Bcrypt密码哈希,因为它很慢? [英] Bcrypt for password hashing because it is slow?
问题描述
今天我阅读了 not-implemented.com
a>:
Sha-256应该在大多数情况下选择高速哈希函数。它被认为是安全的,没有已知的理论漏洞,并且它有一个合理的32字节的摘要大小。对于诸如散列用户密码之类的东西,尽管如此,一个被设计为慢速的函数是首选:一个好的是bcrypt。
最后一句:
$ b
然而,像散列用户密码这样的东西,一个被设计为慢的函数是首选的:一个好的是bcrypt。
我不会说这是不正确的,我的问题很简单:
<因为如果它需要更多的时间来散列这个函数值,但需要更长时间才能蛮力密码。
请记住,慢速意味着它需要更多的计算能力。当潜在的黑客试图暴力破解密码时也是如此。
I read today on not-implemented.com :
Sha-256 should be chosen in most cases where a high speed hash function is desired. It is considered secure with no known theoretical vulnerabilities and it has a reasonable digest size of 32 bytes. For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.
Can somebody explain the last sentence :
For things like hashing user password, though, a function designed to be slow is preferred: a great one is bcrypt.
I don't say it's not correct, my question is simply:
Why it is preferred for hashing user password to use a slow function ?
解决方案Because if it takes more time to hash the value, it also takes a much longer time to brute-force the password.
Keep in mind that slow means that it requires more computing power. The same goes for when a potential hacker tries to brute-force a password.
这篇关于Bcrypt密码哈希,因为它很慢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!