盐是否需要随机才能保护密码哈希?
我对安全性知之甚少(我需要找到基础知识的基本解释),并且正在尝试想出一种合理的方法来使用 .Net 将用户密码存储在数据库中。
这是我当前的解决方案:
private static byte[] HashPassword(string password)
{
using (var deriveBytes = new Rfc2898DeriveBytes(password, 10))
{
byte[] salt = deriveBytes.Salt;
byte[] key = deriveBytes.GetBytes(20);
return salt.Concat(key).ToArray(); //Return Salt+Key
}
}
我将 HashPassword() 的结果存储在数据库中。 要检查用户的密码,我这样做:
var salt = //1st 10 bytes stored in the DB
var key = //Next 20 bytes stored in the DB
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
byte[] newKey = deriveBytes.GetBytes(20);
if (newKey.SequenceEqual(key) == false) //Check if keys match
{
return "No Match";
}
else { return "Passwords match"; }
我的问题是盐是否需要随机并像这样存储在数据库中,或者我是否可以生成 10 字节盐并将其存储在我的代码中并始终使用相同的盐来保存我自己将盐存储在数据库中并只存储密钥?
另外,如果有人发现我正在做的事情有任何其他问题,我将不胜感激。
I know very little about security (I need to find a basic explanation of the basics) and am trying to come up with a reasonable way to store user passwords in a database using .Net.
Here's my current solution:
private static byte[] HashPassword(string password)
{
using (var deriveBytes = new Rfc2898DeriveBytes(password, 10))
{
byte[] salt = deriveBytes.Salt;
byte[] key = deriveBytes.GetBytes(20);
return salt.Concat(key).ToArray(); //Return Salt+Key
}
}
I store the results of HashPassword() in the database.
To check a user's password I do this:
var salt = //1st 10 bytes stored in the DB
var key = //Next 20 bytes stored in the DB
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
byte[] newKey = deriveBytes.GetBytes(20);
if (newKey.SequenceEqual(key) == false) //Check if keys match
{
return "No Match";
}
else { return "Passwords match"; }
My question is if the salt needs to be random and stored in the DB like this or if I could generate a 10-byte salt and store it in my code and always use the same salt to save myself storing the salt in the DB and just store the key?
Also if anyone sees any other problems with what I'm doing I'd appreciate any advise.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
绝对不是。
如果你问这个问题,你根本就不明白盐的用途。
加盐的目的是使攻击者更难以使用预先计算的哈希通用密码表。如果盐始终相同,那么攻击者只需使用该盐预先计算一个哈希通用密码表。
让我说得更清楚。假设攻击者已经获得了您的密码数据库,并正在闲暇时对所有存储的哈希值发起攻击,以找出与该哈希值相对应的密码。如果每个盐都不同,那么攻击者必须对数据库中的每个条目发起新攻击。如果每个盐都相同,那么攻击一个用户就会攻击每个用户。
此外:假设您为每个用户使用相同的盐。假设两个用户具有相同的密码。假设攻击者已经获得了密码数据库。 攻击者现在知道哪两个用户具有相同的密码,因为他们具有相同的加盐哈希,并且可以合理地假设这是数据库中最弱的密码。攻击者可以集中精力(无论是什么)来专门攻击该用户。一旦她知道该用户的密码,该用户很有可能在其他系统上使用过该用户名和弱密码,攻击者现在可以在不知道密码的情况下入侵这些系统文件。
您想了解安全性是件好事;以你的理解水平尝试编写一个真正的密码系统是很糟糕的。如果这是一个必须保护真实用户的真实系统,使用由专家构建的系统 ,或聘请自己的专家。您将创建一个您无法破坏的系统,而不是一个攻击者无法破坏的系统。
此外:您在互联网上向陌生人寻求安全方面的帮助。陌生人,你不知道他们是否知道自己在说什么,或者只是在编造故事。 找一位真正的安全专家(那不是我——我是语义分析器方面的专家)。构建安全系统是最困难的编程任务之一;你需要专业的帮助。
有关基本密码身份验证方案的简要介绍,请参阅我的系列文章:
http://blogs.msdn .com/b/ericlippert/archive/tags/salt/
ABSOLUTELY NOT.
You don't understand at all the purpose of the salt if you're even asking that question.
The purpose of the salt is to make it arbitrarily more difficult for an attacker to use a precomputed table of hashed common passwords. If the salt is always the same then the attacker just precomputes a table of hashed common passwords with that salt.
Let me make that more clear. Suppose an attacker has obtained your password database and is mounting an attack at her leisure against all the stored hashes to work out what the password corresponding to the hash is. If every salt is different then the attacker has to mount a fresh attack against every entry in the database. If every salt is the same then attacking one user attacks every user.
Moreover: suppose you use the same salt for every user. Suppose two users have the same password. And suppose the attacker has obtained the password database. The attacker now knows which two users have the same password because they have the same salted hash and can make the reasonable assumption that this is the weakest password in the database. The attacker can concentrate her efforts (whatever those may be) on attacking that user in particular. And once she knows that user's password, odds are good that the user has used that user name and weak password on other systems, which the attacker can now compromise without having their password files.
It is good that you want to learn about security; it is bad that you're trying to write a real password system with your level of understanding. If this is for a real system that has to protect real users, use a system built by experts, or hire your own expert. You're going to make a system that you can't break, not a system that an attacker can't break.
Moreover: you are asking strangers on the internet for help with security. Strangers who you have no idea whether they know what they're talking about or are just making stuff up. Get a real security expert (and that is not me -- I'm an expert on semantic analyzers). Building a security system is one of the hardest programming tasks there is; you need professional help.
For a gentle introduction to basic password authentication schemes, see my series of articles:
http://blogs.msdn.com/b/ericlippert/archive/tags/salt/
您不需要应用随机盐,但如果您这样做,您的密码将会更安全。显然,如果您确实应用了随机盐,那么您需要将其与散列密码一起存储在数据库中,以便您可以检查提供的密码。
快速谷歌揭示了 这篇文章,可能会对您有所帮助。
You don't need to apply a random salt, but if you do your passwords will be that bit more secure. Obviously, if you do apply a random salt then you need to store that with the hashed password in the db so that you can check against a supplied password.
A quick google revealed this post, which may help you out.