问题描述
我一直在与这位安全人员进行讨论。他可能是我能为我的新项目买得起的最多钱。无论如何,这是一项保存敏感数据(密码,PIN码)的服务,可以通过电话向用户请求。用户有一个密码(4位数字),用于访问敏感数据。安全人员告诉我,他会使用MD5来散列用于访问敏感数据的密码。这里的讨论开始了,正如我认为的那样,并且非常确定,MD5由于已经被破解/碰撞而导致太脆弱了。散列法应该用来散列保护敏感信息的密码吗?我有一种感觉,这项服务可能会成为黑客的高价值目标,所以我真的很担心。我开始担心整体质量,特别是安全人员要提供的服务安全性,但不知道在哪里寻找其他人。
我在这里看到一些问题。如果一个四位密码是阻止访问您的超级敏感数据,那么您遇到了麻烦。我希望还有其他的安全措施,因为手动强制10,000组合是微不足道的,更不用说某种脚本。
第二,我是不知道你明白哈希密码的重点。我怀疑你会从10,000种可能性中获得散列冲突,但当密码被强制使用时,这基本上是无关紧要的。所有你正在完成的是一些有读权限的人对数据库的混淆。第三,密码散列算法的需求与其他需求不同哈希算法。你需要的算法很慢,通常意味着不得不重复运行它,并且你需要在那里有盐,以便密码不能从查找表派生。据说,河豚不错。我发现PostgreSQL的文档有一个很好的解释。I've been in discussion with this security guy. He's probably the most I can afford for my new project. Anyways, it is a service that saves sensitive data (Password, PINs) that can be requested by the user via phone. The user has a password (4 digits) which he uses to access the sensitive data. The security guy told me he would use MD5 to hash the password that is used to access the sensitive data. Here the discussion started, as I thought, and am quite sure, that MD5 is too vulnerable since it has been cracked/collisions have been caused.
What hashing method should be used to hash passwords that protect sensitive information? I have a feeling that this service might become a high value target for hackers, so I'm really worried about it. I'm starting to worry about the overal quality, and especcialy security of services the security guy is going to deliver, but have no idea where to find others.
I see a number of problems here.
First, if a four-digit passcode is all that is preventing access to your uber-sensitive data, you're in trouble. I hope that there are other security measures in place, since brute-forcing 10,000 combinations by hand is trivial, much less with some kind of script.
Second, I'm not sure you understand the point of hashing the passwords. I doubt you will get a hash collision just from 10,000 possibilities, but that is basically irrelevant when the passwords can be brute-forced. All you are accomplishing is a little bit of obfuscation from someone with read access to the database.
Third, the needs of a password hashing algorithm are different than the needs of other hashing algorithms. You need the algorithm to be slow, which usually means having to run it repeatedly, and you need for there to be salt so that the password cannot be derived from a lookup table. Supposedly, Blowfish isn't bad. I find the pgcrypto docs from PostgreSQL have a pretty good explanation.
这篇关于散列用MD5保护敏感数据的密码是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!