关于在数据库中保存密码的问题
我目前正在阅读一本关于 PHP/MySQL 的书。我主要对密码的哈希感兴趣。明文通过 md5/sha1 或某种哈希函数转换为“乱码”并存储在数据库中。好吧,我明白了。黑客即使获得了数据库的访问权限,仍然面临着找到明文的问题。
我的问题(我希望这不是愚蠢的)是,在大多数(或所有想到的)具有用户密码的网站上,如果用户忘记了他/她的密码,那么网络管理员会将其发送到用户的电子邮件中。好的,但是网络管理员如何拥有明文密码呢?
I am currently reading a book on PHP/MySQL. I'm mainly interested in the hashing of passwords. The cleartext is converted into "gibberish" by md5/sha1 or some hash function and stored in the database. Fine I get that. Hackers, even if they gain access to the database still have the problem of finding the cleartext.
My question (which I hope isnt stupid) is, on most (or all come to think of it) websites that have user passwords, if the user forgets his/her password then the web admin will send it to the user's email. Ok, but how does the web admin have the cleartext password?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
如果密码可以发送回给您,则它不会被散列 - 它已经(希望!)被加密。从广义上讲,散列不是可逆的操作。散列后,将某些内容与其进行比较的唯一方法是以相同的方式散列该内容并查看散列是否相同。你永远无法真正“解散”它。
总之,它不应该采用明文形式。如果他们拥有它并且可以将其发送给您,则它应该被加密。他们是否应该保留加密版本是安全顾问争论的焦点。也就是说,它可能是明文形式。归根结底,“密码”没有什么特别的,它们只是字符串并且可以这样存储 - 然而,因为它们形成了保护事物安全的重要密钥,所以您希望它们得到正确处理。
人们认为应该完成的常见方法是对其进行加盐和散列。我认为,如果您的散列算法很好,那么这是最好的常用方法。有一些事情需要注意,但这远远超出了这个答案的范围。
在数据库中存储密码的最佳方法
令人震惊的故事:< /strong>
我曾经有一位来自英国宽带提供商的客户服务代表告诉我我的密码是什么...当人们以可逆格式存储我的密码时,我变得有点粗略,我变得非常 当他们允许该密码被使用时担心客户服务人员认为这是安全系统的一个弱点。正是因为这个原因,我离开了这个提供商。
In cases where the password can be sent back to you, it has not been hashed - it has (hopefully!) been encrypted. Hashing is not a reversible action, in a broad sense. Once hashed, the only way to compare something to it is to hash that something in the same way and see if the hash is the same. You can never really "unhash" it.
In summary, it shouldn't be in cleartext. If they have it and can send it to you, it should be encrypted. Whether they should even keep an encrypted version is a point for a security consultant to debate. That said, it could be in cleartext. At the end of the day there is nothing special about "passwords", they are just character strings and can be stored as such - however because they form important keys to secure things, you hope they are handled properly.
The common way people think it should be done is to salt and hash it. I'm of the opinion this is the best commonly available way, if your hashing algorithm is good. There are things to be aware of, but it's way beyond the scope of this answer.
Best way to store password in database
Alarming story:
I once had a customer service representative from a broadband provider in the UK tell me what my password was... I get a little sketchy when people store my password in a reversible format, I get very concerned when they allow that password to be seen by customer service people, who are a point of weakness in secure systems. I have since left this provider for that very reason.
我想我从来没有见过一个网站可以做到这一点。通常,他们会向您发送一个链接,当您单击该链接时,该链接会重置您的密码,并将您带到一个必须输入新密码的页面。有些网站会向您发送临时密码并敦促您更改。请注意,在这两种情况下,网站不需要原始的明文。
如果我单击了密码重置链接并以明文形式向我发送了原始密码,那么我对该网站的评价会非常低!
I don't think I've ever seen a web site that does that. Normally what they'll do is send you a link which, when you click it, resets your password and sends you to a page where you must enter a new one. Some sites will send you a temporary password and urge you to change it. Note that in both cases, the web site doesn't need to have the original cleartext.
If I clicked a password reset link and was sent my original password in cleartext, I'd have a very low opinion of that web site!
所有好的网站都不会发送密码,而是发送设置新密码的链接。这使他们能够避免使用明文密码。
All good websites don't send a password but a link to set a new password. That allows them to avoid cleartext passwords.
他不能 - 如果您使用的网站具有向您发送自己的密码的功能,您应该考虑切换到另一个网站,因为这个网站根本不安全,并且以明文形式存储密码。
唯一可用的功能是将密码重置为一些随机值。
He can't - if you use a website that has the functionality of sending you your own password, you should consider switching to another site as this one is simply not secure and store password in cleartext.
The only functionality that should be available is resetting the password to some random values.
仅当网络管理员的散列算法较弱、有办法检索您的明文密码并且有能力向您发回明文密码时,网络管理员才能向您提供明文密码。当然,如果密码根本没有经过哈希处理,那么发回明文密码就很容易了。但你为什么想要一个?正如 kstaruch 建议的那样,切换到另一个网站,因为此类网站非常不安全。
如果用户忘记了密码,则为用户提供重置密码的选项。当然,在你给他这个选择之前,请确保先验证他的身份(也许是秘密问题)。
The web admin can provide you back your cleartext password only if either his hashing algorithm is weak, he has a way of retrieving your cleartext password, and has the capability to send you one back. Of course, if the password isn't hashed at all, then it's quite easy to send back your cleartext password. But why would you want one? As suggested by kstaruch, switch to another site since such site is very unsecure.
If the user forgets his password, then give the user an option to reset his password. And of course, before you give him that option, make sure to validate his identity first (maybe secret questions).
您不会以明文形式存储任何密码或任何形式的对称加密密码,除非您的目标是有一天像索尼一样受欢迎。
第一:
http://www.engadget.com/2011/04/26/sony-provides-psn-update-confirms-a-compromise-of-personal-inf/
然后:
我应该如何保存我的密码?
另外:
您应该尝试对密码在客户端,除非您使用 https 协议,这可能有点过头了,但尝试找到一些 javascript HASH 函数,使您能够将密码的哈希发送到服务器进行验证。
You WON'T store any password in clear-text or any form of the symmetrically encrypted password, unless you are targeting to be as popular as SONY someday.
First:
http://www.engadget.com/2011/04/26/sony-provides-psn-update-confirms-a-compromise-of-personal-inf/
Then:
How should i save my Password?
ALSO:
you should try to HASH the password at the client side, unless you are using https protocol, which could be overkill, but try to find some javascript HASH function that will enable you to send hash of a password to the server for verification.