多次加密和散列有什么区别? [英] What's the difference between bcrypt and hashing multiple times?
问题描述
bcrypt 如何强于
<$ p (密码,盐,回合):
if(rounds< 1)
返回密码
else
newpass = md5(密码,盐,回合) + salt)
返回md5lots(newpass,salt,rounds-1)
感觉,因为它的炒作,比我更聪明的人已经发现bcrypt比这更好。有人可以解释'smart layman'这个术语的区别吗?
bcrypt和时间与MD5:
- 输出的大小:MD5和448位的128位(16字节) 56字节)用于bcrypt。如果您将数百万散列存储在数据库中,则必须考虑这一点。
- 碰撞和原像攻击对MD5是可能的。
- Bcrypt因为cpu的功能越来越强大。
因此,在MD5中使用salting-and-stretching是不像使用bcrypt那样安全。这个问题可以通过选择比MD5更好的散列函数来解决。例如,如果选择SHA-256,则输出大小将是256位(32位)字节)。如果salting-and-stretching可以配置为增加像bcrypt这样的迭代次数,那么两种方法之间没有区别,除了存储结果散列所需的空间量。
How is bcrypt stronger than, say,
def md5lots(password, salt, rounds):
if (rounds < 1)
return password
else
newpass = md5(password + salt)
return md5lots(newpass, salt, rounds-1)
I get the feeling, given its hype, that more intelligent people than me have figured out that bcrypt is better than this. Could someone explain the difference in 'smart layman' terms?
There are three significant differences between bcrypt and hashing multiple times with MD5:
- The size of the output: 128-bit (16-bytes) for MD5 and 448 bits (56-bytes) for bcrypt. If you store millions of hashes in a database, this has to be taken into account.
- Collisions and preimage attacks are possible against MD5.
- Bcrypt can be configured to iterate more and more as cpu's become more and more powerful.
Hence, using salting-and-stretching with MD5 is not as safe as using bcrypt. This issue can be solved by selecting a better hash function than MD5.
For example, if SHA-256 is selected, the output size will be 256-bits (32-bytes). If the salting-and-stretching can be configured to increase the number of iterations like bcrypt, then there is no difference between both methods, except the amount of space required to store result hashes.
这篇关于多次加密和散列有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
