加盐密码 101
有人可以帮助我了解加盐的工作原理吗?
到目前为止,我了解以下内容:
- 验证密码
- 生成随机字符串
- 对密码和随机字符串进行哈希处理并将它们连接起来,然后将它们存储在密码字段中...
我们如何存储盐,或者知道用户登录时它是什么在?我们是否将其存储在自己的字段中?如果不这样做,应用程序如何确定盐是什么?如果我们确实存储它,它是否会破坏整个目的?
Could someone please help me understand how salting works?
So far I understand the following:
- Validate password
- Generate a random string
- Hash the password and the random string and concat them, then store them in the password field...
How do we store the salt, or know what it is when a user logs in? Do we store it in its own field? If we don't, how does the application figure out what the salt is? And if we do store it, doesn't it defeat the whole purpose?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
在散列之前将盐与密码组合。将密码和盐清除值连接起来,并对生成的字符串进行哈希处理。这保证了即使两个人拥有相同的密码,您也会得到不同的哈希值。 (也使得使用彩虹表的字典攻击变得更加困难)。
然后,盐与哈希结果一起以原始/清晰格式存储。然后,当您想要验证密码时,您将再次执行原始过程。将记录中的盐与用户提供的密码相结合,对结果进行哈希处理,然后比较哈希值。
您可能已经知道这一点。但记住这一点很重要。每次盐必须随机生成。每个受保护的哈希值必须不同。 RNG 通常用于生成盐。
所以..例如:
用户密码:“我的密码”
随机盐:“abcdefg12345”
result-cleartext: "mypassword:abcdefg12345" (如何组合它们取决于您。只要您每次都使用相同的组合格式)。
对生成的明文进行哈希处理:“somestandardlengthhashbasedonalgorithm”
现在,您将在数据库中存储所使用的哈希值和盐。我见过两种方法:
方法 1:
字段1 - 盐=“abcdefg12345”
field2-password_hash =“somestandardlengthhashbasedonalgorithm”
方法2:
field1 - password_hash = "abcdefg12345:somestandardlengthhashbasedonalgorithm"
在任何一种情况下,您都必须从数据库中加载盐和密码哈希并重做哈希以进行比较
Salt is combined with the password before hashing. the password and salt clear values are concatenated and the resulting string is hashed. this guarantees that even if two people were to have the same password you would have different resulting hashes. (also makes attacks known as dictionary attacks using rainbow tables much more difficult).
The salt is then stored in original/clear format along with the hash result. Then later, when you want to verify the password you would do the original process again. Combine the salt from the record with the password the user provided, hash the result, compare the hash.
You probably already know this. but it's important to remember. the salt must be generated randomly each time. It must be different for each protected hash. Often times the RNG is used to generate the salt.
So..for example:
user-password: "mypassword"
random salt: "abcdefg12345"
resulting-cleartext: "mypassword:abcdefg12345" (how you combine them is up to you. as long as you use the same combination format every time).
hash the resulting cleartext: "somestandardlengthhashbasedonalgorithm"
In your database now you would store the hash and salt used. I've seen it two ways:
method 1:
field1 - salt = "abcdefg12345"
field2 - password_hash = "somestandardlengthhashbasedonalgorithm"
method 2:
field1 - password_hash = "abcdefg12345:somestandardlengthhashbasedonalgorithm"
In either case you have to load the salt and password hash out of your database and redo the hash for comparison
后来
明白了吗?
Later
Got it?
是的。
不。盐的目的不是保密,而只是为了防止攻击者在世界上所有站点(不是盐)或站点中的所有用户上分摊计算彩虹表的成本(对所有用户使用单一盐) 。
Yes.
No. The purpose of a salt is not being secret, but merely to prevent an attacker from amortizing the cost of computing rainbow tables over all sites in the world (not salt) or all users in your site (single salt used for all users).
根据实用密码学(Neils Ferguson 和 Bruce Schneier),您应该使用加盐的、拉伸的哈希值以获得最大的安全性。
salt 值是与加密密码一起存储的随机数。它不需要保密。
拉伸是多次执行哈希的行为,使攻击者在计算上更难以测试许多密码排列。
r的选择应使计算在用户计算机上花费大约 200-1000 毫秒。随着计算机变得更快,r可能需要增加。According to Practical Cryptography (Neils Ferguson and Bruce Schneier), you should use salted, stretched hashes for maximum security.
The salt value is a random number that is stored with the encrypted password. It does not need to remain secret.
Stretching is the act of performing the hash multiple times to make it computationally more difficult for a attacker to test many permutations of passwords.
rshould be chosen so that the computation takes about 200-1000ms on the user's computer.rmay need to be increased as computers get faster.如果您使用的是众所周知的哈希算法,则某人可能拥有已使用该算法进行哈希处理的许多可能密码的列表,并将该列表中的项目与他们想要破解的哈希密码进行比较(字典攻击)。
如果您在对所有密码进行哈希处理之前对其进行“加盐”,则这些字典将毫无用处,因为它们必须使用您的盐来创建。
If you're using a well-known hashing algorithm, someone could have a list of a lot of possible passwords already hashed using that algorithm and compare the items from that list with a hashed password they want to crack (dictionary attack).
If you "salt" all passwords before hashing them, these dictionaries are useless, because they'd have to be created using your salt.