X- 200 200 X- 200 200 X- 200 200 X- 200 200： [英] How long should a salt be to make it infeasible to attempt dictionary attacks?

问题描述

我正在设计一个如下所示的身份验证系统：

I'm designing an authentication system that works like the following:

1. 用户输入密码

<

2. 密码用漩涡散列


3. Whirlpool将密码与普通盐连接起来


4. 连接的版本使用sha1进行散列并存储在数据库中。


5. 我通过在应用程序层上散列密码来检查密码是否正确，然后执行此操作（在MySQL中）：

1. User enters password
2. Salt is generated.
3. Password is hashed with whirlpool
4. Whirlpool hashed password concatenated with the plain salt
5. The concatenated version is hashed with sha1 and stored in the database.
6. I check the password is correct by hashing the password on the application layer, and then doing this (in MySQL):

MySQL

MySQL

WHERE `Password` = SHA1(CONCAT('$hashedPassword',`Salt`)) AND [..]

目前我的盐是64字节。这是否足以使它对字典攻击不可行？

At the moment my salt is 64 bytes. Will that be enough to make it infeasible to dictionary attack?

我确定sha1有已知的漏洞，但它是我的MySQL（5.1）版本中唯一可用的功能，我可以在数据库层使用，而不是通过应用程序和数据库层之间的连接选择纯盐。

I'm sure sha1 has known vulnerabilities, but it's the only function available on my version of MySQL (5.1) that I can use on the database layer, rather than selecting the plain salt over a connection between the app and the database layer.

推荐答案

我认为你误会了盐的概念。 盐不能防止或减慢字典和暴力攻击的显着。

I think you are misunderstanding the concept of a salt. Salts do not prevent or slow down dictionary and brute-force attacks significantly.

使用盐的全部要点是避免某人已经为您的密码哈希（例如使用彩虹表）预先计算了字典/暴力攻击。因此，它只需要足够长的时间来排除这种表已经存在于特定盐中的可能性。

The whole point of using salts is to avoid the possibility that someone has already precomputed a dictionary/brute force attack for your password hashes (for example using rainbow tables). Thus, it only needs to be long enough to exclude the possibility that such a table already exists for a specific salt.

考虑到这种彩虹表的典型大小，它有些人已经预先计算了像8字节左右的小尺寸盐这样的表格（考虑可能的盐的数量： 256 ^ 8 = 18446744073709551616 ）。前提是当然这些盐是随机产生的，而且您不会多次使用相同的盐值。 64字节不能受伤，当然没有什么问题。

Considering the typical size of such a rainbow table, it is extremely unlikely that somebody already has precomputed such tables for salts of even small size like 8 bytes or so (consider the number of possible salts: 256^8 = 18446744073709551616). The premise is of course that the salts are randomly generated and that you don't use the same salt value multiple times. 64 bytes can't hurt, of course, there's nothing wrong with that.

但是，如果你想使暴力或字典攻击不可行，它不会帮你使用更长的盐。而是让用户选择强密码，并考虑使用按键拉伸。

However, if you want to make brute-force or dictionary attacks infeasible, it won't help you to use a longer salt. Instead, make your users to choose strong passwords and consider using key stretching.

这篇关于X- 200 200 X- 200 200 X- 200 200 X- 200 200：的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！