盐什么是盐，盐是如何储存在Bcrypt中的？ [英] What are Salt Rounds and how are Salts stored in Bcrypt?

问题描述

我试图为我正在制作的节点应用程序配置Bcrypt，并且有几个关于盐的问题，我希望这里的某些人可以帮助您好好回答。

• 什么是盐'圆'？例如，在github文档中（ https://github.com/kelektiv/node.bcrypt .js / ）它使用了一个10轮盐。那是什么意思？

Bcrypt生成的盐总是相同的吗？例如，如果我将用户的散列密码保存到数据库中，那么它是用来为每个密码散列密码的盐吗？

盐储存？它可以安全地抵御潜在的攻击吗？ >盐轮实际上意味着成本因素。成本因子控制需要多少时间来计算单个BCrypt哈希。成本因素越高，哈希轮次就越多。将成本因素增加1倍必要的时间。需要的时间越多，暴力就越困难。


• salt是一个随机值，每次计算都会有所不同，所以即使对于相同的密码，结果也几乎不会相同。


• 盐通常以可读形式包含在生成的哈希串中。因此，存储哈希串也可以存储盐。有关详情，请参阅此答案。






I'm trying to configure Bcrypt for a node app that I'm making and have several questions about salts that I hope someone here can help kindly answer.

• What is a salt 'round'? For example, in the github docs (https://github.com/kelektiv/node.bcrypt.js/) it uses a salt round of 10. What does that mean exactly?

• Is the salt generated by Bcrypt always the same? For example, if I am saving user's hashed passwords to a DB, is the salt that it used to hash the password the same for every password?

• How is the salt stored? Is it secure from potential attacks?

解决方案

1. With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing te cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
2. The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
3. The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.

这篇关于盐什么是盐，盐是如何储存在Bcrypt中的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！