问题
Fact A. Based on Pigeonhole Principle, every hash functions has infinite number of collisions, even if none is found yet.
Fact B. Re-hashing a hash, like hash(hash(password)) is not more secure than hash(password), actually hash(hash(password)) open up a collision attack that is not possible with hash(password).
Fact C. Based on B, by increasing iterations, we reach a point that most passwords and salts will return same constant hash value. I mean probability of colliding will be high, even 100%.
Fact D. bcrypt has a iteration/cost parameter that we can increase over time, based on our hardware specifications.
So, by combining this facts, can we say that with a higher bcrypt cost value, we decrease security by increasing probability of colliding? If answer is "no", why?
回答1:
BCrypt does not do stupid iterations, it includes the original password and the salt in every iteration. The same goes for PBKDF2, which uses a HMAC in every iteration. Have a look at the pseudo code of BCrypt.
There is a very illustrative answer on Information Security about the effects of collisions with iterative hashing. In praxis, as far as i know, collisions are not really a problem for password hashing, even when iterated.
来源:https://stackoverflow.com/questions/30509081/security-of-bcrypt-iterations-cost-parameter