加密密码：什么时候密码太多？

发布于 2024-11-18 04:35:27 字数 406 浏览 3 评论 0原文

我正在更新我的 helper 函数库。我想知道密码加密中是否salt太多了？

之间有什么区别吗

mb_substr(sha1($str . AY_HASH), 5, 10) . mb_substr(sha1(AY_HASH . sha1($str . AY_HASH)), 5, 10) . mb_substr(md5($str . AY_HASH), 5, 10)

和简单的：

sha1(AY_HASH . sha1($str . AY_HASH))

AY_HASH 是salt ？我应该选择哪一个？如果两者都不好，那么最好的选择是什么？

原文

I am updating my helper functions library. I am wondering whether it is too much of salt in the password encryption?

Is there any difference between:

mb_substr(sha1($str . AY_HASH), 5, 10) . mb_substr(sha1(AY_HASH . sha1($str . AY_HASH)), 5, 10) . mb_substr(md5($str . AY_HASH), 5, 10)

and simply:

sha1(AY_HASH . sha1($str . AY_HASH))

AY_HASH being the salt. Which should I prefer and if neither is good, what is the best alternative?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

魂ガ小子 2024-11-25 04:35:27

应为每个密码生成盐，而不是为每个密码生成秘密字符串。重复使用盐意味着攻击者只需为每个密码创建一个彩虹表，而不是每个密码创建一个彩虹表。

我邀请您阅读我之前在安全哈希。规则很简单：

不要对所有密码使用单一盐。每个密码使用随机生成的盐。
不要不要重新散列未修改的哈希（冲突问题，请参阅我之前的回答，您需要无限的输入进行散列）。
不要尝试创建自己的哈希算法或将算法混合到复杂的操作中。
如果遇到损坏/不安全/快速的哈希原语，请使用密钥强化。这增加了攻击者计算彩虹表所需的时间。示例：

function strong_hash($input, $salt = null, $algo = 'sha512', $rounds = 20000) {
  if($salt === null) {
    $salt = crypto_random_bytes(16);
  } else {
    $salt = pack('H*', substr($salt, 0, 32));
  }

  $hash = hash($algo, $salt . $input);

  for($i = 0; $i < $rounds; $i++) {
    // $input is appended to $hash in order to create
    // infinite input.
    $hash = hash($algo, $hash . $input);
  }

  // Return salt and hash. To verify, simply
  // passed stored hash as second parameter.
  return bin2hex($salt) . $hash;
}

function crypto_random_bytes($count) {
  static $randomState = null;

  $bytes = '';

  if(function_exists('openssl_random_pseudo_bytes') &&
      (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
    $bytes = openssl_random_pseudo_bytes($count);
  }

  if($bytes === '' && is_readable('/dev/urandom') &&
     ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
    $bytes = fread($hRand, $count);
    fclose($hRand);
  }

  if(strlen($bytes) < $count) {
    $bytes = '';

    if($randomState === null) {
      $randomState = microtime();
      if(function_exists('getmypid')) {
        $randomState .= getmypid();
      }
    }

    for($i = 0; $i < $count; $i += 16) {
      $randomState = md5(microtime() . $randomState);

      if (PHP_VERSION >= '5') {
        $bytes .= md5($randomState, true);
      } else {
        $bytes .= pack('H*', md5($randomState));
      }
    }

    $bytes = substr($bytes, 0, $count);
  }

  return $bytes;
}

无论如何，您应该使用bcrypt，它是面向未来的。再次我邀请您我之前的回答有一个更详细的例子。

A salt should be generated for each password, not a secret string used on every password. Re-using a salt means that the attacker will only need to create one rainbow table for every password instead of one per password.

I invite you to read a previous answer I wrote on secure hashing. The rules are simple:

Do NOT use a single salt for all passwords. Use a randomly generated salt per password.
Do NOT rehash an unmodified hash (collision issue, see my previous answer, you need infinite input for hashing).
Do NOT attempt to create your own hashing algorithm or mix-matching algorithms into a complex operation.
If stuck with broken/unsecure/fast hash primitives, use key strengthening. This increases the time required for the attacker to compute a rainbow table. Example:

function strong_hash($input, $salt = null, $algo = 'sha512', $rounds = 20000) {
  if($salt === null) {
    $salt = crypto_random_bytes(16);
  } else {
    $salt = pack('H*', substr($salt, 0, 32));
  }

  $hash = hash($algo, $salt . $input);

  for($i = 0; $i < $rounds; $i++) {
    // $input is appended to $hash in order to create
    // infinite input.
    $hash = hash($algo, $hash . $input);
  }

  // Return salt and hash. To verify, simply
  // passed stored hash as second parameter.
  return bin2hex($salt) . $hash;
}

function crypto_random_bytes($count) {
  static $randomState = null;

  $bytes = '';

  if(function_exists('openssl_random_pseudo_bytes') &&
      (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
    $bytes = openssl_random_pseudo_bytes($count);
  }

  if($bytes === '' && is_readable('/dev/urandom') &&
     ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
    $bytes = fread($hRand, $count);
    fclose($hRand);
  }

  if(strlen($bytes) < $count) {
    $bytes = '';

    if($randomState === null) {
      $randomState = microtime();
      if(function_exists('getmypid')) {
        $randomState .= getmypid();
      }
    }

    for($i = 0; $i < $count; $i += 16) {
      $randomState = md5(microtime() . $randomState);

      if (PHP_VERSION >= '5') {
        $bytes .= md5($randomState, true);
      } else {
        $bytes .= pack('H*', md5($randomState));
      }
    }

    $bytes = substr($bytes, 0, $count);
  }

  return $bytes;
}

If anything however, you should use bcrypt, which is future-adaptable. Again, I invite you to my previous answer for a more detailed example.

回复收藏 0 原文

~没有更多了~