封锁密码SALT:明文或秘密? [英] Block ciphers SALT: clear text or secret?
问题描述
为了获得最佳安全性,盐值为
保密,与
密码数据库分开。当数据库被盗时,这提供了
的优势,
但盐不是。要从被盗的哈希中确定一个
密码,
的攻击者不能简单地尝试常用的
密码(例如英语
的字或名称)。相反,他们必须
计算随机
字符的散列(至少对于他们知道的盐的输入的
),
这慢得多。
由于我碰巧知道加密Salt(或初始化向量)可以存储在明文和加密文本上,我想问为什么这个误解永远存在?
我的意见是,问题的起因是加密盐(块密码的初始化向量)和散列salt。在存储散列密码时,添加一个或多个盐是常见的做法,并且(稍微)确实这个盐更好地保密。这反过来又使它不是一个盐,而是一个关键,类似于秘密 =nofollow noreferrer> HMAC 。如果您查看维基百科链接的文章存储密码 - 已完成! 'Salt'条目你会看到这是在谈论这种盐,密码哈希。我碰巧不同意这些计划中的大多数,因为我认为密码存储方案还应允许 HTTP摘要认证,在这种情况下,唯一可能的存储是HA1摘要的用户名:realm:password,请参阅将密码存储在表格和摘要身份验证中。
如果您对此问题有意见,请在此作为回复。
- 你认为应该隐藏加密块加密密码吗?解释为什么和如何。
- 您是否同意,一般声明盐应该被隐藏起源于盐化散列,不适用于加密?
- 我们可以在讨论中包含流密码(RC4)吗?
blockquote>
你认为用于块
加密的salt应该被隐藏吗?
解释为什么和如何
不,不应该。块密码的强度取决于密钥。 IMO不应该增加额外的秘密加密的强度。如果密码和密钥不够强大,那么您需要更改密码或密钥长度,不要开始保持其他数据位的密码。安全性很难,所以保持简单。
There are many articles and quotes on the web saying that a 'salt' must be kept secret. Even the Wikipedia entry on Salt:
For best security, the salt value is kept secret, separate from the password database. This provides an advantage when a database is stolen, but the salt is not. To determine a password from a stolen hash, an attacker cannot simply try common passwords (such as English language words or names). Rather, they must calculate the hashes of random characters (at least for the portion of the input they know is the salt), which is much slower.
Since I happen to know for a fact that encryption Salt (or Initialization Vectors) are OK to be stored on clear text along with the encrypted text, I want to ask why is this misconception perpetuated ?
My opinion is that the origin of the problem is a common confusion between the encryption salt (the block cipher's initialization vector) and the hashing 'salt'. In storing hashed passwords is a common practice to add a nonce, or a 'salt', and is (marginally) true that this 'salt' is better kept secret. Which in turn makes it not a salt at all, but a key, similar to the much clearly named secret in HMAC. If you look at the article Storing Passwords - done right! which is linked from the Wikipedia 'Salt' entry you'll see that is talking about this kind of 'salt', the password hash. I happen to disagree with most of these schemes because I believe that a password storage scheme should also allow for HTTP Digest authentication, in which case the only possible storage is the HA1 digest of the username:realm:password, see Storing password in tables and Digest authentication.
If you have an opinion on this issue, please post here as a response.
- Do you think that the salt for block cipher encryption should be hidden? Explain why and how.
- Do you agree that the blanket statement 'salts should be hidden' originates from salted hashing and does not apply to encryption?
- Sould we include stream ciphers in discussion (RC4)?
Do you think that the salt for block cipher encryption should be hidden? Explain why and how
No it shouldn't. The strength of a block cipher relies on the key. IMO you should not increase the strength of your encryption by adding extra secrets. If the cipher and key are not strong enough then you need to change the cipher or key length, not start keeping other bits of data secret. Security is hard enough so keep it simple.
这篇关于封锁密码SALT:明文或秘密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
