问题
just looking for some advise. I have a website with around 2500 users - small but growing. I built it with using SHA1 encryption on the passwords. I've since read the SHA1 is insecure and would like to change to say SHA256 with a Salt.
Does anyone have any advice on how to make a transition like this? Would be great if I could decrypt the passwords and just re-hash them but it doesn't appear doing able.
thx Adam
回答1:
The usual way of going about this is this:
- Make the hashed-password column larger to accommodate a sha256 hash, and add a 'salt' column
- Set the salt field to NULL initially, and adjust your password-check code so that a NULL salt means sha1, and non-NULL means sha256
- Once a sha1-use has logged in successfully, re-hash the password to sha256 with salt, and update the database.
Over time, users will migrate to sha256 by themselves; the only problem are users who log in only very sporadically or not at all. For these, you may want to send a reminder e-mail, or even threaten to shut their account down if they don't log in before day X (don't give the actual reason though...)
回答2:
Just to clarify, SHA is a hashing algorithm, which is (generally) a one way street. You can't decrypt hashes, which is kind of the strength of using them to authenticate passwords. You're on the right track with moving to a salted hash, and here's how I would do it.
The only way you're getting passwords is to let the user type it in themselves. As users visit your site and log in, update the passwords one by one. In your authentication method, I would perform the hash you're doing now, and compare it against what's in the existing field (nothing new here). Assuming it matches, go ahead and salt / re-hash using SHA256, and update the password field in the database. If you want, keep a bit in your user table tracking which users have been updated.
I'm making a lot of assumptions, but this is how I've solved the hash algorithm dance in the past. Good luck!
回答3:
I have another suggestion to migrate your password hash from SHA1 to SHA256 immediately without waiting for user to visit the site again to rehash the password. The change will be one time password hash migration and change to your logon validation function.
Suppose your password hash are generated using the function: password + salt [Sha1]-> Hash-sha1
To migrate to Sha256, you may convert your password hash using the following algorithm:
Hash-sha1 + salt [Sha256]-> Hash-sha256 (The salt is used to increase the complexity of input.)
Depending on the acceptable value of your sha256 function, you can consider to encode the Hash-sha1 to base64 for printable ascii.
For your logon validation function, the password should be hashed using the following algorithm:
Password + salt [sha1] -> hash-sha1 + salt [sha 256] -> hash-sha256
The disadvantage is hashed twice (use some CPU time) but simplify the migration and better security.
回答4:
Switching to SHA256 will hardly make your website more secure.
SHA1 and SH512 are message digests, they were never meant to be password-hashing (or key-derivation) functions. (Although a message digest could be used a building block for a KDF, such as in PBKDF2 with HMAC-SHA1.)
A password-hashing function should defend against dictionary attacks and rainbow tables.
Currently, the only standard (as in sanctioned by NIST) password-hashing or key-derivation function is PBKDF2. Better choices, if using a standard is not required, are bcrypt and the newer scrypt. Wikipedia has pages for all three functions:
- https://en.wikipedia.org/wiki/PBKDF2
- https://en.wikipedia.org/wiki/Bcrypt
- https://en.wikipedia.org/wiki/Scrypt
The page at https://crackstation.net/hashing-security.htm contains an extensive discussion of password security.
This being said, tdhammers offers good advice regarding how to handle the migration.
来源:https://stackoverflow.com/questions/6971316/want-to-convert-a-website-password-encryption-from-sha1-to-sha256