本文介绍了如何持续保持与本年度硬件相关的bcrypt轮次?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我看到一个建议,即考虑到摩尔定律,将回合数设置为($currentYear - 2000),这样2013年将是13次回合,因此是2^13次总迭代.当然,您需要考虑自己的硬件,以确保它不会花费太长时间(我看到1 second建议将其作为安全"来检查密码/哈希值,并且在当前硬件上该标记周围有13个回合)

I saw a recommendation that the number of rounds be set to ($currentYear - 2000) to account for Moore's law, so that 2013 would be 13 rounds and therefore 2^13 total iterations. Of course, you need to take into account your own hardware to ensure it doesn't take too long (I saw 1 second recommended as "safe" for checking passwords/hashes, and 13 rounds falls around that mark on my current hardware).

对于社交网络类型的网站来说,这听起来合理吗?还是我将来会使用($currentYear - 2000)将自己设置为非常缓慢的密码检查?

Does that sound reasonable for a social networking type of site? Or would I be setting myself up for very slow password checking in the future by using ($currentYear - 2000)?

此外,您如何处理将轮数从一年更改为下一年?不会更改轮数来更改哈希,因此不允许您从2014年开始检查2013年的哈希,因为该检查会使用额外的一轮?您是否必须每年重新计算每个哈希,或者它将如何精确地工作?

Also, how do you deal with changing the number of rounds from one year to the next? Won't changing the number of rounds change the hashes, therefore not allowing you to check hashes from 2013 in 2014 since the check would use an extra round? Would you have to re-calculate every single hash each year, or how would it work exactly?

推荐答案

首先,我质疑该建议(根据年度调整成本).费用应基于您的硬件速度,而不是当前日期.如果您从现在到2015年之间不升级服务器,则没有理由增加成本.您要做的只是减慢已经很慢的过程.

First off, I question that recommendation (adjusting cost based on year). The cost should be based on how fast your hardware is, not the current date. If you don't upgrade your server between now and 2015, there's no reason to increase the cost. All you do is slow an already slow process.

话虽如此,我也对大多数用法的1秒建议提出质疑.如果您要处理高度敏感的信息,则可以等待1秒(或更长).但是对于一般的网站,我通常建议在0.25到0.5秒之间.在某些情况下,您可以降低价格,但我会没有强有力的理由.

With that said, I also question the recommendation of 1 second for most usages. If you're dealing with highly sensitive information, 1 second (or perhaps longer) is ok. But for the average website, I typically recommend between 0.25 and 0.5 seconds. In some cases you can go lower, but I wouldn't without strong justification.

现在,问问题本身.当您使用 crypt() password_hash() ,迭代计数以返回哈希格式存储.实际上,盐也是如此.因此,计算哈希所需的所有信息都包含在其中!

Now, to the question itself. When you use crypt() or password_hash(), the iteration count is stored in the return hash format. In fact, the salt is as well. So all information needed to compute the hash is included in it!

如果您不使用这些API中的任何一个(或我维护的polyfill): password-compat ),那么我真的很想知道为什么你不是.不要发明自己的密码加密货币.除非您有充分的理由(出于某些政府合规性原因,或者与PHP

And if you're not using either of those API's (or the polyfill that I maintain: password-compat), then I really have to wonder why you aren't. Don't invent your own password crypto. Don't use libraries that use native hashes (like phpass) unless you have a strong reason to (for certain governmental compliance reasons, or compatibility with PHP <= 5.2).

通常认为bcrypt是当今最强大的哈希格式. SCrypt更加强大,但是存在一些问题,它仍然是非常新的(并且在PHP核心中尚不可用).因此,只需使用bcrypt ...

It is generally considered that bcrypt is the strongest hash format today. SCrypt is stronger, but there are some issues with it, and it is still very new (and it's not available in PHP core yet). So just use bcrypt...

password_hash() api具有一种机制,可让您执行您要问的事情: password_needs_rehash() .基本上,您传递哈希值以及今天使用的选项,它会告诉您是否需要重新哈希值:

The password_hash() api has a mechanism for you to do what you're asking: password_needs_rehash(). Basically, you pass in the hash, and the options you use today, and it tells you if you need to rehash it:

if (password_verify($password, $hash)) {
    if (password_needs_rehash($hash, PASSWORD_BCRYPT, ['cost' => 14])) {
        $hash = password_hash($password);
        update_password_in_database($hash);
    }
    $loggedin = true;
}

阅读 RFC的password_hash()以获得更多信息(我从大量资源,并且在RFC中包括了引用.)

Read the RFC for password_hash() for more information about it (I collected data from a large number of sources, and included references in the RFC).

排序正确.好吧,是的,但是错过了我上面所说的重点.

Sort-of true. Well, true, but misses the point of what I was talking about above.

散列函数的成本参数是费时的折衷.您需要权衡一些时间,以增加每个哈希的工作量.在相同的硬件上,花费更多的时间将产生更多的工作.产生更多工作的另一种方法是获得更快的硬件.

The cost parameter of the hash function is a time-effort tradeoff. You trade-off some time to add additional effort to each hash. On the same hardware, taking more time will yield more work. The other way to yield more work is to get faster hardware.

但是建议您在当前的硬件上测试哈希函数,并使其尽可能合理地昂贵.如果您今天能承受的最大时间是0.5秒,那么除非您升级服务器硬件,否则增加的成本将如何为您提供帮助?简而言之,这不是因为您将打破已经确定的重要时间限制.

But the recommendation is to test the hash function on your current hardware, and make it as expensive as you can reasonably make it. If 0.5 seconds is the maximum that you can afford today, unless you upgrade your server hardware, how is increasing the cost going to help you? In short, it won't because you'll break the maximum time limit you've already determined is important.

因此,除非您已经产生了较弱的哈希值,否则就不能在不增加服务器功能的情况下增加工作参数.

So you can't increase the work parameter without also increasing the server's capabilities, unless you already were producing weak hashes.

此外,请查看有关此问题的答案主题

这篇关于如何持续保持与本年度硬件相关的bcrypt轮次?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 03:25
查看更多