Bcrypt密码哈希，因为它很慢？ [英] Bcrypt for password hashing because it is slow?

问题描述

今天我阅读了 not-implemented.com

a>：

Sha-256应该在大多数情况下选择高速哈希函数。它被认为是安全的，没有已知的理论漏洞，并且它有一个合理的32字节的摘要大小。对于诸如散列用户密码之类的东西，尽管如此，一个被设计为慢速的函数是首选：一个好的是bcrypt。

最后一句：
$ b

然而，像散列用户密码这样的东西，一个被设计为慢的函数是首选的：一个好的是bcrypt。

我不会说这是不正确的，我的问题很简单：

<因为如果它需要更多的时间来散列这个函数值，但需要更长时间才能蛮力密码。

请记住，慢速意味着它需要更多的计算能力。当潜在的黑客试图暴力破解密码时也是如此。

I read today on not-implemented.com :

Sha-256 should be chosen in most cases where a high speed hash function is desired. It is considered secure with no known theoretical vulnerabilities and it has a reasonable digest size of 32 bytes. For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.

Can somebody explain the last sentence :

For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.

I don't say it's not correct, my question is simply:

Why it is preferred for hashing user password to use a slow function ?

解决方案

Because if it takes more time to hash the value, it also takes a much longer time to brute-force the password.

Keep in mind that slow means that it requires more computing power. The same goes for when a potential hacker tries to brute-force a password.

这篇关于Bcrypt密码哈希，因为它很慢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！