使用SHA-512和salt来散列MD5散列密码? [英] Use SHA-512 and salt to hash an MD5 hashed password?
问题描述
我正在研究一个使用MD5散列用户密码的系统(无盐)。我希望使用SHA-512和salt更安全地存储密码。
虽然这对于将来的密码很容易实现,但我还想对现有的MD5散列密码,最好不强迫所有用户更改其密码。我的想法是只使用SHA-512和适当的盐来散列现有的MD5散列。然后,我可以在数据库中设置一些标志,指明哪些密码是从纯文本进行散列的,哪些是从MD5哈希散列的。或者我可以在验证用户时尝试这两种方法。或者甚至只是使用MD5和SHA-512 / salt对新密码进行哈希处理,以便它们可以与旧密码相同。
编程方式,我不认为这是将是一个问题,但我对加密/散列知之甚少,无法以任何方式通过将SHA-512 / salt散列应用于已经MD5散列的密码来破坏散列的质量。我的第一个直觉是,如果有的话,它会更强大,一个非常轻松的关键。
我的第二个直觉是我不知道我在说什么,所以我最好得到建议。任何想法?
具有密码基元的函数组合是危险的,如果可以避免的话不应该这样做。针对您的问题类型的常见解决方案是在迁移期间保留两个哈希,尽可能使用新哈希,并透明地升级旧密码(当您检查密码并匹配时,使用新算法重新哈希并存储它) / p>
如果您有一个基于挑战 - 响应的方案,但您无法看到纯文本密码,那么这将不起作用,但由于您似乎有一个存储盐不会改变,我假设你的应用程序做了散列。
I am working on a system that has been hashing user passwords with MD5 (no salt). I want to store the passwords more securely using SHA-512 and a salt.
While this is easy enough to implement for future passwords, I'd like to also retrofit the existing MD5 hashed passwords, preferably without forcing all the users to change their passwords. My idea is to just use SHA-512 and and an appropriate salt to hash the existing MD5 hash. I can either then set some flag in the database that indicates which passwords were hashed from plain text, and which ones were hashed from an MD5 hash. Or I could just try both when authenticating users. Or even just hash new passwords with MD5 and then SHA-512/salt, so they can be treated the same as old passwords.
Programmatically, I don't think this will be a problem, but I don't know enough about encryption/hashing to know if I'm compromising the quality of the hash in any way by applying a SHA-512/salt hash to a password that was already MD5 hashed. My first instinct is that if anything, it would be even stronger, a very light key stretching.
My second instinct is that I don't really know what I'm talking about, so I'd better get advice. Any thoughts?
Function composition with cryptographic primitives is dangerous and should not be done if avoidable. The common solution for your type of problem is to keep both hashes for a migration period, using the new hash where possible and transparently upgrading old passwords (when you check a password and it matches, rehash it with the new algorithm and store it)
This won't work if you have a challenge-response based scheme where you don't get to see the plaintext password, but since you seem to have a stored salt that does not change, I assume your application does the hashing.
这篇关于使用SHA-512和salt来散列MD5散列密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
