表中的密码字段应该使用什么? MD5 还是 SHA1?
我绝不是安全专家,甚至不是新手。我充其量只是安全方面的新手。
有人建议我使用 SHA1 而不是 MD5 - 为什么我要选择其中之一?一个更安全吗?
I am by no means a security expert or even a novice. I'm a newbie at security at best.
Someone suggested I use SHA1 instead of MD5 - why would I choose one over the other? Is one more secure?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
SHA2。 Scheier 也有一些新的替代方案
SHA2. Scheier has some new alternatives too
我至少会使用 SHA2(256) - 但是:
由于 彩虹表攻击。同样,加盐哈希更好,但如果有人可以访问您的数据库,那么他们很可能可以访问您的代码,在这种情况下,他们可能可以分解固定盐。同样,如果您使用随机盐,那么无论如何您都会将其存储在行内,因此虽然它会减慢人们的速度,但他们仍然可以使用彩虹表来攻击它。
更好的解决方案是使用密码拉伸,它使用随机盐以及随机(高)迭代次数,因此尝试对每个密码进行暴力攻击需要花费更长的时间,因此从物理上来说破解所有密码变得更加困难。
我相信在 .Net 中,这可以使用 PBKDF 来实现 - 但我放错了它的链接(有人向我提供了我不久前提出的问题的答案)。 编辑-找到.Net的链接:Rfc2898DeriveBytes 类。
关于 MD5
虽然 MD5 确实被证明是“损坏的”,正如其他答案所提到的,但我不使用它的主要原因 - 以及为什么我读到不建议使用它- 因为它实际上非常快,从而增加了在给定时间内出现裂缝的可能性。
I would use SHA2(256) at the minimum - however:
There is little or no point in simply hashing a password in a database due to rainbow table attacks. Equally, salted hashing is better, but if someone has access to your database, then the chances are that they have access to your code in which case they can probably disassemble a fixed salt. Equally, if you use a random salt, then you're storing it inside the row anyway, so while it slows people down they can still attack it with a rainbow table.
A better solution is to use Password Stretching which uses a random salt as well as a random (high) number of iterations so that attempting a brute-force attack against each password takes significantly longer and therefore makes it physically harder to crack all the passwords.
I believe in .Net this can be achieved using PBKDF - but I've mislaid a link to it (somebody supplied it to me an answer to a question I asked a while ago). EDIT-Found the link for .Net: Rfc2898DeriveBytes Class.
On MD5
Whilst MD5 has indeed been shown to be 'broken' as mentioned by the other answers, the main reason why I wouldn't use it - and why I've read that it's inadvisable to use it - is because it's actually very fast, thereby increasing the possibility of a crack within a given period of time.
MD5 和 SHA1 都被认为是不安全的,其中 SHA-1 更好。但是,您应该考虑两件事:
所谓“不安全”,是指在数学上比暴力更容易确定预哈希值。有时这意味着他们可以将计算量从 10 亿次减少到 9 亿次,而其他时候则要少得多。这远不如我的观点#2那么不安全。
由于您正在创建哈希,因此黑客可以通过填充充满常用密码的表并通过相同的哈希算法运行它来轻松确定数据库的密码,无论您使用哪种算法。这称为彩虹表。
例如,很多人使用“password”和“john”作为密码。在 MD5 中,这两个密码始终生成为:
密码:5f4dcc3b5aa765d61d8327deb882cf99
john : 527bd5b5d689e2c32ae974c6229ff785
因此,如果您只是 MD5 您的密码,并且有人天真地将其设为自己的密码,那么如果黑客控制您的数据库并在彩虹表上运行它,则可能会受到损害。
但是,如果您向每个预哈希值添加某种乱码,例如“password12345”和“johnxyz”,那么您会得到两个完全不同的哈希值,它们与上面的哈希值不同。这称为盐值,它会阻止彩虹表发挥作用。
我的建议是使用编程语言中可以使用的最高级别的 SHA 算法,并对存储在带有哈希密码的数据库记录。
数据库列:用户名 |密码 | Salt
这不是任何人想到的最安全的系统,但它可能适合您的系统。
MD5 and SHA1 are both considered insecure, with SHA-1 being better. However, there are 2 things that you should consider:
By "insecure", they mean to say that it's mathematically easier than brute force to determine the pre-hashed value. Sometimes this means they could cut it down from a billion computations to 900 million, other times it's significantly less. This is nowhere near as insecure as my point #2.
Because you are creating a hash, it's easy for a hacker to determine your database's passwords by populating a table full of common passwords, and running it through the same hash algorithm, regardless of which one you use. This is called a rainbow table.
For example, a lot of people use "password" and "john" as their passwords. In MD5, these two passwords always generate to:
password: 5f4dcc3b5aa765d61d8327deb882cf99
john : 527bd5b5d689e2c32ae974c6229ff785
So if you just MD5 your passwords, and someone's naive enough to make that their password, it would probably be compromised if a hacker controlled your database and ran it against a rainbow table.
However, if you add some sort of gibberish to every pre-hashed value, like "password12345" and "johnxyz" then you get 2 entirely different hashes that would not be the same as those above. This is called a salt value, and it prevents rainbow tables from being as effective.
My recommendation would be to use the highest level of the SHA algorithms that you can in your programming language, and hash against a salt value (you can create a "random" one by hashing the current time if you like) that you store in the database record with the hashed password.
DB columns: Username | Password | Salt
This isn't the most secure system anyone's ever thought of, but it will likely work for yours.
无论您使用哪种,请使用加盐哈希。
祝你好运。
Whichever you use, use salted hashes.
Good luck.
存储很便宜,处理器速度很快。使用带有 SHA-512 的 1 KB 盐。
storage is cheap and processors are fast. use a 1 kilobyte salt with SHA-512.
美国国土安全部的 US-CERT 表示 MD5“应被视为已被破解且不适合进一步使用”
US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use"
MD5 已被“破解”,实际上,现在更高级别的安全性需要 SHA-2。这是一个非常有趣的读物http://en.wikipedia.org/wiki/MD5。
编辑:晚了9秒:)
MD5 has been "broken", and higher levels of security now require SHA-2, actually. It's a quite interesting read here http://en.wikipedia.org/wiki/MD5.
Edit: 9 seconds late :)