存储加密密码 [英] Storing encrypted passwords
问题描述
我们中的一个人认为:
- 除了单向散列版本之外,使用公共密钥存储密码也是可行的,并且在合并或收购的情况下将来可能会与其他认证系统集成。
- 我以前曾在以前的公司做过这样的工作,并且有许多网站在这方面做到了这一点,并在财富的安全审计中幸存下来
- 这是一个常见且被接受的做法,即使是金融机构,因此无需在隐私政策中明确说明。
- 像Mint.com这样的网站这样做。
<只有首席执行官/首席技术官才能访问私钥,只有在必要时才能使用。
我们中的另一个人采取以下观点:
- 存储密码即使是加密形式也是不必要的安全风险,最好先避免这种风险。
- 如果私钥落在了错误的手中,那么在多个站点使用相同密码的用户将有可能导致所有登录遭到破坏。
- 这是一个违反信任的用户,如果这种做法得到实施,应该明确告知
- 这不是全行业的做法,没有大名称网站(Google,Yahoo,Amazon等)实现这一点。 Mint.com是一种特殊情况,因为他们需要代表您与其他网站进行身份验证。此外,他们只将密码存储到您的金融机构,而不是Mint.com本身的密码。
- 这是审核中的红旗。
想法?注释?你是否在一个执行这种做法的组织中工作?
存储可恢复密码版本的第一种做法是错误的。无论大网站如何做到这一点。这是错误的。他们是错误的。
我自动不信任任何存储我的密码的网站被破坏。谁知道如果大公司的员工决定开玩笑,会发生什么?有一个雅虎盗窃的家伙出售了用户电子邮件。如果有人用我的电子邮件和密码窃取/销售整个数据库怎么办?
没有必要了解我的原始密码来执行身份验证。即使您稍后决定拆分系统,添加新的或与第三方集成,您仍然可以使用密码散列。
My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences.
One of us takes the viewpoint that:
- Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the future in case of a merger or acquisition.
- Only the CEO/CTO would have access to the private key, and it would only be used when necessary. Regular login validation would still occur via the hashed password.
- I have/he has done this before in previous companies and there are many sites out there that do this and have survived security audits from Fortune 500 companies before.
- This is a common, and accepted practice, even for financial institutions, thus there is no need to explicitly state this in the privacy policy.
- Sites like Mint.com do this.
The other one of us takes the following viewpoint:
- Storing passwords, even in encrypted form, is an unnecessary security risk and it's better to avoid exposure to this risk in the first place.
- If the private key falls into the wrong hands, users that use the same password across multiple sites would risk having all of their logins compromised.
- This is a breach of trust of our users, and if this practice is implemented, they should be explicitly informed of this.
- This is not an industry-wide practice and no big name sites (Google, Yahoo, Amazon, etc.) implement this. Mint.com is a special case because they need to authenticate with other sites on your behalf. Additionally, they only store the passwords to your financial institutions, not your password to Mint.com itself.
- This is a red flag in audits.
Thoughts? Comments? Have you worked at an organization that implemented this practice?
The first practice of storing recoverable version of passwords is plain wrong. Regardless of the fact that big sites do this. It is wrong. They are wrong.
I automatically distrust any site that stores my password unhashed. Who knows what would happen if the employees of that big company decide to have fun? There was a case some guy from Yahoo stole and sold user emails. What if someone steals/sells the whole database with my emails and passwords?
There is no need whatsoever for you to know my original password to perform authentication. Even if you decide later to split the system, add a new one or integrate with a third party, you still will be fine with just a hash of the password.
这篇关于存储加密密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
