为什么盐在使用字典攻击时没有帮助
从这个网站 http://codahale.com/how-to-safely-store -a-密码/:
需要注意的是,盐对于防止字典攻击或暴力攻击是没有用的。
如果盐对于防止字典攻击没有用,为什么还要使用盐呢?
From this site http://codahale.com/how-to-safely-store-a-password/:
It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks.
If salt is useless to prevent dictionary attack, why using salt?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
对于单一密码来说,这并没有多大区别。暴力破解未加盐的密码与暴力破解加盐的密码一样困难。您只需尝试按键,直到成功为止。
不同之处在于存在大量密码,例如在泄露的数据库中。基本思想是在破解许多密码时可以重复使用部分必要的计算。这是通过构建彩虹表来完成的。这样做的计算成本很高,但一旦完成,攻击者就可以相对快速地破解大量密码。使用彩虹表破解
N个密码比单独暴力破解这些N个密码要快得多。如果每个密码都使用单独的盐进行哈希处理,则无法以相同的方式重复使用信息。您仍然可以构建彩虹表,但它们只能用于数据库中的一个密码,这使得它们毫无用处。因此,为了破解
N个密码,您确实必须单独暴力破解所有N个密码,这对于攻击者来说通常是不切实际的。对于无盐密码和流行的哈希算法,您可以简单地从互联网上下载预先计算的彩虹表,因此攻击者甚至不必自己计算它们。他只需下载一个表并查找特定哈希值的密码即可。盐可以防止这种情况发生。
无盐哈希还有一个缺点,即具有相同密码的两个用户的密码哈希是相同的。因此,如果攻击者发现多个用户具有相同的密码哈希值,他只需破解该密码一次。
For single passwords, it doesn't make that much of a difference. Brute-forcing an unsalted password is just as hard as brute-forcing a salted password. You just try out keys until you get a hit.
The difference is when there are a lot of passwords, for example in a leaked database. The basic idea is that part of the necessary computations can be re-used when cracking many passwords. This is done by constructing a rainbow table. Doing that is computationally expensive, but once done it allows the attacker to crack a lot of passwords relatively fast. Cracking
Npasswords with a rainbow table is a lot faster than brute-forcing thoseNpasswords individually.If every password is hashed with an individual salt, you can't re-use information in the same way. You could still construct rainbow tables, but they would only be usable for exactly one password in the database, which renders them useless. So in order to crack
Npasswords, you really have to brute-force allNpasswords individually, which is usually not practical for the attacker.For unsalted passwords and popular hash algorithms, you can simply download pre-calculated rainbow tables from the Internet, so an attacker wouldn't even have to calculate them by himself. He can just download a table and lookup the password for a particular hash. A salt prevents that.
Unsalted hashes also have the drawback that the password hash for two users with the same password is identical. So if an attacker finds multiple users with the same password hash, he only has to crack that password once.
如果“攻击者”拥有您的网站/应用程序使用的密码哈希(和盐),他们将简单地暴力破解“盐”+“密码”。
然而,使用盐可以更好地防止彩虹表(预先计算的哈希表),因此它们仍然值得使用。
If the 'attacker' has the password hash (and salt) used by your site/app they will simply brute force "salt" + "password".
However, using a salt offers more protection against rainbow tables (precalculated hash tables) so they're still worth using.
盐可以通过彩虹表防止字典立即破裂;这篇文章和后续文章指出,CPU/存储的权衡现在使得彩虹表没有意义,因此盐对您没有帮助。当然,他们从来没有帮助进行暴力攻击。
Salts prevent instant cracking from a dictionary via rainbow tables; the article and follow-up make the point that the CPU/Storage tradeoff is now such that rainbow tables don't make sense, and so salts don't help you. And of course, they never helped with brute-force attacks.
出于说明目的,假设您使用 2 个字符串作为盐,它可以是集合中的随机元素
salts = {'00', '01', '02'...... '99'}您使用的公式是:
此后您将在数据库中保存哈希值和盐, 我们假设
在受感染的系统中,攻击者可以访问您的代码 - 所以他知道您如何计算哈希值。
攻击者还可以访问您的数据库,因此他拥有所有密码哈希值和盐。
有了这些信息,为了破解您的密码(其哈希值:“dai480hgld0”),他必须执行以下操作:
请注意,如果您未使用任何盐总之,算法应该是
从上面的两个代码示例中,很明显,向密码添加盐会增加暴力攻击的尝试次数。在我们的例子中,由于有 100 种可能的盐,因此您让攻击者尝试使用 100 种盐来尝试每个单词。
所以,总结一下:
盐是好的。它们使您的密码难以破解。即使您的用户输入弱密码,盐也会确保生成的哈希值无法在谷歌上搜索。例如,很容易在谷歌上搜索哈希“3cc31cd246149aec68079241e71e98f6”,这实际上是一个相当复杂的密码,并且满足几乎所有密码策略。仍然不需要一行代码就可以破解它!
盐不是万能药。它们只是增加了破解者暴力破解您的密码所需的时间。但是,如果您的盐地址空间相当大,那么您就相当不错了。例如,如果您有 32 个字符的字母数字字符串作为盐,那么暴力破解确实需要很长时间。
For illustration purposes, say you are using 2 character string for salts which can be a random element from the set
salts = {'00', '01', '02'...... '99'}The formula you use is:
Thereafter you'll save the hash and salt in your database, something like
We assume that in a compromised system an attacker has access to your code - so he knows how you calculated your hashes.
The attacker will also have access to your database, so he has all the password hashes and the salts.
