简单密码加密 [英] Simple password encryption

问题描述

什么是一个好的，简单的加密方案，用于保护数据库中的密码？我不一定需要任何超级安全的，我也不需要任何闪电般快，但这些事情会很好。

What is a good, simple encryption scheme for protecting passwords in a database? I don't necessarily need anything that's hyper-secure nor do I need anything that's lightning fast, but those things would be nice. Primarily, I just want something that's easy to implement without being terribly slow or insecure.

推荐答案

正如mk所说，SHA1或MD5是一个非常简单的方法，标准的，与SHA2一起。

As mk says, SHA1 or MD5 are the standard ones, along with SHA2.

你想要的是一般称为加密哈希函数。加密散列被设计为单向的（给定结果散列，你不应该能够导出原始输入）。此外，两个任意字符串具有相同散列（被称为散列冲突）的可能性应当较低（理想地是1 /散列值的数量）。

What you want is more generally called a cryptographic hash function. Cryptographic hashes are designed to be one-way (given the resulting hash, you shouldn't be able to derive the original input). Also, the likelihood of two arbitrary strings having the same hash (known as a hash collision) should be low (ideally 1/number of hash values).

因为你的密码是散列的并不能免除你不得不尝试真正努力保持散列版本的安全。太多的人会使用弱密码，这将容易受到离线暴力攻击。

Unfortunately, just because your passwords are hashed doesn't free you from having to try really hard to keep the hashed versions safe. Far too many people will use weak passwords that would be vulnerable to an off-line brute-force attack.

编辑 - 几个人也已经指出使用盐。 salt是一个常量，在使用哈希函数之前，它与输入混合。拥有独特的盐可防止离线攻击者使用预先计算的常用密码表（彩虹表），以更快地强制您的密码。

Edit - several people have also already pointed out the importance of using a salt. A salt is a constant value that you mix in with the input before using the hash function. Having a unique salt prevents off-line attackers from using pre-computed tables of common passwords (rainbow tables) to brute-force your passwords even faster.

这篇关于简单密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！