pbkdf2

问题 I am trying to learn to use PBKDF2 hash functions for storing passwords in the database. I have a rough draft of the procedure that I'll be using to generate the hashed function. But while I am creating the table in PL/SQL Developer which will hold the generated hashed password, what should I declare the data type for the encrypted password variable? It might be a lame question but I'm trying to learn online. It would be a huge help if I can get links for further study as well. thank you.

问题 I had to implement some new security features for an Existing Database. They used to hash passwords on the side of the client with a salt from the DB. They used this code to hash the passwords before sending them to the server: var hash = CryptoJS.PBKDF2(password, USER_SALT, { keySize: 4, iterations: 1000 }); Now as you can already guess, this is highly insecure, cause an attacker gets the PW as if it was sent in plain text if the user gets the Salt from the server and the hasing is done

问题 I want to convert my string to PBKDF2 with sha512 and iteration count. I did in nodejs by using "pbkdf2" module. how can i achieve the same in angular JS. 回答1: You can use built-in WebCryptographyApi with native support in all modern browsers (http://caniuse.com/#feat=cryptography) This in an example extracted (and modified) from here and here function deriveAKey(password, salt, iterations, hash) { // First, create a PBKDF2 "key" containing the password window.crypto.subtle.importKey( "raw",

问题 This question already has answers here : Making OpenSSL generate deterministic key (2 answers) Closed 3 months ago . I'm trying to program custom RSA key pair generation algorithm using OpenSSL. I've used the PKCS5_PBKDF2_HMAC_SHA1 function to generate PRNG seed, so, I've used this seed as RAND_seed input. Unfortunately every time I call RAND_bytes , with the same seed, I obtain different random numbers, but this isn't the expected behaviour, because as say the answer at How can one securely

问题 I need to be able to validate in node some password which were generated and stored using Symfony2 with sha512 encoding. I can retrieve the hash and the salt just fine but when using crypto I cannot manage to generate a hash using the salt which matches the one stored in the database. Symfony security.yml security: encoders: "FOS\UserBundle\Model\UserInterface": sha512 Hash stored in DB 6zxwRZc4EPXKxQes9avs0ZyCRFkC4dtpXrT983ML8VLvv9WhRnAi282bwuFuj3LHPQBGmqD1BfCLDUXGdHIjZQ== Salt stored in DB

问题 As there have been significant advances in the cryptoanalysis of SHA1 it's supposed to be phased out in favor of SHA2 (wikipedia). For use as underlying hash function in PBKDF2, however, it's basically used as a PRNG. As such it should be still secure to use SHA1 as hash for PBKDF2, right? 回答1: None of the currently known weaknesses on SHA-1 has any impact on its security when used in HMAC, a fortiori when used in PBKDF2. For that matter, MD5 would be fine too (but not MD4). However, SHA-1 is

问题 As there have been significant advances in the cryptoanalysis of SHA1 it's supposed to be phased out in favor of SHA2 (wikipedia). For use as underlying hash function in PBKDF2, however, it's basically used as a PRNG. As such it should be still secure to use SHA1 as hash for PBKDF2, right? 回答1: None of the currently known weaknesses on SHA-1 has any impact on its security when used in HMAC, a fortiori when used in PBKDF2. For that matter, MD5 would be fine too (but not MD4). However, SHA-1 is

问题 I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good

问题 What is the "best" solution these today? This seems a good option: https://defuse.ca/php-pbkdf2.htm But then how about upgrading to PHP5.5 and using this? http://php.net/manual/en/function.hash-pbkdf2.php Curious as to why the PHP site states: Caution The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt(). For PHP versions

问题 I'm attempting to use OpenSSL's PKCS5_PBKDF2_HMAC_SHA1 method. I gather that it returns 0 if it succeeds, and some other value otherwise. My question is, what does a non-zero return value mean? Memory error? Usage error? How should my program handle it (retry, quit?)? Edit: A corollary question is, is there any way to figure this out besides reverse-engineering the method itself? 回答1: is there any way to figure this out besides reverse-engineering the method itself? PKCS5_PBKDF2_HMAC_SHA1