Let's say I have a table of users set up like this:
假设我有一个用户设置表,如下所示:
CREATE TABLE `users` (
`id` INTEGER PRIMARY KEY,
`name` TEXT,
`hashed_password` TEXT,
`salt` TEXT
)
When a user is created, a randomly-generated salt is produced and stored in the database alongside the results of something like get_hash(salt + plaintext_password).
创建用户时,会生成随机生成的salt,并将其与get_hash(salt + plaintext_password)之类的结果一起存储在数据库中。
I'm wondering that if a malicious user gets their hands on this data, would they be able to use it to crack users's passwords? If so, what's a way that it could be prevented?
我想知道如果恶意用户获取这些数据,他们是否可以使用它来破解用户的密码?如果是这样,有什么方法可以防止它?
7 个解决方案
#1
No, they're not useless.
不,他们没有用武之地。
So long as you use a unique salt for each row, then the salt will
prevent
slow down an attack. The attacker will need to mount a brute force attack, rather than using rainbow tables against the password hashes.
只要你为每一行使用一种独特的盐,那么盐就可以防止减缓攻击速度。攻击者需要进行暴力攻击,而不是使用彩虹表来防止密码哈希。
As mentioned in the comments, you should ensure that the salt is a sensible size.
正如评论中所提到的,你应该确保盐是合理的大小。
#2
Salting was introduced (or at least made popular) in UNIX /etc/passwd file, which was world-readable. It is usually assumed that the salt as well as the encrypted password is known to the cracker. The purpose of the salt is the slow-down of the cracking process (since the same password won't map to the same encrypted string); it is not a secret in itself.
Salting在UNIX / etc / passwd文件中引入(或至少变得流行),这是世界可读的。通常假设破解者已知盐和加密密码。 salt的目的是减慢破解过程(因为相同的密码不会映射到相同的加密字符串);它本身并不是一个秘密。
#3
Knowing the salt makes it possible to do a brute-force attack, but that doesn't make it useless. Salt prevents the attacker from using an already generated rainbow table (which you could find on the web).
了解盐可以进行蛮力攻击,但这并不会使它变得无用。 Salt可以防止攻击者使用已经生成的彩虹表(您可以在网上找到)。
The best way to prevent brute-forcing is simply to use long, complex passwords.
防止暴力破解的最佳方法就是使用冗长复杂的密码。
#4
If an attacker knows the salt, the hashed password and the hash algorithm, then they can mount a brute-force dictionary attack (or rainbow attack).
如果攻击者知道盐,散列密码和散列算法,那么他们就可以进行暴力破解字典攻击(或彩虹攻击)。
#5
This should give you an idea of how it works.
这应该让你知道它是如何工作的。
Lets say you want to encrypt a word "secret." After it is encrypted lets say it now looks like this 00110010.
假设您想要加密“秘密”一词。在它加密后,让它说它现在看起来像这个00110010。
If a hacker knows the encryption algorithm, they can create a table of words and their corresponding encrypted values. So they take the encrypted password "00110010" and find it in the table. Now they know that the password used to generate "00110010" was the word "secret." If you salt the word first, then a generic lookup table will be useless to the hacker. (A generic lookup table being a table of unsalted dictionary words and their encrypted values)
如果黑客知道加密算法,他们可以创建一个单词表及其相应的加密值。因此,他们采用加密密码“00110010”并在表中找到它。现在他们知道用于生成“00110010”的密码是“秘密”这个词。如果你先把这个词加盐,那么通用查找表对黑客来说就没用了。 (通用查找表是未加字母的字典单词及其加密值的表)
If you salt the word first ("saltsecret"), now the encrypted value will look different, and the hacker wont find it in the lookup table.
如果你先把这个词加盐(“saltsecret”),那么现在加密的值看起来会有所不同,黑客也不会在查找表中找到它。
However, they can still start creating their own lookup table from scratch using your salt and eventually they will be able to reverse lookup passwords.
但是,他们仍然可以使用您的salt从头开始创建自己的查找表,最终他们将能够反向查找密码。
So to answer the question, if the passwords are sufficiently complex, it will take ages for the hacker to figure them out. You could change your salt every year and they would have to start creating a table all over again.
所以要回答这个问题,如果密码足够复杂,黑客需要花费很长时间来解决它们。你可以每年更换盐,他们必须重新开始创建一张桌子。
#6
No, it's not worthless.
不,这不值钱。
To successfully attack an account, an attacker needs to know the salt for that account (and every account's salt should be different), the hashing algorightm used, and the final stored password hash.
要成功攻击帐户,攻击者需要知道该帐户的盐(并且每个帐户的盐应该不同),使用的哈希算法和最终存储的密码哈希。
Given all of that information, you can write a program that keeps trying to hash different potential passwords until it finds one that matches.
鉴于所有这些信息,您可以编写一个程序,一直尝试散列不同的潜在密码,直到找到匹配的密码。
If it's a bad salt (too simple or short), this can be made much faster because the program can use rainbow lookup tables to match the final stored password hash to the string that was hashed, and then just subtract the salt. But they still need all the information.
