安全散列密码 - 非常矛盾的建议！ [英] Securely hash passwords - so much conflicting advice!

问题描述

我正在阅读如何安全地存储密码这么多相互矛盾的建议。我所知道的肯定不是使用MD5！我曾经见过人们主张使用PHP的 bcrypt 函数，这看起来好像会占用服务器的处理器。我曾见过盐的倡导者，并倡导不使用盐。

这一切都不清楚。编辑：经过大量的研究，我发现了一篇文章;登录：那个与处理密码相关的文章主题相当深入： http://www.usenix.org /publications/login/2004-06/pdfs/alexander.pdf

解决方案

好吧，有几个部分这一点。

1. 您需要努力让您的数据库和密码难以摆脱，并确保它们的安全。这包括不使用明文形式的密码，也不使用对称加密算法。


2. 您需要使用 salt 。这样做可以防止人们使用预先计算的查找表（即彩虹表）或诸如 http://md5.rednoize.com/ 。选择一些既适用于您的盐又适用于 和不可预知的数据。我通常使用随机的32位值，但我不会少得多。


3. 一些算法比其他算法更强大。这是以几种方式定义的
   
   
   
   1. 它可以被计算的速度有多快。时间越长越好。攻击者计算散列速度越快，bruteforce攻击的几率就越高。
      
   2. 如果算法没有已知的弱点可减少搜索空间。例如，md5哈希中的位数是误导性的，因为有已知攻击减少实际的搜索空间
   
   






截至今天，我认为 SHA1或SHA2 在不久的将来是合理安全的。有一个名为 bcrypt 的实用程序，它使用了河豚的不对称变体，并且具有内置盐和计算开销的概念，可能值得一试。





---





编辑：我想澄清什么是盐，因为有一个很多在SO和网上有误解。



盐是什么不是





秘密，预先同意的字符串，你用密码散列。这是一个秘密的关键，而不是盐。





盐是什么





和不可预知的每个哈希）与散列时的密码一起使用，但是您还包含散列 outside 的未加密的副本，以便以后验证散列时您可以在散列之前给予测试密码时包含相同的盐，以便您可以正确比较散列。




I'm reading so much conflicting advice as to how to store passwords securely. All I know for sure is not to use MD5! I've seen people advocate using PHP's bcrypt function, which seems like it'd hog the server's processor. I've seen advocates for salts, and advocates for not using salts.

It's all just so unclear. Is there real and credible advice as to how to store passwords securely?

Edit: After a fair amount of research, I found an article from ;login: that deals with the topic in quite some depth: http://www.usenix.org/publications/login/2004-06/pdfs/alexander.pdf

解决方案

Well, there is several parts to this.

1. You need to try to make it difficult to get to your db and passwords in the first place, keep them secure. This includes not making your passwords cleartext and not using a symmetric encryption algorithm.
2. You need to use a salt. Doing this prevents people from using a precomputed lookup table (i.e. rainbow table) or something like http://md5.rednoize.com/. Pick some data for your salt that is both unique and unpredictable. I usually use a random 32 bit value, but I wouldn't go much less.
3. Some algorithms are stronger than others. This is defined in a couple ways
   1. How fast it can be computed. Longer is better. The faster the attacker can calculate hashes, the better the odds are for a bruteforce attack.
   2. If the algorithm has no known weakness which reduce the search space. For example, the number of bits in an md5 hash is misleading because there are known attacks that reduce the actual search space

As of today I think SHA1 or SHA2 with a salt is reasonably secure for the near future. There is a utility called bcrypt which uses an asymmetric variant of blowfish and has the concepts of salt and computational expense built-in, it might be worth checking out.

---

Edit: I wanted to clarify what a salt is, as there is a lot of misconception about it on SO and online.

What a Salt is not

A secret, pre-agreed upon string that you hash with the password. This is a secret key, not a salt.

What a Salt is

You include the salt (unique and unpredictable per hash) along with your password when hashing, but you also include a unencrypted copy of it outside of your hash, so that when verifying the hash later you are able to include the same salt when given a test password before hashing it so you can properly compare the hash.

这篇关于安全散列密码 - 非常矛盾的建议！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！