用随机盐改善密码散列 [英] Improve password hashing with a random salt
问题描述
我正在创建一个网站,并试图决定如何加密用户密码以将它们存储到SQL数据库中。
我意识到,使用简单md5(密码)非常不安全。我正在考虑使用sha512(password.salt),我一直在研究生成有用盐的最佳方法。
我阅读了大量文章,指出盐应尽可能随机添加熵,这看起来像一个好主意。但是:
- 假设攻击者需要将随机salt和散列一起存储
- 以某种方式访问你的哈希密码(并试图将哈希反转为纯文本),这意味着他可能倾销了你的数据库,然后访问你的随机盐也是
- 以某种方式访问你的哈希密码(并试图将哈希反转为纯文本),这意味着他可能倾销了你的数据库,然后访问你的随机盐也是
数据库中散列旁边奇怪的外观值是不是很明显?如果攻击者可以访问哈希值以及哈希值,那么安全性如何?
任何人都有这方面的专业知识吗? !谢谢
这是攻击者的 允许的知道盐 - 您的安全,必须设计即使对盐有所了解也是如此。
$ b
使用预先计算好的彩虹表,盐帮助防范暴力攻击。
盐使暴力成本更高(以时间/记忆方式) )
计算这样的表格很昂贵,通常只能用于多于一次的攻击/密码。
如果你使用相同的盐对于所有密码,攻击者可以预先计算这样一个表,然后强制你的密码变为明文...
只要你为每个密码生成一个新的(最好的加密强壮的)随机盐如果你想进一步加强安全性
b $ b Y ou可以多次计算散列(散列散列等) - 这并不会让你付出太多代价,但它会使暴力攻击/计算彩虹表更加昂贵......请不要发明自己 - 有成熟的标准方法可供使用,例如 http://en.wikipedia.org/wiki/PBKDF2 和 http://www.itnewb.com /教程/加密-口令与 - PHP换存储-使用最RSA-PBKDF2-标准
注意: mandatrory (例如,亚马逊的云服务是全球最快的超级计算机前50名之一,任何人都可以使用的数量相对较少)!
I'm starting a website and I'm trying to decide how to encrypt user passwords to store them in a SQL database.
I realize that using a simple md5(password) is very unsecured. I'm considering using a sha512(password.salt), and I have been researching the best way to generate a useful salt. I read numerous articles stating that a salt should be as random as possible to add entropy to the hash and it looks like a great idea. But:
- you need to store the random salt along with your hash
- given that an attacker somehow got access to your hashed passwords (and is trying to reverse the hash to plain text), it means he probably dumped your database, then got access to your random salts also
Isn't it obvious that the weird looking value next to the hash in the database is a salt? If the attacker can access the salt along with the hash value, how is that more secure?
Anyone has any expertise in that area? Thanks!
An attacker is "allowed" to know the salt - your security must be designed in a way that even with the knowledge of the salt it is still secure.
What does the salt do ?
Salt aids in defending against brute-force attacks using pre-computed "rainbow-tables".
Salt makes brute-force much more expensive (in time/memory terms) for the attacker.
Calculating such a table is expensive and usually only done when it can be used for more than one attack/password.
IF you use the same salt for all password an attacker could pre-compute such a table and then brute-force your passwords into cleartext...
As long as you generate a new (best cryptogrpahically strong) random salt for every password you want to store the hash of there is no problem.
IF you want to strengthen the security further
You could calculate the hash several times over (hash the hash etc.) - this doesn't cost you much but it makes a brute-force attack / calculating "rainbow-tables" even more expensive... please don't invent yourself - there are proven standard methods to do so, see for example http://en.wikipedia.org/wiki/PBKDF2 and http://www.itnewb.com/tutorial/Encrypting-Passwords-with-PHP-for-Storage-Using-the-RSA-PBKDF2-Standard
NOTE:
Using such a mechanism is these days mandatrory since "CPU time" (usable for attacks like rainbow tables/brute force etc.) is getting more and more widely available (see for example the fact that Amazon's Cloud service is among the top 50 of fastest supercomuters worldwide and can be used by anyone for a comparatively small amount)!
这篇关于用随机盐改善密码散列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
