是否可以根据另一个密码哈希来验证密码哈希?
考虑以下交互:
用户将其用户名和密码存储在 Web 服务器上。为了安全起见,服务器会记录密码的哈希值以及一些独特的盐。
当用户使用客户端应用程序时,它会向服务器发出请求,提交用户名和密码的哈希值以及其他一些唯一的盐。
因此,您在服务器上有以下信息,并且需要知道请求是否真实:
- 服务器的盐 服务器
- 的哈希密码 客户
- 端的盐
- 客户端的哈希密码
再次...客户端发送: clientSalt
+ MD5(客户端盐+密码)
。服务器有 serverSalt
+ MD5(serverSalt + 密码)
。我不想知道密码,我只想知道哈希值是否是根据相同密码计算得出的。
在不知道散列密码的情况下,有什么方法可以验证两个散列密码是否相同?
我的目标是在客户端-服务器环境中允许某种形式的安全身份验证,而无需通过网络交换实际密码。这只是我的一个想法,但我什至不知道它是否可能。
Consider the following interaction:
A user stores their username and password on a web server. For the sake of security, the server records a hash of the password plus some unique salt.
While the user is using a client application, it makes a request to the server submitting their username and a hash of the password plus some other unique salt.
So you have the following information on the server and need to know whether or not the request is authentic:
- The server's salt
- The server's hashed password
- The client's salt
- The client's hashed password
Again ... client sends: clientSalt
+ MD5(clientSalt + password)
. Server has serverSalt
+ MD5(serverSalt + password)
. I don't want to know the password, I just want to know if the hashes were calculated from the same password.
Without knowing the password that was hashed, is there any way to verify that both hashes are of the same password?
My goal is to allow some form of secure authentication in a client-server environment without ever exchanging the actual password over the wire. This is just one idea I've had, but I don't even know if it's possible.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
这需要对密码进行反哈希处理,但这是不可能的。如果服务器收到:
salt, md5sum
,则它无法看到 md5sum 中包含的内容。相反,挑战-响应协议会起作用。服务器应该生成一个随机值
nonce
并将其发送给客户端。客户端计算md5(md5(password) | nonce))
并将其返回给服务器。服务器通过检查md5(storedpassword | nonce)
进行验证。That would require unhashing the password, which is not possible. If the server receives:
salt, md5sum
, it can't see what went into the md5sum.A challenge-response protocol would work instead. The server should generate a random value
nonce
and send it to the client. The client calculatesmd5(md5(password) | nonce))
and returns it to the server. The server verifies by checkingmd5(storedpassword | nonce)
.不,你不能这样做。
一旦你在混合物中添加了盐,就几乎不可能比较哈希值了。 (要这样做,需要在比较“未哈希”数据之前以某种方式“未哈希”这些哈希。)
No, you can't do this.
Once you add a salt into the mix it becomes practically impossible to compare hashes. (To do so would require "un-hashing" those hashes somehow before comparing the "un-hashed" data.)
挑战响应身份验证可能是可行的方法,可能使用Kerberos,具体取决于您的权衡。权衡之一是控制客户端的攻击者可能使用受损的哈希值来验证自己的身份。
不要发明自己的加密协议。使用一种众所周知且经过充分测试的产品。如果可能,请使用现有的(经过审查的)实现。
Challenge-response authentication is probably the way to go, possibly using Kerberos, depending on your tradeoffs. One of the tradeoffs being the possibility for attackers controlling the clients to use compromised hashes to authenticate themselves.
Don't invent your own cryptographic protocols. Use one that is well-known and well tested. If possible, use an existing (vetted) implementation.
为此,我建议查看 Kerberos:官方网站 和 维基百科
For this, I advise looking into Kerberos: Official Site and Wikipedia
这是不可能的。如果您不在服务器上存储密码,则用户必须提供该密码。
或者
如果您将密码存储在服务器上,用户可以提供使用请求的盐计算的哈希值。
It's impossible. If you don't store password on the server, user must provide it.
OR
If you store password on the server, user can provide hash calculated using requested salt.
您将无法使用此设置验证哈希值。
如果您不希望别人看到通过网络传输的密码,SSL 是更简单的方法。
如果您不想使用 SSL,可以查看 SRP。
另外:不要使用MD5+Salt来存储密码,使用bcrypt或scrypt等密钥强化功能。
You will not be able to verify the hash with this setup.
If you don't want someone to see the password go over the wire, SSL is the easier way.
If you don't want to use SSL, you could check out SRP.
Additionnally: don't use MD5+Salt to store your password, use key strengthening functions like bcrypt or scrypt.