使用超过 md5 的密码加密还有什么意义吗?
我不是安全专家......所以我在这里可能是非常错误的。
我是否正确,使用更强算法的唯一优势是减慢密码破解速度?
在这种情况下,他们必须拥有密码哈希,因此已经损害了我的数据库,对吗?
由于我不存储任何具有现实世界价值的东西,使用强密码算法有什么意义?如果他们已经在我的数据库中,他们可以更改他们想要的任何内容,那么为什么他们需要密码呢?
我能看到的唯一原因是减缓暴力破解并保护我的用户密码,以防他们在电子邮件帐户中使用相同的密码...
我已经实现了 SHA256...但我想知道这是否值得
I am not a security expert... so I might be very wrong here.
Am I right in that the only advantage to using a stronger algorithm is to slow down password cracking?
In which case they must have the password hash and so will have already comprimised my database right?
As I do not store any thing of real world value what is the point in using a strong password algorithm? If they are already in my database they can change anything they want so why would they want the passwords?
The only reason I can see would be to slow down brute forcing and to secure my users passwords in case they use the same one for their email accounts...
I have implemented SHA256... but I am wondering if it was worth it
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(8)
MD5 不是加密,而是一种单向哈希。
使用更好的单向哈希的唯一目的是延迟反转密码。随着计算机变得越来越强大并且各种散列算法中的漏洞被发现,必须开发更好的散列。
对密码进行加盐和散列处理的目的是保护密码本身,即使在数据库遭到破坏的情况下也是如此。许多(大多数)用户使用相同的密码进行多次登录,因此如果它被泄露,它链接到的每个帐户也会被泄露。
SHA-256 应该足够了,但请确保您也对密码进行了加盐处理。您的函数应该如下所示(伪代码):
下面的评论者指出,如果攻击者足够强大(或者弱密码),存储完整的盐可能会导致明文被暴力破解。如果您担心这一点,请使用两部分盐。每次生成一部分 (
saltA),并将另一部分存储在配置文件 (saltB) 中。然后将它们组合起来生成/检查密码:请注意,如果您选择此系统,更改您的
saltB将使每个存储的密码无效。MD5 isn't encryption, it's a one-way hash.
The only purpose of using a better one-way hash is to delay reversing the password. As computers have become more powerful and vulnerabilities in various hashing algorithms have been discovered, better hashes must be developed.
The purpose of salting and hashing passwords is to protect the password itself, even in the event of database compromise. Many (most) users use the same password for multiple logins, so if it's compromised, so is every account it's linked to.
SHA-256 should be more than sufficient, but make sure you're also salting the passowrd. Your functions should look like this (pseudo-code):
A commenter below pointed out that with a sufficiently powerful attacker (or, weak passwords), storing the full salt might allow the plaintext to be brute-forced. If you're concerned about that, use a two-part salt. Generate part of it every time (
saltA), and store the other in a config file (saltB). Then combine them to generate/check passwords:Note that if you choose this system, changing your
saltBwill invalidate every stored password.Jeff 有一篇很棒的文章,标题为 您可能错误地存储了密码,其中解决了围绕这种类型的密码存储的问题。强烈推荐阅读。
Jeff has a great post titled You're Probably Storing Passwords Incorrectly which addresses the issues surrounding this type of password storage. Highly recommended reading.
是的。如果有人获取了您的数据库,其中包含您的密码,那么使用比 MD5 更强的东西会降低他们对整个数据库进行字典攻击的能力。为了突飞猛进地提高安全性,您需要做的真正重要的事情是在对密码进行哈希处理之前在密码中添加盐。
基本上,您应该阅读与您想要做的事情相关的所有内容 http://www.owasp.org 并严格遵循它,除非您自认为是安全研究人员。
Yes. If someone gets your database with your passwords in it, using something stronger than MD5 will slow down their ability to do a dictionary attack against the whole thing. The really important thing you need to do along with this that increases security by leaps and bounds is to add a salt to your passwords before hashing them.
Basically you should read everything that's pertinent to what you're trying to do at http://www.owasp.org and follow it to the T, unless you count yourself as a security researcher.
不要使用 MD5 进行加密 - 它已损坏!使用您实现的 SHA256,或者更好的是经过广泛测试的库(我敢打赌您在实现中错过了许多安全问题)。
顺便说一句:加密哈希函数的构建使得您无法解码初始文本。加密始终只有在您知道密码的情况下才能恢复原始文本。
Don't use MD5 for cryptographic purposes - it's broken! Use the SHA256 you implemented, or better a library widely tested (I bet you missed many security issues in your implementation).
BTW: cryptographic hash functions are built such that you cannot decode the initial text. Encryption always you to restore the original text only if you know the password.
