本文介绍了为什么我们使用“盐”确保我们的密码？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

解决方案彩色表的计算价格昂贵。没有盐，你可以建立一个可以重复使用的彩虹表，因为密码密码将始终产生相同的哈希（md5 = 5f4dcc3b5aa765d61d8327deb882cf99，sha1 = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8），因此在密码数据库中很容易识别。 / p>

使用盐，您必须为每个遇到的盐计算彩虹表。一个大小合适的盐，比如32位（理想的是128或甚至更多），这意味着你必须为每一个你想要破解的密码计算一个彩虹表，从而大大地打败了它的目的。

i was reading this tutorial, and i encountered the following discussion about encryption. At the end there's written

But in my opinion an hacker who has both the encrypted_password and the salt could do the "rainbow" trick exactly as if we were using the salt.

So, where i'm wrong?

Thanks!

Rainbow tables are expensive to compute. Without the salt, you can build a rainbow table once that can be used repeatedly, since the password "password" will always yield the same hash (md5=5f4dcc3b5aa765d61d8327deb882cf99, sha1=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8) and is thus easy to identify in a password database.

With a salt, you have to compute a rainbow table for each salt you encounter. A good-sized salt, say 32 bits (ideally, 128 or even more), means you have to compute a rainbow table for every password you want to crack, thus largely defeating its purpose.

这篇关于为什么我们使用“盐”确保我们的密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！