在数据库中加密/散列纯文本密码 [英] Encrypting/Hashing plain text passwords in database

问题描述

我刚刚发现一个网络应用程序继承，SQL Server数据库中以超纯文本存储了超过30万个用户名/密码。我意识到这是一个非常糟糕的事情。

知道我必须更新登录和密码更新过程加密/解密，影响最小在系统的其余部分，您会推荐什么作为从数据库中删除纯文本密码的最佳方法？

任何帮助都不胜感激。

编辑：对不起，如果我不清楚，我打算问你的程序是加密/哈希的密码，而不是具体的加密/哈希方法。 p>

我应该只是：

1. 备份数据库


2. 更新登录/更新密码代码


3. 经过几个小时之后，浏览用户表中的所有记录哈希密码并替换每个


4. 测试以确保用户仍然可以登录/更新密码

我想我的关注更多来自于绝大多数用户，所以我想以确保我正确地这样做。

解决方案

我想象你必须在数据库中为加密的密码添加列，然后在所有记录上运行批处理作业，获得当前密码，加密它因为其他人已经提到像md5这样的哈希是非常标准的编辑：但不应该自己使用 - 请参阅其他答案以进行良好的讨论），将其存储在新的列中，并且检查一切顺利。

然后，您将需要更新您的前端在登录时对用户输入的密码进行哈希验证，并验证与存储的哈希值相比，而不是检查plaintext-vs-明文。

看起来谨慎的是，将两列保留一段时间，以确保没有任何可见的变化，最终删除明文密码，一起。

不要忘记，只要密码被访问，代码将不得不更改，如密码更改/提醒请求。你当然会失去电子邮件忘记密码的能力，但这不是坏事。您将不得不使用密码重置系统。

编辑：
最后一点，您可能需要考虑避免我第一次尝试的错误在测试台安全登录网站：

处理用户密码时，请考虑发生哈希的位置。在我的情况下，哈希是由在网络服务器上运行的PHP代码计算的，但密码从用户的机器以明文形式发送到页面！这是在我正在工作的环境中的（ish），因为它是在一个https系统中（uni网络）。但是，在现实世界中，我想你会想要在离开用户系统之前使用哈希密码，使用javascript等等，然后将哈希传输到您的站点。

I've inherited a web app that I've just discovered stores over 300,000 usernames/passwords in plain text in a SQL Server database. I realize that this is a Very Bad Thing™.

Knowing that I'll have to update the login and password update processes to encrypt/decrypt, and with the smallest impact on the rest of the system, what would you recommend as the best way to remove the plain text passwords from the database?

Any help is appreciated.

Edit: Sorry if I was unclear, I meant to ask what would be your procedure to encrypt/hash the passwords, not specific encryption/hashing methods.

Should I just:

1. Make a backup of the DB
2. Update login/update password code
3. After hours, go through all records in the users table hashing the password and replacing each one
4. Test to ensure users can still login/update passwords

I guess my concern is more from the sheer number of users so I want to make sure I'm doing this correctly.

解决方案

I would imagine you will have to add a column to the database for the encrypted password then run a batch job over all records which gets the current password, encrypts it (as others have mentiond a hash like md5 is pretty standard edit: but should not be used on its own - see other answers for good discussions), stores it in the new column and checks it all happened smoothly.

Then you will need to update your front-end to hash the user-entered password at login time and verify that vs the stored hash, rather than checking plaintext-vs-plaintext.

It would seem prudent to me to leave both columns in place for a little while to ensure that nothing hinky has gone on, before eventually removing the plaintext passwords all-together.

Don't forget also that anytime the password is acessed the code will have to change, such as password change / reminder requests. You will of course lose the ability to email out forgotten passwords, but this is no bad thing. You will have to use a password reset system instead.

Edit: One final point, you might want to consider avoiding the error I made on my first attempt at a test-bed secure login website:

When processing the user password, consider where the hashing takes place. In my case the hash was calculated by the PHP code running on the webserver, but the password was transmitted to the page from the user's machine in plaintext! This was ok(ish) in the environment I was working in, as it was inside an https system anyway (uni network). But, in the real world I imagine you would want to hash the password before it leaves the user system, using javascript etc. and then transmit the hash to your site.

这篇关于在数据库中加密/散列纯文本密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！