良好的加密散列函数 [英] Good cryptographic hash functions
问题描述
可能存在重复:
用于PHP密码的安全散列和salt
我正在创建一个网站,我需要一个安全的算法来存储密码。
我首先想到了bcrypt,但后来我发现我的主机不支持它,我无法更改主机。
我的主机允许这个加密:
- 标准DES
- MD5
- md2,md4& md5
- sha1,sha256,sha384& sha512
- ripemd128,ripemd160,ripemd256和ripemd360
whirlpool
tiger128,3,tiger160,3, tiger192,3,tiger128,4,tiger160,4& tiger192,4
- snefru
- gost
- adler32
- crc32& crc32b
haval128,3,haval160,3,haval192,3,haval224,3,haval256,3,haval128,4,haval160,4,haval192,4,haval224,3,haval256, 4,haval128,5,haval160,5,haval192,5,haval224,5& haval256,5
- ripemd128,ripemd160,ripemd256和ripemd360
- Standard DES
- MD5
- md2, md4 & md5
- sha1, sha256, sha384 & sha512
- ripemd128, ripemd160, ripemd256 and ripemd360
- whirlpool
- tiger128,3, tiger160,3, tiger192,3, tiger128,4, tiger160,4 & tiger192,4
- snefru
- gost
- adler32
- crc32 & crc32b
- haval128,3, haval160,3, haval192,3, haval224,3, haval256,3, haval128,4, haval160,4, haval192,4, haval224,3, haval256,4, haval128,5, haval160,5, haval192,5, haval224,5 & haval256,5
这些散列:
所以,你们中的任何一个人都可以用这个和一个盐来修复一个好的算法吗? $ b
您根本不应该存储加密的密码(或甚至未加密的密码)。相反,使用盐渍散列(拉伸,例如 PBKDF2 ),最好是SHA2-512。
作为参考,这里列出了哈希的分类(请参见维基百科详细信息):
$ b
加密(不是散列函数):DES
非加密校验和(可笑):adler32,crc32,crc32b
损坏:MD2,MD4,MD5,SHA1
:SHA2-256 / 384/512,RIPEMD-128/256,RIPEMD-160 / 320,WHIRLPOOL
请注意,强度是指找到任何密码的攻击这是一个已知的散列(preimage攻击)。此外,上述排序是偏执狂,立即丢弃任何已知漏洞的散列。
Possible Duplicate:
Secure hash and salt for PHP passwords
I am making a website, and I need a secure algorithm to store passwords. I was first thinking of bcrypt, but then I found out my host did not support it and I am not able to change host.
My host allow this encryption:
And these hashes:
So, can anyone of you fix a good algorithm with that and a salt, please?
You shouldn't store encrypted (or even unencryped) passwords at all. Instead, use salted hashes (stretched, e.g. with PBKDF2), preferably SHA2-512.
For reference, here is a classification of the listed hashes (See wikipedia for details):
Encryption (not a hash function): DES
Non-cryptographic checksums (laughable): adler32, crc32, crc32b
Broken: MD2, MD4, MD5,SHA1
Probably broken: Tiger, snefru, GOST, HAVAL*
Probably safe: SHA2-256/384/512, RIPEMD-128/256, RIPEMD-160/320, WHIRLPOOL
Note that the strength refers to the attack of finding any password that matches a known hash (preimage attack). Also, the above sorting is paranoid, instantly discarding any hash with any known vulnerabilities.
这篇关于良好的加密散列函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
