什么是最安全的散列方法？ （PHP） [英] What is the most secure hashing method? (PHP)

问题描述

我刚刚注意到我的PHP安装中有SHA512。它比SHA1更安全吗？它是最安全的哈希方法（我需要密码，而不是文件完整性检查）？ 解决方案

答案是总是使用专为此设计的算法，并已通过时间测试。

目前，该算法是bcrypt（还有其他两种，但我不记得他们的名字）。每种语言都有bcrypt实现，所以只需找到一个并使用它。如果电脑的速度越来越快（这会削弱你的散列），你可以增加用于使它变慢的轮数（它随着硬件的扩展）。 ，sha512等：他们吸取密码。他们吸了多少？您可以使用笔记本电脑在几小时甚至几秒钟内强制平均密码长度。没关系，它们不是用来保护密码的。尽管如此，它们仍然可以用作加密原语，例如：您可以使用md5实现bcrypt。

I have just noticed that I have SHA512 in my PHP installation. Is it more secure than SHA1? Is it the most secure hashing method (I need for passwords, not for file integrity checking)?

解决方案

I asked this question long time ago.

The answer is to always use an algorithm that has been designed for this, and has passed the test of time.

Currently, that algorithm would be bcrypt (there are 2 others but I don't remember their names). There are bcrypt implementations in every language, so just find one and use it. If computers keep getting faster (which would weaken your hashes), you can increase the number of rounds used to make it slower (it scales with hardware).

md5, sha1, sha512, etc: they suck for passwords. How much they suck? You can bruteforce average length passwords in hours or even seconds with your laptop. And that's ok, they weren't designed for securing passwords. They can still be used as cryptographic primitives though, eg: you can implement bcrypt using md5.

这篇关于什么是最安全的散列方法？ （PHP）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！