强大的“重置密码”算法安全地
我正在开发一种强大的算法来安全地重置密码,并寻求用户社区的反馈。这是我到目前为止所想到的(在 带有随机数的电子邮件中的激活/注册/密码重置链接的最佳实践是什么)
密码重置过程的工作原理如下: 当用户请求“通过电子邮件将重置密码链接发送给他们”时...
- 生成 $salt
- 提示用户输入他们想要将“重置密码”链接发送到的 $email 地址。
- 检索 $key(=只有用户知道的秘密用户预定义敏感帐户数据,例如出生城市或 SSN#Last4)
- 创建 $nonce = hash($email . $key)
- 保存到表:
- $nonce(PK)
- $盐
- $exp_date
- Create $hash =hash($salt . $email . $key)
- 通过电子邮件向用户发送重置密码的链接 @ URL=。 ..?hash=$hash
当用户单击我们发送给他们的链接时,会将他们带到一个表单:
- 输入 $email
- 输入 $newPassword
- 确认 $newPassword
- 提示输入关键字段...即:“输入您出生的城市:”输入 $key
当用户提交此表单...
- 从 URL 检索 $hash
- 重新创建 $nonce = hash($email . $key)
- 使用 $nonce 从我们的表中检索 $salt(如果未过期)。
- 如果 hash($salt . $email . $key) == 来自 URL 的 $hash,那么验证就很好!,所以我们... 更新数据库中的用户密码
- ,否则,我们拒绝更改密码的尝试
。 注意:
- 所有 $email 和 $key 响应都会被修剪和删除。处理前小写以避免混淆。
- 定期维护任务 sproc 应该定期删除所有过期的随机数,以保持表清洁
您认为呢?
I'm working on developing a Strong Algorithm to reset passwords securely and looking for feedback from the User Community. Here's what I've come up with so far (with help from What are best practices for activation/registration/password-reset links in emails with nonce)
Password Reset process works as follows:
When a User requests that a "reset password link be emailed to them"...
- Generate a $salt
- Prompt the user for the $email address they want to have their "reset password" link sent to.
- Retrieve a $key (=secret user-predefined sensitive account data that only they know such as the city they were born in or SSN#Last4)
- Create $nonce = hash($email . $key)
- Save to table:
- $nonce (PK)
- $salt
- $exp_date
- Create $hash =hash($salt . $email . $key)
- Email the user a link to reset their password @ URL=...?hash=$hash
When the User clicks on the link we sent them, it brings them to a form:
- Enter $email
- Enter $newPassword
- Confirm $newPassword
- Prompt for Key Field... ie: "Enter the City you were born in:" Enter $key
When the User submits this form...
- Retrieve $hash from the URL
- Recreate $nonce = hash($email . $key)
- Use $nonce to retrieve $salt from our table (if unexpired).
- If hash($salt . $email . $key) == $hash from URL, then the Validation is GOOD!, so we...
Update the user's password in the database - Otherwise, we refuse the attempt to change the password
Notes:
- All $email and $key responses are trimmed & lower-cased before processing to avoid confusion.
- Regular maintenance task sproc should periodically remove all expired nonces to keep the table clean
What do you think?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有几个问题。通过将随机数存储到数据库,您完全破坏了随机数的含义,从而削弱了应用程序的整体安全性。通过存储盐,您也会削弱安全性,因为如果我获得对数据库的访问权限,我就知道您用于帐户的“随机”盐值,因此您将面临彩虹表攻击。
当用户提交此表单时...
以上内容已损坏。因为我知道您存储随机数,所以您降低了应用程序的安全性,此外,通过存储盐,您也削弱了安全性。鉴于上述情况,如果我有电子邮件+哈希算法(您必须假设我知道您的算法),我可以检索盐并推断出随机数。因此我可以“快速”破坏整个数据库。
Couple of issues. By storing the nonce to the DB you completely destroy the meaning of the nonce and therefore weaken the overall security of the application. By storing the salt you are also weakening security because if I gain access to the database I know the "random" salt value you have used for an account, therefore opening you up to rainbow table attacks.
When the User submits this form...
The above is broken. Since I know you store nonces you have reduced the security of your application, further by storing the salt as well you have weakened security as well. Given the above scenario it is possible for me to retrieve the salt and to deduce the nonce if I have the email + hashing algorithm (you must assume I know your algorithm). Therefore I can "quickly" break the entire database.