问题描述

在10月2日，NIST决定SHA-3是新的标准散列算法。

On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm.

MD5用户是否开始迁移到SHA-3？去别的东西（见下面为什么不推荐SHA-3）？ bcrypt？

Should MD5 users start migrating to SHA-3? To something else (see below why SHA-3 is not recommended)? bcrypt?

而且这真的很重要吗？即使您的密码是咸的？

And, is this really critical? Even if your password is salted?

推荐答案

不使用MD5的哈希密码的主要原因是不是MD5严重受损或甚至被认为是破坏的事实。

The main reason not to use MD5 for hashing passwords is not the fact that MD5 is severely compromised or even considered broken.

这是真的，。所有8个字符长的字母数字字符的组合可以在大约8.5小时内强制强制，无论是否使用盐。

No, the main reason not to use MD5 is because MD5 is too fast. With a todays affordable computer you can generate and test 7190M MD5 hashes per second. All 8 characters long combinations of alphanumeric characters can be brute-forced in about 8.5 hours, no matter whether with or without salt.

与之相反，使用散列函数像$ code> bcrypt $ 2a $ 一个只能生成和测试每秒4085个哈希值，所以MD5数量只有0.00005682％的哈希值。使用 bcrypt $ 2a $ 您将需要1694年的同样的尝试。

In contrast to that, with the hash function like bcrypt $2a$ one can only generate and test 4085 hashes per second, so only 0.00005682 % of the number of MD5 hashes. With bcrypt $2a$ you would need 1694 years for the same attempt.

这篇关于我使用MD5哈希密码。什么时候应该跳到下一件事？ SHA-3？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！