`
13146489
  • 浏览: 252914 次
  • 性别: Icon_minigender_1
  • 来自: 成都
社区版块
存档分类
最新评论

How To Safely Store A Password

 
阅读更多
原文地址:http://codahale.com/how-to-safely-store-a-password/
Use bcrypt

Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?

These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

And that's without investing anything.

If you're willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you'll be cracking those passwords at the rate of more than one per second.

Salts Will Not Help You

It's important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts or many salts or hand-harvested, shade-grown, organic Himalayan pink salt. It doesn't affect how fast an attacker can try a candidate password, given the hash and the salt from your database.

Salt or no, if you're using a general-purpose hash function designed for speed you're well and truly effed.

bcrypt Solves These Problems

How? Basically, it's slow as hell. It uses a variant of the Blowfish encryption algorithm's keying schedule, and introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore's law. As computers get faster you can increase the work factor and the hash will get slower.

How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.

So we're talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.

tl;dr

Use bcrypt.

Updated February 24th, 2011

I've been getting pretty regular emails about this article for the past year, and I figured I'd address some of the concerns here rather than have the same conversations over and over again.

Isn't bcrypt just Blowfish? Where do you store the password?

Please read the Provos & Mazières paper. bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm.

You said salts aren't helpful, but what about rainbow tables? Why would you suggest people not use salts?

As the Provos & Mazières paper describes, bcrypt has salts built-in to prevent rainbow table attacks. So I'm not saying salts are without purpose, I'm saying that they don't prevent dictionary or brute force attacks (which they don't).

Rainbow tables, despite their recent popularity as a subject of blog posts, have not aged gracefully. CUDA/OpenCL implementations of password crackers can leverage the massive amount of parallelism available in GPUs, peaking at billions of candidate passwords a second. You can literally test all lowercase, alphabetic passwords which are ≤7 characters in less than 2 seconds. And you can now rent the hardware which makes this possible to the tune of less than $3/hour. For about $300/hour, you could crack around 500,000,000,000 candidate passwords a second.

Given this massive shift in the economics of cryptographic attacks, it simply doesn't make sense for anyone to waste terabytes of disk space in the hope that their victim didn't use a salt. It's a lot easier to just crack the passwords. Even a "good" hashing scheme of SHA256(salt + password) is still completely vulnerable these cheap and effective attacks, thus the importance of an adaptive hashing algorithm like bcrypt.
分享到:
评论

相关推荐

    Sharing.Big.Data.Safely.Managing.Data.Security.1491952121.epub

    But how do you lock down data while granting access to people who need to see it? In this practical book, authors Ted Dunning and Ellen Friedman offer two novel and practical solutions that you can ...

    USB Safely Remove v6.1.5 USB安全删除(简体中文)+破解

    Safely Remove is a system utility designed for quick and safely stopping USB Flash Drives connected to your computer. With this utility you can safely stop and remove USB Flash Drives much faster ...

    Database-systems

    how to efficiently store and retrieve data programatically. ... how to optimize big-data computations. ... how to use index structures to accelerate computations. ... how to safely and efficiently ...

    USB Safely Remove 5.3.x KeyGen

    USB Safely Remove是一个可以将USB设备安全删除的辅助工具,对于频繁添加或者移除USB设备的用户非常有用,能够有效帮助您解决无法删除USB设备的困扰。USB Safely Remove加入了一个堪称“杀手级”的功能──招回装置...

    USB_Safely_Remove

    USB_Safely_Remove是一款专为了解决USB设备安全移除问题而设计的软件。在日常使用USB设备(如U盘、移动硬盘等)时,我们可能会遇到无法正常卸载的问题,这时USB_Safely_Remove就能派上用场。它提供了一种更安全、更...

    【世界卫生组织-2024研报】Steps to achieve universal access to safely.pdf

    行业研究报告、行业调查报告、研报

    UE(官方下载)

    This power tip demonstrates how to calculate the sum from a column of numeric data. Column mode How to use the features of UltraEdit's powerful column mode Advanced and column-based sort How to sort ...

    USB.Safely.Remove.安全移除工具

    USB Safely Remove 是一个增强型USB移动设备安全移除工具,比Windows自带的USB设备删除工具功能更强大使用更方便,USB Safely Remove 可以以不同的名称及图标显示多个移动设备,支持自定义隐藏任意USB移动设备,更...

    practical-test-driven-development-c#7

    Chapter 13, Unraveling a Mess, dives into how to go about safely modifying a legacy application that wasn't written with testing in mind. How can you add tests to minimize the potential for ...

    Robot.Programming.A.Guide.to.Controlling.Autonomous.Robots

    Program robots safely using S.A.R.A.A. (Safe Autonomous Robot Application Architecture) Approach Program robots using Arduino C/C++ and Java languages Use robot programming techniques with LEGO® ...

    SoapUI 5.1.2 crack

    Learn how to safely secure them all. LEARN MORE API Mocking A properly designed, built and tested API can take valuable resources from your business. Save time and money with virtualization. LEARN ...

    USB Safely Remove(破解版)

    USB Safely Remove v4.14版 让你轻松卸载usb硬盘

    Pro Spring MVC With Web Flow

    You'll also learn how to correctly and safely extend the frameworks to create customized solutions. This bookis for anyone who wishes to write robust, modern, and useful web applications with the ...

    USB Safely Remove 6.4.2.1298.zip

    USB Safely Remove Portable是一款用于毫不费力地快速断开任何可移动设备的工具。它不仅能节省时间,还能确保在拔掉设备时,所有数据都保留在设备上。Safely Remove是一个系统工具,旨在快速和安全地停止连接到您的...

    APPLIED NUMERICAL METHODS USING MATLAB.pdf

    go and how to drive a car to get to their destinations, most users only have to know how to define the problems they want to solve using MATLAB and how to use the corresponding routines to solve their...

    Securing-Optimizing-Linux-The-Hacking-Solution-v3.0.pdf

    The book provides through its 47 chapters, a comprehensive collection of Linux security products and explains in the most simple and structured manner how to safely and easily configure and run many ...

Global site tag (gtag.js) - Google Analytics