我一直在阅读有关 Gawker 事件的文章,并且出现了几篇关于仅使用 bcrypt 的文章。散列密码,我想确保我的散列机制足够安全以避免切换到另一种方法。在我目前的申请中,我选择了 PBKDF2使用 sha2-512 和最少 1000 次迭代的实现。
我可以就使用 PBKDF2 与 Bcrypt 以及我是否应该实现更改征求意见吗?
最佳答案
你很擅长 PBKDF2,不需要跳到 bcrypt。
虽然使用 1000 次迭代的建议是在 2000 年提出的,但现在您想要更多。
另外,在使用 bcrypt 时应该更加小心:
It is also worth noting that while bcrypt is stronger than PBKDF2 for most types of passwords, it falls behind for long passphrases; this results from bcrypt’s inability to use more than the first 55 characters of a passphrase While our estimated costs and NIST’s . estimates of passphrase entropy suggest that bcrypt’s 55-character limitation is not likely to cause problems at the present time, implementors of systems which rely on bcrypt might be well-advised to either work around this limitation (e.g., by “prehashing” a passphrase to make it fit into the 55-character limit) or to take steps to prevent users from placing too much password entropy in the 56th and subsequent characters (e.g., by asking users of a website to type their password into an input box which only has space for 55 characters).
From scrypt paper [PDF]
也就是说,还有 scrypt .
如果没有上述 scrypt 论文中的表格,任何比较都是不完整的:
使用的 PBKDF2-HMAC-SHA256 的迭代计数为 86,000 和 4,300,000。
关于passwords - 密码散列 : PBKDF2 (using sha512 x 1000) vs Bcrypt,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4433216/