问题描述
我一直在阅读有关Gawker事件的信息,并且有几篇关于仅使用 bcrypt 散列密码,我想确保我的散列机制足够安全,可以避免切换到另一种方法.在我当前的应用程序中,我选择了使用sha2-512和最少1000次迭代的 PBKDF2 实现.
I've been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is secure enough to avoid switching to another method. In my current application I have opted for a PBKDF2 implementation utilising sha2-512 and a minimum of 1000 iterations.
我可以就使用PBKDF2和Bcrypt征求意见吗?是否应该实施更改?
Can I ask for opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change?
推荐答案
您对PBKDF2很好,无需跳转到bcrypt.
You're good with PBKDF2, no need to jump to bcrypt.
尽管在2000年提出了使用1000次迭代的建议,但现在您想要更多.
Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.
此外,使用bcrypt时应多加注意:
Also, you should take more care when using bcrypt:
也就是说,还有 scrypt
没有上述scrypt论文的表格,任何比较都是不完整的:
Any comparisons would be incomplete without the table from the scrypt paper mentioned above:
使用的PBKDF2-HMAC-SHA256的迭代计数为86,000和4,300,000.
Iteration counts for PBKDF2-HMAC-SHA256 used there are 86,000 and 4,300,000.
这篇关于密码哈希:PBKDF2(使用sha512 x 1000)与Bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!