md5 哈希密码加密(使用盐)的陷阱 (php)
客户拥有庞大的用户群,我需要以安全的方式加密/散列密码。问题是我不能要求每个用户更改密码,并且密码已经使用 md5() 进行了哈希处理,没有加盐。做到这一点的一种方法是用盐加密当前密码,当用户更改或重置密码时,我只需用盐对其进行加密。
这样做是否有任何陷阱或或多或少明显的危险[我的意思是 sha1(md5(password) with salt) ]?
谢谢您的宝贵时间
A client has a huge userbase and I'm required to encrypt/hash passwords in a secure manner. The problem is I can't ask every user to change their password and the passwords are already hashed with md5() without a salt. One way of doing this is to encrypt the current passwords with a salt and when a user changes or resets the password i just encrypt it with the salt.
Are there any pitfalls or more or less obvious dangers of doing so [ i mean sha1(md5(password) with salt) ]?
Thank you for your time
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
向用户表添加一个新字段,用于存储新的安全地散列密码 - 为此,请执行涉及每个用户盐和多轮的安全操作。检查其他人在做什么(即 bcrypt),而不是自己动手。
进行密码检查时,如果 newPass 字段为空,则使用旧密码查找,但敦促用户在通过身份验证后重置密码。
将当前(旧)密码方案修改为 hash(perUserSalt + existingPassWordHash) 应该可以正常工作。
Add a new field to the user table for storing the new securely hashed passwords - for this, please do something safe involving per-user salt and multiple rounds. Check what other people are doing (ie., bcrypt) instead of rolling your own.
When doing a password check, if the newPass field is null, use the old password lookup, but urge users to do a password reset once authenticated.
Modifying the current (old) password scheme to be hash(perUserSalt + existingPassWordHash) should work fine.
如果您打算使用
sha1(md5(password).$salt)
没问题。您可以进一步使用该系统。用户更改密码时无需采取任何特殊操作。只需以相同的方式对其进行加密即可:
sha1(md5(新密码).$salt)
if you plan to use
sha1(md5(password).$salt)
it's all right.You can use this system even further. No need to take any special action when user changes a password. Just encrypt it the same way:
sha1(md5(new password).$salt)
这取决于您试图防御的攻击。如果攻击是某人查看数据库,那么您可以使用对称加密方法(如 AES)以及在数据库外部定义的密钥。使用此方法要求身份验证过程知道加密密钥,并且您通过使用加密密钥对散列密码进行加密来更新数据库中的所有行。
如果以上都不是一个选项,那么你就有问题了。
;)
问题是现在您不知道任何用户的密码实际上是什么。您拥有的只是哈希版本。验证登录的例程是获取用户提供的输入,对其进行散列,然后将计算出的散列与存储的散列进行比较。您的选择是存储旧哈希并创建一个新字段来存储新算法。然后,当人们登录系统时,执行升级的 salted-hash 并删除旧哈希。这将按您的预期工作,但如果一个人从未重新登录(或更改密码),他们将永远不会升级到哈希的加盐版本。
我个人的意见是使用 AES 加密选项,因为这可以防止随意查看散列密码,并且它涵盖了数据库中的所有密码。
It depends on what attack you are attempting to defend against. If the attack is someone viewing the database, then you could use a symmetric encryption method (like AES) with a key defined outside the database. Using this method requires the authentication procedure know the encryption key and you update all the rows in the database by encrypting the hashed password with the encryption key.
If the above is not an option, you have a problem.
;)
The problem is that right now you don't know what any user's password actually is. All you have is the hashed version. Your routine for verifying a login is to take the input supplied by the user, hash it, and compare the computed hash with the stored hash.Your option would be to store the old hash and create a new field to store the new algorithm. Then as people log into the system, perform the upgraded salted-hash and delete the old hash. This will work as you expect, but if a person never logs back in (or changes their password) they will never upgrade to the salted version of the hash.
My personal opinion is to use the AES encrypted option since that prevents the casual viewing of hashed passwords and it covers all the passwords in the database.