如果它是一个糟糕的盐(太简单或太短),这可以更快,因为程序可以使用彩虹查找表将最终存储的密码哈希与经过哈希处理的字符串相匹配,然后只需减去盐。但他们仍然需要所有的信息。
If it's a shared salt, this is bad because an attacker and use the salt to generate a rainbow table in advance that's good for any account on your system.
如果它是共享盐,这是不好的,因为攻击者并使用盐预先生成彩虹表,这对您系统上的任何帐户都有好处。
#7
Assuming brute force attack of MD5,SHA1,SHA256 algorithms with GPU has a throughput greater than 1 billion of tries per second and SHA512 around 300M/s. If you use one of these algorithms, it will slow down hacker who used rainbow table (less likely), but it will not slow down hacker who used brute force attack (more likely). It will definitively not protect you, it just add a bit of security against outdated rainbow table (for these algo). A bit is better than nothing.
假设MD5的强力攻击,使用GPU的SHA1,SHA256算法的吞吐量大于每秒10亿次尝试,SHA512大约为300M / s。如果您使用其中一种算法,它将减慢使用彩虹表的黑客(不太可能),但它不会减慢使用暴力攻击的黑客(更有可能)。它绝对不会保护你,它只是为过时的彩虹表添加一点安全性(对于这些算法)。有点比没有好。
But if you use a strongest algorithm (eg. bcrypt), salt definitively worth it even if stored with hash because brut force is not feasible in term of time so rainbow make sense.
但是如果你使用最强的算法(例如bcrypt),即使用哈希存储,盐肯定也是值得的,因为在时间方面,暴力是不可行的,所以彩虹是有道理的。
Have a look at this article and to summarize:
看看这篇文章并总结一下:
If you are a user:
如果您是用户:
Make sure all your passwords are 12 characters or more, ideally a lot more. I recommend adopting pass phrases, which are not only a lot easier to remember than passwords (if not type) but also ridiculously secure against brute forcing purely due to their length.
确保所有密码都是12个字符或更多,理想情况下更多。我建议使用密码短语,它不仅比密码更容易记忆(如果不是键入的话),而且由于长度的原因,它们也非常可靠地防止暴力破坏。
If you are a developer:
如果您是开发人员:
Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. Do not use any other form of hash. Almost every other popular hashing scheme is vulnerable to brute forcing by arrays of commodity GPUs, which only get faster and more parallel and easier to program for every year.
仅使用bcrypt或PBKDF2来散列您需要安全的任何内容。这些新的哈希值专门设计为难以在GPU上实现。不要使用任何其他形式的哈希。几乎所有其他流行的哈希方案都容易受到商品GPU阵列的强制攻击,这些GPU每年只能更快,更平行,更容易编程。
Posted by Jeff Atwood
Jeff Atwood发表
#1
No, they're not useless.
不,他们没有用武之地。
So long as you use a unique salt for each row, then the salt will
prevent
slow down an attack. The attacker will need to mount a brute force attack, rather than using rainbow tables against the password hashes.
只要你为每一行使用一种独特的盐,那么盐就可以防止减缓攻击速度。攻击者需要进行暴力攻击,而不是使用彩虹表来防止密码哈希。
As mentioned in the comments, you should ensure that the salt is a sensible size.
正如评论中所提到的,你应该确保盐是合理的大小。
#2
Salting was introduced (or at least made popular) in UNIX /etc/passwd file, which was world-readable. It is usually assumed that the salt as well as the encrypted password is known to the cracker. The purpose of the salt is the slow-down of the cracking process (since the same password won't map to the same encrypted string); it is not a secret in itself.
Salting在UNIX / etc / passwd文件中引入(或至少变得流行),这是世界可读的。通常假设破解者已知盐和加密密码。 salt的目的是减慢破解过程(因为相同的密码不会映射到相同的加密字符串);它本身并不是一个秘密。
#3
Knowing the salt makes it possible to do a brute-force attack, but that doesn't make it useless. Salt prevents the attacker from using an already generated rainbow table (which you could find on the web).
了解盐可以进行蛮力攻击,但这并不会使它变得无用。 Salt可以防止攻击者使用已经生成的彩虹表(您可以在网上找到)。
The best way to prevent brute-forcing is simply to use long, complex passwords.
防止暴力破解的最佳方法就是使用冗长复杂的密码。
#4
If an attacker knows the salt, the hashed password and the hash algorithm, then they can mount a brute-force dictionary attack (or rainbow attack).
如果攻击者知道盐,散列密码和散列算法,那么他们就可以进行暴力破解字典攻击(或彩虹攻击)。
#5
This should give you an idea of how it works.
这应该让你知道它是如何工作的。
Lets say you want to encrypt a word "secret." After it is encrypted lets say it now looks like this 00110010.
