Password Encryption: PBKDF2 (using sha512 x 1000) vs Bcrypt

前端 未结 2 993
借酒劲吻你
借酒劲吻你 2021-01-30 07:33

I\'ve been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is s

相关标签:
2条回答
  • 2021-01-30 08:07

    You're good with PBKDF2, no need to jump to bcrypt.

    Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.

    Also, you should take more care when using bcrypt:

    It is also worth noting that while bcrypt is stronger than PBKDF2 for most types of passwords, it falls behind for long passphrases; this results from bcrypt’s inability to use more than the first 55 characters of a passphrase While our estimated costs and NIST’s . estimates of passphrase entropy suggest that bcrypt’s 55-character limitation is not likely to cause problems at the present time, implementors of systems which rely on bcrypt might be well-advised to either work around this limitation (e.g., by “prehashing” a passphrase to make it fit into the 55-character limit) or to take steps to prevent users from placing too much password entropy in the 56th and subsequent characters (e.g., by asking users of a website to type their password into an input box which only has space for 55 characters).

    From scrypt paper [PDF]

    That said, there's also scrypt.

    Any comparisons would be incomplete without the table from the scrypt paper mentioned above:

    Estimated cost of hardware to crack a password in 1 year.

    Iteration counts for PBKDF2-HMAC-SHA256 used there are 86,000 and 4,300,000.

    0 讨论(0)
  • 2021-01-30 08:08

    Comment (re: the title):

    • Don't use encryption (reversible) to store passwords unless you MUST.
    • Since you presented a hashing (non-reversible) option as an alternative, I assume you don't need reversibility.

    opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change?

    My opinion:

    Use PBKDF2 over Bcrypt. (I just have more faith in SHA than Blofish, for no reason)

    As for whether you should 'implement a change', I don't know what you are asking.

    Edited to more clearly separate the encryption / hashing discussion from stating my preferences w/r/t algorithm.

    0 讨论(0)
提交回复
热议问题