更好的散列比SHA1更好 [英] Better hashing than SHA1
问题描述
我正在研究一个应用程序,并且需要存储用户密码,所以我想我会将它存储在注册表的当前用户类中,但我也想对其进行哈希处理,原因很明显,并且我看到过有关SHA1已被破解的新闻项目,在标准系统或.net中有没有更好的(未破解的)散列算法?
解决方案 SHA1不是加密,它是密码散列函数。是的,它已被打破,这意味着它可能比暴力方法更快地产生碰撞。 SHA2家族尚未破解。
但我建议为每个条目使用自定义种子,以便使用彩虹表不能用于尝试密码。如果您使用的是SQL成员资格提供程序,则密码格式哈希已经为每个用户使用了一个不同的种子。
有关为哈希排序的更多信息可以在文章您需要了解安全密码方案 Thomas Ptacek。
I'm working on an application and I need to store the users password, so I'm thinking I'll store it in the current-user class of the registry, but I also want to hash it for the obvious reason, and I've seen news items that state that SHA1 has been cracked, is there a better (uncracked) hashing algorithm available in the "standard" system or .net?
SHA1 is not encryption, it's a cryptographic hash function. And yes it has been broken, which means it's possible to generate collisions faster than a brute force method. The SHA2 family has not been broken.
But I would advise to use a custom seed per entry so that a rainbow table could not be used for trying out passwords. If you're using the SQL Membership provider the password format "Hashed" already uses a different seed for each user.
More information about seeding your hash can be found in the article What You Need To Know About Secure Password Schemes by Thomas Ptacek.
这篇关于更好的散列比SHA1更好的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!