使用mcrypt_create_iv创建salt?
我目前正在学习散列+盐析是如何工作的,我目前正在PHP上使用此代码来生成'盐'
function calculateSalt(){
$iv = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
return $iv;
}
理论上,这应该为我的密码散列提供良好的盐。当我将它应用到我的测试密码的小型数据库时,它似乎看起来非常安全和独特,虽然这是一个非常少量的测试密码我想知道如果这是一种可接受的方式来生成一个好的,独特的盐或如果mcrypt_create_iv是不好的做法。据我所知,它的主要目的不是用于腌制,但如果我用它是为了这个目的会不好?
请注意,此数据库不是公共密码,只是测试用例。这是使用上述技术的盐+哈希。
4 个答案:
答案 0 :(得分:3)
虽然mcrypt_create_iv()在技术上意味着为对称加密创建初始化向量,但它也可用于生成随机盐。
但是,对于密码,您应该使用密码散列函数:
$hash = password_hash('my difficult password');
它在内部使用crypt(),并且根据平台,将直接从/dev/urandom读取,或者如果没有提供,则使用php_win32_get_random_bytes()生成盐。
存储方面的一个优点是散列和盐都存储在一个不透明的字符串中。
另请参阅:password_hash()
答案 1 :(得分:1)
我会给你一份我的RandomBytes函数。它使用系统上可用的最随机源。
$ count是你想要的字节数。
$ base64为true,输出base64,false为输出二进制字符串。
$ sessionIdSafe用于修改base64,使其在PHP中用作sessionid仍然有效。它将base64字符集从A-Za-z0-9 + /更改为A-Za-z0-9, - ,并从字符串末尾删除任何'='填充字符。
function randomBytes($count, $base64 = false, $sessionIdSafe = false)
{
$bytes = '';
if(is_readable('/dev/urandom') && ($urandom = fopen('/dev/urandom', 'rb')) !== false)
{
$bytes = fread($urandom, $count);
fclose($urandom);
}
if((strlen($bytes) < $count) && function_exists('mcrypt_create_iv'))
{
// Use MCRYPT_RAND on Windows hosts with PHP < 5.3.7, otherwise use MCRYPT_DEV_URANDOM
// (http://bugs.php.net/55169).
$flag = (version_compare(PHP_VERSION, '5.3.7', '<') && strncasecmp(PHP_OS, 'WIN', 3) == 0) ? MCRYPT_RAND : MCRYPT_DEV_URANDOM ;
$bytes = mcrypt_create_iv($count,$flag);
}
if((strlen($bytes) < $count) && function_exists('openssl_random_pseudo_bytes'))
{
$bytes = openssl_random_pseudo_bytes($count);
}
if ((strlen($bytes) < $count) && class_exists('COM'))
{
// Officially deprecated in Windows 7
// http://msdn.microsoft.com/en-us/library/aa388182%28v=vs.85%29.aspx
try
{
/** @noinspection PhpUndefinedClassInspection */
$CAPI_Util = new COM('CAPICOM.Utilities.1');
if(is_callable(array($CAPI_Util,'GetRandom')))
{
/** @noinspection PhpUndefinedMethodInspection */
$bytes = $CAPI_Util->GetRandom(16,0);
$bytes = base64_decode($bytes);
}
}
catch (Exception $e)
{
}
}
if (strlen($bytes) < $count)
{
mt_srand(microtime(true)*1000000);
$bytes = '';
$random_state = microtime();
if (function_exists('getmypid'))
$random_state .= getmypid();
// for every 16 bytes that we need
for ($i = 0; $i < $count; $i += 16)
{
// generate 16 bytes at a time in hexadecimal
$random_state =
md5(microtime() . $random_state . mt_rand());
// convert the hex into binary. using pack so that the code is backwards
// compatible with pre php-5 since md5(data,raw) is only available in 5
$bytes .=
pack('H*', md5($random_state));
}
$bytes = substr($bytes, 0, $count);
}
if ($base64)
{
$result = base64_encode($bytes);
if($sessionIdSafe)
{
$result = str_replace(array('+','/','='),array('-',','),$result);
}
return $result;
}
else
{
return $bytes;
}
}
答案 2 :(得分:0)
我会评论@ Jack的答案,如果我有足够的代表,但我不这样......按照他的回答你可以看Password Compat生成使用密码的密码_ *正在为PHP 5.5工作的函数。
答案 3 :(得分:0)
如果您正在实施自己的用户登录系统,那么非常重要遵循既定的指导方针,而不是尝试重新发明关于加密的轮子 。这里有关于如何进行密码哈希和盐析的good article。
它还附带以下PHP示例: (我会在original source发生故障时将其复制到此处。)
<?php
/*
* Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
* Copyright (c) 2013, Taylor Hornby
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
// These constants may be changed without breaking existing hashes.
define("PBKDF2_HASH_ALGORITHM", "sha256");
define("PBKDF2_ITERATIONS", 1000);
define("PBKDF2_SALT_BYTE_SIZE", 24);
define("PBKDF2_HASH_BYTE_SIZE", 24);
define("HASH_SECTIONS", 4);
define("HASH_ALGORITHM_INDEX", 0);
define("HASH_ITERATION_INDEX", 1);
define("HASH_SALT_INDEX", 2);
define("HASH_PBKDF2_INDEX", 3);
function create_hash($password)
{
// format: algorithm:iterations:salt:hash
$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM));
return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .
base64_encode(pbkdf2(
PBKDF2_HASH_ALGORITHM,
$password,
$salt,
PBKDF2_ITERATIONS,
PBKDF2_HASH_BYTE_SIZE,
true
));
}
function validate_password($password, $correct_hash)
{
$params = explode(":", $correct_hash);
if(count($params) < HASH_SECTIONS)
return false;
$pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);
return slow_equals(
$pbkdf2,
pbkdf2(
$params[HASH_ALGORITHM_INDEX],
$password,
$params[HASH_SALT_INDEX],
(int)$params[HASH_ITERATION_INDEX],
strlen($pbkdf2),
true
)
);
}
// Compares two strings $a and $b in length-constant time.
function slow_equals($a, $b)
{
$diff = strlen($a) ^ strlen($b);
for($i = 0; $i < strlen($a) && $i < strlen($b); $i++)
{
$diff |= ord($a[$i]) ^ ord($b[$i]);
}
return $diff === 0;
}
/*
* PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
* $algorithm - The hash algorithm to use. Recommended: SHA256
* $password - The password.
* $salt - A salt that is unique to the password.
* $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
* $key_length - The length of the derived key in bytes.
* $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
* Returns: A $key_length-byte key derived from the password and salt.
*
* Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
*
* This implementation of PBKDF2 was originally created by https://defuse.ca
* With improvements by http://www.variations-of-shadow.com
*/
function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if(!in_array($algorithm, hash_algos(), true))
trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
if($count <= 0 || $key_length <= 0)
trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
if (function_exists("hash_pbkdf2")) {
// The output length is in NIBBLES (4-bits) if $raw_output is false!
if (!$raw_output) {
$key_length = $key_length * 2;
}
return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for($i = 1; $i <= $block_count; $i++) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack("N", $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; $j++) {
$xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
}
$output .= $xorsum;
}
if($raw_output)
return substr($output, 0, $key_length);
else
return bin2hex(substr($output, 0, $key_length));
}
?>
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?