散列密码的最佳做法 - SHA256或SHA512? [英] Best practice for hashing passwords - SHA256 or SHA512?
问题描述
我目前使用SHA256和盐来散列我的密码。继续使用SHA256还是应该更改为SHA512更好?
切换到SHA512几乎不会让您的网站更安全。 您不应该编写自己的密码散列函数。而是使用现有的实现。
SHA256和SHA512是消息摘要它们是从来没有意味着密码哈希(或密钥派生)函数。 (尽管消息摘要可以用作KDF的构建块,例如在带有HMAC-SHA1的PBKDF2中)。
密码散列函数应该抵御字典攻击和彩虹桌。为了抵御字典攻击,密码哈希计划必须包含一个工作因素,以使其尽可能慢地运行。
目前,最好的选择可能是 Argon2 。这个密码散列函数系列在2015年赢得了密码散列比赛。如果不存在 Argon2 ,则唯一的其他标准化密码哈希或密钥派生函数是
- https ://en.wikipedia.org/wiki/Argon2
- https://en.wikipedia.org/wiki/Bcrypt
- https://en.wikipedia.org/wiki/Scrypt
- https://en.wikipedia.org/wiki/PBKDF2
I am currently using SHA256 with a salt to hash my passwords. Is it better to continue using SHA256 or should I change to SHA512?
Switching to SHA512 will hardly make your website more secure. You should not write your own password hashing function. Instead, use an existing implementation.
SHA256 and SHA512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as in PBKDF2 with HMAC-SHA1.)
A password-hashing function should defend against dictionary attacks and rainbow tables. In order to defend against dictionary attacks, a password hashing scheme must include a work factor to make it as slow as is workable.
Currently, the best choice is probably Argon2. This family of password hashing functions won the Password Hashing Competition in 2015.
If Argon2 is not available, the only other standardized password-hashing or key-derivation function is PBKDF2, which is an oldish NIST standard. Other choices, if using a standard is not required, include bcrypt and scrypt.
Wikipedia has pages for these functions:
- https://en.wikipedia.org/wiki/Argon2
- https://en.wikipedia.org/wiki/Bcrypt
- https://en.wikipedia.org/wiki/Scrypt
- https://en.wikipedia.org/wiki/PBKDF2
这篇关于散列密码的最佳做法 - SHA256或SHA512?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