Given this information, in order to do to crack your password (which has a hash: 'dai480hgld0') he'll have to do the following:
Note that if you'd have not used any salt at all, the algorithm would have been
From the above two code samples, its obvious that adding a salt to the password increases the number of attempts in the brute force attack. In our case since there are 100 possible salts, you've made the attacker try each word with 100 salts.
So, to conclude:
Salts are good. They make your passwords tough to crack. Even if your users enter weak passwords, the salt makes sure that the resultant hashes are not googlable. For eg, its easy to google a hash '3cc31cd246149aec68079241e71e98f6' which is actually a password that is fairly complex and will meet almost all password policies. Still cracking it requires not a single line of code !
Salts are not panacea. They just increase the time it takes for a cracker to brute force your passwords. However, if your salt address space is fairly big then you are pretty good. For eg, if you have 32 characters alphanumeric string as a salt - brute force will really take very long.
加盐可以让加密变得更强。然而,字典攻击不会尝试解密密码哈希,因此加盐或不加盐并不重要,他们只会尝试许多密码,直到一个有效。
Salt makes the encryption stronger. However, dictionary attacks don't try to decrypt the password hash, so salt or no salt, it doesn't matter, they will just try out many passwords until one works.
现在这看起来不像是一个编程问题,所以我只为您提供一些有关加盐和加密的信息:
加盐的目的是帮助单向函数,例如散列,它在密码学中广泛使用,经常使用密码的数量,因为其难以猜测,并且暴力攻击等其他攻击需要时间来破解密码。
如果你想安全地存储密码,最好的方法肯定是加密。在维基百科上查找加密以获取更多信息。
Now this doesn't seem like a programming question, so I'll just give you some info on salting and encryption:
The purpose of salting is to aid in one-way functions like Hashing, which is used widely in Cryptography, often in use of passwords because of its difficulty to guess, and time it takes for other attacks like brute-force attacks to crack them.
If you want to securely store passwords, the best way is definitely encryption. Look up encryption on Wikipedia for more info on that.
它并不完全准确,因为大多数事情都取决于您的假设。
主要假设是:
It is not entirely accurate, as with most things it depends on your assumption.
main assumption are:
两点评论:
常规哈希算法可以迭代。没有必要因为想要增加工作因子而使用非标准算法。
即使您使用较慢的哈希方法,也建议使用 Salt。它可能不一定会增加最佳攻击的工作量,但如果用户选择与另一个用户、另一个帐户或旧密码相同的密码,它会阻止微不足道的攻击。</p>
Two comments:
Regular hash algorithms can be iterated. There is no need to use a non-standard algorithm just because you want to increase the work factor.
Using a Salt is to be recommended even if you use a slow hash method. It might not necessarily increase the work load of the best attack, but it will stop trivial attacks in case a user chooses a password identical to that of another user, another account or to an old password.
这属于 security.stackexchange.com
问题是计算能力与散列算法的速度相结合的问题之一。基本上,他正在推销 bcrypt,但速度很慢。
如果黑客同时使用了哈希值和盐,并且知道用于哈希密码的算法,那么破解它只是时间问题。
如果使用非常快的算法,那么时间会非常短。如果使用极其慢的算法,那么显然,找到命中的时间会更长。
这让我们明白了我们对事物进行哈希/加盐的主要原因:为了争取时间。可以用来更改列出的所有密码的时间,以及联系所有用户的时间,让他们知道他们需要更改其他系统上的密码。
我们使用盐的原因是迫使黑客为每个盐值构建一个彩虹表。这样一张表就无法破解你所有的密码。这样做的唯一原因是为了争取时间,并希望阻止普通黑客投入更多资源来破解所有这些漏洞。
无论使用何种机制,散列密码都不安全,因为大多数人都认为该词是安全的。安全并不意味着“永远无法破解”。相反,它意味着“就破解时间/精力而言,这将是昂贵的”。对于大多数黑客来说,他们只想要容易实现的目标,例如仅明文。对于某些人来说,他们会采取任何需要的极端,例如根据盐值构建巨大的彩虹表来获得所有这些。
当然,支撑这一点的是您的用户表中是否可以轻松识别任何“超级”用户帐户。对于大多数系统来说,只需破解系统管理员类型的帐户就足够了,因此每个用户使用不同的盐值这一事实并不重要。聪明人只会为那一个帐户而烦恼。
This belongs on security.stackexchange.com
The problem is one of compute capacity in combination with the speed of the hashing algorithm. Basically, he's pitching bcrypt which is slow.
If a hacker has both the hash and salt used as well as knows the algorithm used to hash the password, then it's simply a matter of time to crack it.
If using a very fast algorithm, then that time is pretty short. If using an extremely slow algorithm then the time is, obviously, much longer to find a hit.
Which brings us to the primary reason why we hash/salt things in the first place: to buy time. Time that can be used in order to change all of the passwords listed and time to contact all of the users to let them know in case they need to change their passwords on other systems.
The reason we use salt is to force the hacker to build a rainbow table per salt value. This way one table can't be used to crack all of your passwords. The only reasons to do this are to buy time and, hopefully, dissuade the common hackers from investing further resources in cracking all of them.
Hashed passwords, regardless of mechanism used, are not secure in the sense that most people take that word. Secure doesn't mean "can never be cracked". Rather it means "this is going to be expensive in term of time/effort to crack". For most hackers, they want low hanging fruit such as clear text only. For some, they'll go to whatever extreme is required, such as building massive rainbow tables per salt value to get them all.
And, of course, underpinning this is whether any "super" user accounts are easily identified in your user table. For most systems just cracking the sys admin type of account is good enough and therefore the fact of using a different salt value per user is immaterial. The smart ones will just bother with that one account.