更好的散列比SHA1更好 [英] Better hashing than SHA1

问题描述

我正在研究一个应用程序，并且需要存储用户密码，所以我想我会将它存储在注册表的当前用户类中，但我也想对其进行哈希处理，原因很明显，并且我看到过有关SHA1已被破解的新闻项目，在标准系统或.net中有没有更好的（未破解的）散列算法？

解决方案

SHA1不是加密，它是密码散列函数。是的，它已被打破，这意味着它可能比暴力方法更快地产生碰撞。 SHA2家族尚未破解。

但我建议为每个条目使用自定义种子，以便使用彩虹表不能用于尝试密码。如果您使用的是SQL成员资格提供程序，则密码格式哈希已经为每个用户使用了一个不同的种子。

有关为哈希排序的更多信息可以在文章您需要了解安全密码方案 Thomas Ptacek。

I'm working on an application and I need to store the users password, so I'm thinking I'll store it in the current-user class of the registry, but I also want to hash it for the obvious reason, and I've seen news items that state that SHA1 has been cracked, is there a better (uncracked) hashing algorithm available in the "standard" system or .net?

解决方案

SHA1 is not encryption, it's a cryptographic hash function. And yes it has been broken, which means it's possible to generate collisions faster than a brute force method. The SHA2 family has not been broken.

But I would advise to use a custom seed per entry so that a rainbow table could not be used for trying out passwords. If you're using the SQL Membership provider the password format "Hashed" already uses a different seed for each user.

More information about seeding your hash can be found in the article What You Need To Know About Secure Password Schemes by Thomas Ptacek.

这篇关于更好的散列比SHA1更好的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！