问题描述
我一直在阅读关于Gawker事件的文章,并且仅仅使用实现。
我可以就使用PBKDF2与Bcrypt以及是否应该实施更改提出意见吗?
你对PBKDF2很好,不需要跳到bcrypt。
尽管建议使用1000次迭代在2000年,现在你想要更多。
另外,使用bcrypt时应该多加小心:
也就是说,还有 scrypt
如果没有上面提到的scrypt表中的表格,任何比较都是不完整的:
使用PBKDF2-HMAC-SHA256的迭代计数为86,000和4,300,000。
I've been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is secure enough to avoid switching to another method. In my current application I have opted for a PBKDF2 implementation utilising sha2-512 and a minimum of 1000 iterations.
Can I ask for opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change?
You're good with PBKDF2, no need to jump to bcrypt.
Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.
Also, you should take more care when using bcrypt:
That said, there's also scrypt.
Any comparisons would be incomplete without the table from the scrypt paper mentioned above:
Iteration counts for PBKDF2-HMAC-SHA256 used there are 86,000 and 4,300,000.
这篇关于密码加密:PBKDF2(使用sha512 x 1000)与Bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!