密码哈希在2013年 [英] Password Hashing in 2013

问题描述

今天最好的解决方案是什么？

这似乎是一个不错的选择：
https://defuse.ca/php-pbkdf2.htm b
$ b

但是如何升级到PHP5.5并使用此？
http://php.net/manual/en/function.hash -bbkdf2.php

对PHP网站为何表示满意：

注意
PBKDF2方法可用于散列存储密码（NIST已批准使用此密码）。但是，应该注意的是，CRYPT_BLOWFISH更适合用于密码存储，应该通过crypt（）来使用。

对于PHP版本少于5.5那么公平地使用defuse.ca解决方案，然后在升级到PHP5.5后切换它？

  / * 
 *由RSA的PKCS＃5定义的PBKDF2密钥派生函数：https://www.ietf.org/rfc/rfc2898.txt 
 * $ algorithm  - 要使用的哈希算法。推荐：SHA256 
 * $ password  - 密码。 
 * $ salt  - 密码唯一的盐。 
 * $ count  - 迭代次数。越高越好，但越慢越好。建议：至少1000. 
 * $ key_length  - 派生密钥的长度（以字节为单位）。 
 * $ raw_output  - 如果为true，则以原始二进制格式返回密钥。十六进制编码否则
 *返回：从密码和salt中派生的$ key_length-byte密钥。 
 * 
 *测试向量可以在这里找到：https://www.ietf.org/rfc/rfc6070.txt 
 * 
 * PBKDF2的这个实现最初由https://defuse.ca 
 *通过http://www.variations-of-shadow.com进行改进
 * / 
函数pbkdf2（$ algorithm，$ password，$ salt， $ count，$ key_length，$ raw_output = false）
 {
 $ algorithm = strtolower（$ algorithm）; 
 if（！in_array（$ algorithm，hash_algos（），true））
 die（'PBKDF2 ERROR：Invalid hash algorithm。'）; 
 if（$ count <= 0 || $ key_length <= 0）
 die（'PBKDF2 ERROR：Invalid parameters。'）; 
 
 $ hash_length = strlen（hash（$ algorithm，，true））; 
 $ block_count = ceil（$ key_length / $ hash_length）; 
 
 $ output =; 
为（$ i = 1; $ i <= $ block_count; $ i ++）{
 // $ i编码为4字节，大端。 
 $ last = $盐。包（N，$ i）; 
 //第一次迭代
 $ last = $ xorsum = hash_hmac（$ algorithm，$ last，$ password，true）; （$ j = 1; $ j< $ count; $ j ++）{
 $ xorsum ^ =（$ last = hash_hmac（
）//执行另一个$ count  -  1迭代
 $ algorithm，$ last，$ password，true））; 
} 
 $ output。= $ xorsum; 
} 
 
 if（$ raw_output）
 return substr（$ output，0，$ key_length）; 
 else 
 return bin2hex（substr（$ output，0，$ key_length））; 
} 
  

这是defuse.ca目前的解决方案，重命名这个函数到hash_pbkdf2（）和升级到PHP5.5之后的过渡会不会很顺利？

解决方案

PHP密码截至PHP 5.5 ，为 password_hash 。它提供了一个单一的，统一的，内置的，未来兼容的方式来生成安全的密码哈希。

如果您使用的是安全更新版本的5.3.x或更高版本，您可以改用 password_compat库。

在目前的版本中，当前版本会调用 crypt

请务必仔细阅读 crypt 页面上的部分，大约 CRYPT_BLOWFISH 版本控制，并查看password_compat页面上的版本控制注释。

正如警告信息中清楚指出的那样，NIST接受PBKDF2作为存储密码的适当方式。您可以 > CRYPT_BLOWFISH 。

What is the "best" solution these today?

This seems a good option: https://defuse.ca/php-pbkdf2.htm

But then how about upgrading to PHP5.5 and using this? http://php.net/manual/en/function.hash-pbkdf2.php

Curious as to why the PHP site states:

Caution The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt().

For PHP versions less that 5.5 would it be fair to use the defuse.ca solution, and then just switch it out after upgrading to PHP5.5?

/*
 * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
 * $algorithm - The hash algorithm to use. Recommended: SHA256
 * $password - The password.
 * $salt - A salt that is unique to the password.
 * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
 * $key_length - The length of the derived key in bytes.
 * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
 * Returns: A $key_length-byte key derived from the password and salt.
 *
 * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
 *
 * This implementation of PBKDF2 was originally created by https://defuse.ca
 * With improvements by http://www.variations-of-shadow.com
 */
function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
    $algorithm = strtolower($algorithm);
    if(!in_array($algorithm, hash_algos(), true))
        die('PBKDF2 ERROR: Invalid hash algorithm.');
    if($count <= 0 || $key_length <= 0)
        die('PBKDF2 ERROR: Invalid parameters.');

    $hash_length = strlen(hash($algorithm, "", true));
    $block_count = ceil($key_length / $hash_length);

    $output = "";
    for($i = 1; $i <= $block_count; $i++) {
        // $i encoded as 4 bytes, big endian.
        $last = $salt . pack("N", $i);
        // first iteration
        $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
        // perform the other $count - 1 iterations
        for ($j = 1; $j < $count; $j++) {
            $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
        }
        $output .= $xorsum;
    }

    if($raw_output)
        return substr($output, 0, $key_length);
    else
        return bin2hex(substr($output, 0, $key_length));
}

This is the current solution from defuse.ca, would it be fair to rename this function to hash_pbkdf2() and after upgrading to PHP5.5 transition would be nice and smooth?

解决方案

The accepted best practice in PHP passwords, as of PHP 5.5, is password_hash. It presents a single, unified, built-in, future-compatible way to generate a secure password hash.

If you are using a security-updated version of 5.3.x or higher, you can use the password_compat library instead.

Under the covers, the current version makes calls to crypt with some predefined security options. Future versions may change the default options.

Please be sure to carefully read the section on the crypt page that talks about CRYPT_BLOWFISH versioning, as well as review the versioning notes on the password_compat page.

As noted clearly in the warning message, PBKDF2 is accepted by the NIST as an adequate way to store passwords. You can use implementations of it without significant concern, but you should only do so if you either need support for PHP versions prior to 5.3, or need to support PHP versions that have a broken CRYPT_BLOWFISH.

这篇关于密码哈希在2013年的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！