发表新帖
发表新帖

Many hash iterations: append salt every time?

前端 未结
关注
5 660
野趣味
野趣味 2020-11-28 08:24

I have used unsalted md5/sha1 for long time, but as this method isn\'t really secure (and is getting even less secure as time goes by) I decided to switch to a salted sha512

相关标签:
5条回答
  • 广开言路
    2020-11-28 09:01

    In short: Yes. Go with the first example... The hash function can lose entropy if feed back to itself without adding the original data (I can't seem to find a reference now, I'll keep looking).

    And for the record, I am in support of hashing multiple times.

    A hash that takes 500 ms to generate is not too slow for your server (considering that generating hashes are typically not done the vast majority of requests). However a hash that takes that long will significantly increase the time it will take to generate a rainbow table...

    Yes, it does expose a DOS vulnerability, but it also prevents brute force attacks (or at least makes them prohibitively slow). There is absolutely a tradeoff, but to some the benefits exceed the risks...

    A reference (more like an overview) to the entire process: Key Strengthening

    As for the degenerating collisions, the only source I could find so far is this discussion...

    And some more discussion on the topic:

    1. HEKS Proposal
    2. SecurityFocus blog on hashing
    3. A paper on Oracle's Password Hashing Algorithms

    And a few more links:

    1. PBKDF2 on WikiPedia
    2. PBKDF2 Standard
    3. A email thread that's applicable
    4. Just Hashing Is Far From Enough Blog Post

    There are tons of results. If you want more, Google hash stretching... There's tons of good information out there...

    0 讨论(0)
  • 一整个雨季
    2020-11-28 09:10

    Please please please do not roll your own crypto. This is what libraries like OpenSSL are for. Here's few good examples of how you would use it to make salted hashes.

    Salted Hashes in OpenSSL

    0 讨论(0)
  • 青春惊慌失措
    2020-11-28 09:19

    The reason for iterative hashing is to make process as slow as possible. So you can do even better: use different salts for each iteration. It can be done by encrypting you original data again and again on each iteration with fixed key and XORing with salt value.

    0 讨论(0)
  • Happy的楠姐
    2020-11-28 09:24

    In addition to re-hashing it multiple times, I would use a different salt for each password/user. Though I think 5000 iterations is a bit too much, try a lower number. There's a trade-off here; you'll have to tweak it according to your needs and hardware.

    With different salts for each password, an attacker would be forced to bruteforce each password individually instead of constructing a rainbow table, which increases the workload considerably.

    As always, here's a recommended read for this: Just hashing is far from enough

    EDIT: Iterative hashing is a perfectly valid tactic. There are trade-offs, but everything has them. If you are worried about computation time, why not just store the plaintext password?

    0 讨论(0)
  • 我在风中等你
    2020-11-28 09:25

    I prefer to go with a double sha1 with two different salts and prevent DoS delaying the answer incrementally (with a simple usleep) for every invalid password check.

    0 讨论(0)
 看不清?
提交回复
热议问题