使用更强大的算法可能是值得的。
首先,MD5 的大多数用户可能正在使用经过测试和审查的库。其中许多库都是免费且开源的。其中大多数还将提供 SHA-1,甚至可能提供 SHA-2 算法。
因此,使用 SHA-1 或 SHA-256 的“成本”可能非常小。
另一方面,价值是什么?尽管应用程序可能不包含太多重要数据,并且密码表的泄露可能会包含其余数据,但记住大多数密码用于多个应用程序会有所帮助。即使用户可能不关心您的应用程序被黑客攻击,但如果这使黑客能够访问他们也用于银行业务的密码,他们也会感到不安。
我认为值得升级到更好的哈希算法。
此外,放弃 MD5 而采用 SHA-1 或 SHA-256 的动机是 MD5 已“损坏”。有一些快捷方式可以找到哈希冲突,因此不需要暴力破解。为了减缓暴力攻击,您还需要使用密钥强化技术。通常,这意味着重复哈希运算几千次。您还需要使用随机盐来阻止预先计算的查找表,例如彩虹表。
当然,像 PKCS #5 中的密钥派生算法这样的算法详细说明了一种为身份验证表“散列”密码的安全方法。使用这样的标准将使您能够对所选技术进行高质量的分析,并提醒您潜在的漏洞。您也更有可能找到已经经过广泛审查和测试的实现。
Using a stronger algorithm is probably worth it.
First of all, most users of MD5 are probably using a library that has been tested and reviewed. A lot of these libraries are no-cost and open source. And most of these will also provide SHA-1, and maybe even the SHA-2 algorithms.
So, the "cost" of using SHA-1 or SHA-256 is likely to be very small.
On the other hand, what is the value? Even though an application might not contain much data of significance, and a compromise of the password table is likely to include the rest of the data anyway, it helps to remember that most passwords are used for multiple applications. Even though the user might not care about your application getting hacked, they will be upset if that gives the hackers access to the password they also use for banking.
I think that it's worth upgrading to a better hash algorithm.
Also, the motivation for ditching MD5 in favor of SHA-1 or SHA-256 would be that MD5 is "broken." There are shortcuts to find hash collisions, so that brute-force isn't required. To slow down a brute-force attack, you also need to use a key-strengthening technique. Usually, this means repeating the hash operation a few thousand times. You'll also need to use a random salt to thwart pre-computed lookup tables, like rainbow tables.
Of course, algorithms like the key derivation algorithms in PKCS #5 spell out in detail a secure way to "hash" passwords for authentication tables. Using a standard like that will give you access to high-quality analysis of your chosen technique, and alert you to potential vulnerabilities. You are also more likely to find implementations that have already been widely reviewed and tested.
是的,建议使用 SHA-256 作为密码。事实上,对于安全的美国政府软件,NIST 从 2010 年开始强制执行请
参阅 http://www.openssl.org/ 了解经过验证的免费开源加密库通过 FIPS。它实现消息摘要算法,包括 SHA-2 系列。
MD5、SHA-1 和其他强度较低的哈希算法仍然有合法用途,但不建议将它们用于哈希密码。
Yes, SHA-256 is recommended for passwords. In fact for secure US government software it's mandated by NIST starting in 2010.
See http://www.openssl.org/ for a free, open-source cryptographic library that's validated by FIPS. It implements message digest algorithms, including the SHA-2 family.
There are still legitimate uses for MD5, SHA-1, and other hashing algorithms of lesser strength, but they are not recommended for hashing passwords.
如果密码以任何未加密的方式跨越线路(例如,它是在非 SSL 服务器上运行的 Web 应用程序的密码),那么他们不一定能够访问您的数据库,而只能访问线路流量。因此,在这种情况下,您需要确保密码受到尽可能合理的保护,因此使用比 MD5 更强的密码。
If the password is crossing the wire in any unencrypted way (e.g., it's a password for a web app running on a non-SSL server), then they wouldn't necessarily have access to your DB, just to the wire traffic. So in this case, you'd want to make sure that password was as protected as you can get it within reason, hence using something stronger than MD5.
如果您强制使用更好的密码,它将在不改变算法的情况下完成工作。
md5 不应该是可逆的,至少对于想要成为新手“黑客”的人来说不应该是可逆的。使用好的密码(长度超过 12 个字符并同时使用数字、大写和小写字母)比更改算法效果更好。
@John Millikin 关于对密码加盐有很好的观点 - 这甚至比仅仅强制执行良好的密码更好。
If you enforce better passwords it will do the job without changing the algorithm.
md5 should not be reversible, at least not to a wannabe novice "hacker". using good passwords (longer than 12 chars and using both numbers, capital and small letter) will do a better job than changing the algorithm.
@John Millikin had good point about salting the password - which is even better than just enforcing good password.