密码加密:PBKDF2(使用sha512 x 1000)与Bcrypt [英] Password Encryption: PBKDF2 (using sha512 x 1000) vs Bcrypt
问题描述
我一直在阅读关于Gawker事件的文章,并且仅仅使用 bcrypt 哈希密码,我想确保我的哈希机制足够安全,避免切换到另一种方法。在我目前的应用程序中,我选择了使用sha2-512和至少1000次迭代的 PBKDF2 实现。
我可以就使用PBKDF2与Bcrypt以及是否应该实施更改提出意见吗?
你对PBKDF2很好,不需要跳到bcrypt。
尽管建议使用1000次迭代在2000年,现在你想要更多。
另外,使用bcrypt时应该多加小心:
值得注意的是,尽管对于大多数类型的密码,bcrypt比PBKDF2更强,但对于长密码短语来说它却落后了;这是由于bcrypt无法使用密码的前55个字符,而我们的估计成本和NIST的。密码熵的
估计表明,bcrypt的55个字符的限制不是
可能会导致目前的问题,依赖
bcrypt的系统的实现者可能会被建议这个限制(例如,通过预处理一个密码来使其达到55个字符的限制)或采取步骤到
,以防止用户在第56个和随后的
字符中放置太多的密码熵例如,通过询问网站的用户将他们的密码输入到只有55个字符的输入
盒子中)。
也就是说,还有 scrypt
如果没有上面提到的scrypt表中的表格,任何比较都是不完整的:
使用PBKDF2-HMAC-SHA256的迭代计数为86,000和4,300,000。
I've been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is secure enough to avoid switching to another method. In my current application I have opted for a PBKDF2 implementation utilising sha2-512 and a minimum of 1000 iterations.
Can I ask for opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change?
You're good with PBKDF2, no need to jump to bcrypt.
Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.
Also, you should take more care when using bcrypt:
It is also worth noting that while bcrypt is stronger than PBKDF2 for most types of passwords, it falls behind for long passphrases; this results from bcrypt’s inability to use more than the first 55 characters of a passphrase While our estimated costs and NIST’s . estimates of passphrase entropy suggest that bcrypt’s 55-character limitation is not likely to cause problems at the present time, implementors of systems which rely on bcrypt might be well-advised to either work around this limitation (e.g., by "prehashing" a passphrase to make it fit into the 55-character limit) or to take steps to prevent users from placing too much password entropy in the 56th and subsequent characters (e.g., by asking users of a website to type their password into an input box which only has space for 55 characters).
That said, there's also scrypt.
Any comparisons would be incomplete without the table from the scrypt paper mentioned above:
Iteration counts for PBKDF2-HMAC-SHA256 used there are 86,000 and 4,300,000.
这篇关于密码加密:PBKDF2(使用sha512 x 1000)与Bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
