下简单地查找密码。

生成彩虹表是一个昂贵的步骤（取决于用作输入的字典的大小） ，但是之后你可以使用它没有任何代价查找尽可能多的密码。

由于盐防护这一点，因为你现在需要一个单独的表为每个盐。即使使用简单的Unix crypt的2字母盐，这已经是3,844的因素。现代密码散列算法使用更大的盐（例如bcrypt使用128位盐，其给出了 ¹²⁸ 的因子）。

为了防止字典攻击，你将使用慢速哈希算法，而不是简单的MD5或SHA1 / SHA2。 Bcrypt是这样的算法（具有可配置的工作因子），并且同一作者后来提出了scrypt（其不仅需要很多时间，而且还需要大量的存储器，攻击者通常不具有处理能力）。 / p>

Possible Duplicate:
What is the purpose of salt?

I've just been reading up a bit about the use of salts, and the example I've been reading gives that of adding a salt to a password before hashing to protect against a dictionary attack.

However I don't really see how that helps - if the attacker has access to the hash of the password (as they do in the example I've been reading) they most likely they will also have access to the salt. Therefore can't an attacker just prepend and postpend the salt to each item in a dictionary before running through the dictionary to see if it matches the hash? So they have to iterate through the dictionary more than once, that's doesn't seem much of a protection enhancement?

解决方案

A dictionary attack is an attack where the attacker takes a large list of passwords, possibly ordered by likelyhood/probability, and applies the algorithm for each of it, checking the result.

In case of a salted password, such an attack is still possible (and not significantly costlier), if the attacker has the salt (what is normally assumed): Simply input the salt in your algorithm, too.

What a salt protect against, is a rainbow table. A rainbow table is a table containing pairs of plaintext (e.g. passwords) and the corresponding hashes, ordered by hash. Such a table allows a simple lookup of the password, given the hash.

Producing a rainbow table is a costly step (depending on the size of the dictionary used as input), but then you can use it without any cost later to lookup as many passwords as wanted.

As salt protects against this, since you now would need a separate table for each salt. Even with the simple Unix crypt's 2-letter salt, this already is a factor of 3,844. Modern password hash algorithms use a much larger salt (for example bcrypt uses a 128-bit salt, which gives a factor of 2¹²⁸.)

To protect against dictionary attacks, too, you'll use a slow hash algorithm instead of a fast one like simple MD5 or SHA1/SHA2. Bcrypt is such an algorithm (with a configurable work factor), and the same author later proposed scrypt (which not only takes much time, but also needs lots of memory, which attackers often don't have as much as processing power).

这篇关于盐如何防止字典攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！