将密码哈希从md5升级到bcrypt [英] Upgrade password hash from md5 to bcrypt
问题描述
理想情况下,不希望维护数据库中的状态(升级/未升级)等等,所以,这就是我的想法:
对MD5的密码进行加密,并使用username + something作为盐。
- 这个方案有什么意义吗?
- 另外,通常使用用户名作为salt的一部分是个好主意?我在某处读到,为每个散列添加不同的盐使其更安全。这是否正确(特别是在bcrypt的情况下)?
当然,切换到更安全的散列算法是个好主意。您可以使用 password_hash()功能来创建一个BCrypt哈希:
//哈希存储在数据库中的新密码。
//该函数自动生成密码安全的盐。
$ hashToStoreInDb = password_hash($ password,PASSWORD_DEFAULT);
//检查输入的登录密码的哈希是否与存储的哈希匹配。
// salt和成本因子将从$ existingHashFromDb中提取。
$ isPasswordCorrect = password_verify($ password,$ existingHashFromDb);
从你的回答中我猜你已经使用了一个无盐MD5值,所以双重散列可以是一个很好的解决方案这里。只需将MD5哈希值传递给password_hash()函数,它就会自动生成一个安全salt。
// //迁移旧的MD5散列到MD5-BCrypt
$ hashToStoreInDb = password_hash($ existingMd5Hash,PASSWORD_DEFAULT);
先验证检查双重散列,然后相应地验证密码。
if(checkIfDoubleHash($ )
{
$ isPasswordCorrect = password_verify(MD5($ password),$ existingHashFromDb);
//使用纯BCrypt散列更新数据库
if($ isPasswordCorrect)
$ hashToStoreInDb = password_hash($ password,PASSWORD_DEFAULT);
}
else
{
$ isPasswordCorrect = password_verify($ password,$ existingHashFromDb)
}
存储的散列可以由前导$或单独的db字段来识别,例如BCrypt散列总是以$字符开始,MD5散列不会。 / p>
盐不应该从其他参数中剥离出来,它应该是每个密码唯一的。 password_hash()函数将处理这个问题。由于必须在每个盐之前建立彩虹色表,攻击者必须为每个密码创建一个彩虹表。欲了解更多信息,你可以看看我的教程有关安全密码存储。
Its been discussed here before, but there seems to be no conclusion.
Ideally, don't want to maintain state (upgraded/not upgraded) in the database etc. so, here is what I'm thinking:
bcrypt the MD5'd password, and use "username + something else" as a salt.
- Does this scheme make any sense?
- Also, in general is it a good idea to use the username as a part of the salt? I read somewhere that adding a different salt to each hash makes it more secure. Is that correct (especially in context of bcrypt)?
Surely it is a good idea to switch to a more secure hash algorithm. There is a function password_hash() you can use for creating a BCrypt hash:
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
From your answer i guess that you used an unsalted MD5 value, so double hashing can be a good solution here. Just pass the MD5 hash to the password_hash() function, it will generate a safe salt on its own.
// Migrating the old MD5 hashes to MD5-BCrypt
$hashToStoreInDb = password_hash($existingMd5Hash, PASSWORD_DEFAULT);
For verification first check for a double hash, and then verify the password accordingly.
if (checkIfDoubleHash($existingHashFromDb))
{
$isPasswordCorrect = password_verify(MD5($password), $existingHashFromDb);
// Update database with pure BCrypt hash
if ($isPasswordCorrect)
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
}
else
{
$isPasswordCorrect = password_verify($password, $existingHashFromDb)
}
The stored hashes can be recognized by the leading $ or by a separate db field, a BCrypt hash for example always starts with a $ character, an MD5 hash does not.
A salt should not be derrived from other parameters and it should be unique per password. The password_hash() function will take care of this. Since a rainbowtable must be built fore each salt, an attacker would have to build a rainbowtable for each password. For more information you can have a look at my tutorial about secure password storing.
这篇关于将密码哈希从md5升级到bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!