假设您想要加密“秘密”一词。在它加密后,让它说它现在看起来像这个00110010。
If a hacker knows the encryption algorithm, they can create a table of words and their corresponding encrypted values. So they take the encrypted password "00110010" and find it in the table. Now they know that the password used to generate "00110010" was the word "secret." If you salt the word first, then a generic lookup table will be useless to the hacker. (A generic lookup table being a table of unsalted dictionary words and their encrypted values)
如果黑客知道加密算法,他们可以创建一个单词表及其相应的加密值。因此,他们采用加密密码“00110010”并在表中找到它。现在他们知道用于生成“00110010”的密码是“秘密”这个词。如果你先把这个词加盐,那么通用查找表对黑客来说就没用了。 (通用查找表是未加字母的字典单词及其加密值的表)
If you salt the word first ("saltsecret"), now the encrypted value will look different, and the hacker wont find it in the lookup table.
如果你先把这个词加盐(“saltsecret”),那么现在加密的值看起来会有所不同,黑客也不会在查找表中找到它。
However, they can still start creating their own lookup table from scratch using your salt and eventually they will be able to reverse lookup passwords.
但是,他们仍然可以使用您的salt从头开始创建自己的查找表,最终他们将能够反向查找密码。
So to answer the question, if the passwords are sufficiently complex, it will take ages for the hacker to figure them out. You could change your salt every year and they would have to start creating a table all over again.
所以要回答这个问题,如果密码足够复杂,黑客需要花费很长时间来解决它们。你可以每年更换盐,他们必须重新开始创建一张桌子。
#6
No, it's not worthless.
不,这不值钱。
To successfully attack an account, an attacker needs to know the salt for that account (and every account's salt should be different), the hashing algorightm used, and the final stored password hash.
要成功攻击帐户,攻击者需要知道该帐户的盐(并且每个帐户的盐应该不同),使用的哈希算法和最终存储的密码哈希。
Given all of that information, you can write a program that keeps trying to hash different potential passwords until it finds one that matches.
鉴于所有这些信息,您可以编写一个程序,一直尝试散列不同的潜在密码,直到找到匹配的密码。
If it's a bad salt (too simple or short), this can be made much faster because the program can use rainbow lookup tables to match the final stored password hash to the string that was hashed, and then just subtract the salt. But they still need all the information.
如果它是一个糟糕的盐(太简单或太短),这可以更快,因为程序可以使用彩虹查找表将最终存储的密码哈希与经过哈希处理的字符串相匹配,然后只需减去盐。但他们仍然需要所有的信息。
If it's a shared salt, this is bad because an attacker and use the salt to generate a rainbow table in advance that's good for any account on your system.
如果它是共享盐,这是不好的,因为攻击者并使用盐预先生成彩虹表,这对您系统上的任何帐户都有好处。
#7
Assuming brute force attack of MD5,SHA1,SHA256 algorithms with GPU has a throughput greater than 1 billion of tries per second and SHA512 around 300M/s. If you use one of these algorithms, it will slow down hacker who used rainbow table (less likely), but it will not slow down hacker who used brute force attack (more likely). It will definitively not protect you, it just add a bit of security against outdated rainbow table (for these algo). A bit is better than nothing.
假设MD5的强力攻击,使用GPU的SHA1,SHA256算法的吞吐量大于每秒10亿次尝试,SHA512大约为300M / s。如果您使用其中一种算法,它将减慢使用彩虹表的黑客(不太可能),但它不会减慢使用暴力攻击的黑客(更有可能)。它绝对不会保护你,它只是为过时的彩虹表添加一点安全性(对于这些算法)。有点比没有好。
But if you use a strongest algorithm (eg. bcrypt), salt definitively worth it even if stored with hash because brut force is not feasible in term of time so rainbow make sense.
但是如果你使用最强的算法(例如bcrypt),即使用哈希存储,盐肯定也是值得的,因为在时间方面,暴力是不可行的,所以彩虹是有道理的。
Have a look at this article and to summarize:
看看这篇文章并总结一下:
If you are a user:
如果您是用户:
Make sure all your passwords are 12 characters or more, ideally a lot more. I recommend adopting pass phrases, which are not only a lot easier to remember than passwords (if not type) but also ridiculously secure against brute forcing purely due to their length.
确保所有密码都是12个字符或更多,理想情况下更多。我建议使用密码短语,它不仅比密码更容易记忆(如果不是键入的话),而且由于长度的原因,它们也非常可靠地防止暴力破坏。
If you are a developer:
如果您是开发人员:
Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. Do not use any other form of hash. Almost every other popular hashing scheme is vulnerable to brute forcing by arrays of commodity GPUs, which only get faster and more parallel and easier to program for every year.
仅使用bcrypt或PBKDF2来散列您需要安全的任何内容。这些新的哈希值专门设计为难以在GPU上实现。不要使用任何其他形式的哈希。几乎所有其他流行的哈希方案都容易受到商品GPU阵列的强制攻击,这些GPU每年只能更快,更平行,更容易编程。
Posted by Jeff Atwood
Jeff Atwood发表