\u5c08\u70ba\u5bc6\u78bc\u5132\u5b58\u548c\u91d1\u9470\u884d\u751f\u8a2d\u8a08\u7684\u5bc6\u78bc\u96dc\u6e4a\u51fd\u6578\uff08Password Hashing Functions\uff09\uff0c\u5b83\u5011\u6bd4\u901a\u7528\u96dc\u6e4a\u51fd\u6578\uff08\u5982 SHA-256\uff09\u66f4\u9069\u5408\u4fdd\u8b77\u5bc6\u78bc\uff0c\u56e0\u70ba\u5b83\u5011\u5167\u5efa\u9e7d\u503c\uff08Salt\uff09\u3001\u6162\u901f\u8a08\u7b97\uff08\u6297\u66b4\u529b\u7834\u89e3\uff09\u548c\u90e8\u5206\u5177\u8a18\u61b6\u9ad4\u5bc6\u96c6\u7279\u6027\uff08\u6297\u786c\u9ad4\u653b\u64ca\uff09\u3002\u5e38\u898b\u7684\u6709 Bcrypt\u3001PBKDF2 \u3001Scrypt\u3001Argon2 <\/p>\n\n\n\n
<\/p>\n\n\n\n
\u4ecb\u7d39<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u7528\u9014<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u683c\u5f0f\u8aaa\u660e<\/strong>\uff1a<\/p>\n\n\n\n bcrypt \u7684\u54c8\u5e0c\u8f38\u51fa\u9075\u5faa\u6a21\u7d44\u5316\u5bc6\u78bc\u683c\u5f0f\uff08Modular Crypt Format\uff09 <\/p>\n\n\n\n \u7d50\u69cb\uff1a <\/p>\n\n\n\n \u7bc4\u4f8b<\/strong>\uff1a <\/p>\n\n\n\n \u512a\u7f3a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n \u5de5\u5177<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u4ecb\u7d39<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u7528\u9014<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u683c\u5f0f\u8aaa\u660e<\/strong>\uff1a<\/p>\n\n\n\n PBKDF2 \u672c\u8eab\u4e0d\u5b9a\u7fa9\u6a19\u6e96\u7684\u5b57\u7b26\u4e32\u683c\u5f0f\uff0c\u8f38\u51fa\u901a\u5e38\u662f\u539f\u59cb\u4e8c\u9032\u4f4d\u6578\u64da\u6216\u5341\u516d\u9032\u4f4d\u7de8\u78bc\u3002\u5e38\u898b\u61c9\u7528\u4e2d\uff0c\u6703\u5c07\u9e7d\u503c\u3001\u8fed\u4ee3\u6b21\u6578\u548c\u54c8\u5e0c\u503c\u4e00\u8d77\u5b58\u5132\uff0c\u683c\u5f0f\u7531\u5be6\u73fe\u6c7a\u5b9a\u3002 <\/p>\n\n\n\n \u7d50\u69cb\uff1a <\/p>\n\n\n\n \u7bc4\u4f8b<\/strong>\uff08\u81ea\u5b9a\u7fa9\u683c\u5f0f\uff09\uff1a <\/p>\n\n\n\n <\/p>\n\n\n\n \u512a\u7f3a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u4ecb\u7d39<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u7528\u9014<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u683c\u5f0f\u8aaa\u660e<\/strong>\uff1a<\/p>\n\n\n\n scrypt \u6c92\u6709\u6a19\u6e96\u5316\u7684\u5b57\u7b26\u4e32\u683c\u5f0f\uff0c\u8f38\u51fa\u901a\u5e38\u662f\u4e8c\u9032\u4f4d\u6216\u5341\u516d\u9032\u4f4d\u6578\u64da\u3002\u61c9\u7528\u4e2d\u5e38\u81ea\u5b9a\u7fa9\u683c\u5f0f\uff0c\u5305\u542b\u7b97\u6cd5\u3001\u53c3\u6578\u3001\u9e7d\u503c\u548c\u54c8\u5e0c\u503c\u3002 <\/p>\n\n\n\n \u7d50\u69cb\uff1a <\/p>\n\n\n\n \u7bc4\u4f8b<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u512a\u7f3a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u4ecb\u7d39<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u7528\u9014<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u683c\u5f0f\u8aaa\u660e<\/strong><\/p>\n\n\n\n Argon2 \u9075\u5faa\u6a19\u6e96\u5316\u7684\u6a21\u7d44\u5316\u5bc6\u78bc\u683c\u5f0f <\/p>\n\n\n\n \u7d50\u69cb\uff1a <\/p>\n\n\n\n \u7bc4\u4f8b<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n \u512a\u7f3a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u4ecb\u7d39<\/strong>\uff1a \u7528\u9014<\/strong>\uff1a<\/p>\n\n\n\n \u683c\u5f0f\u8aaa\u660e<\/strong>\uff1a \u7d50\u69cb<\/strong>\uff08\u4ee5 WordPress \u7684 MD5 \u6a21\u5f0f\u70ba\u4f8b\uff09\uff1a \u7bc4\u4f8b<\/strong>\uff1a bcrypt \u6a21\u5f0f\uff08\u82e5\u74b0\u5883\u652f\u63f4\uff09<\/strong>\uff1a \u512a\u7f3a\u9ede<\/strong>\uff1a \u7f3a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n \u5de5\u5177<\/strong>\uff1a<\/p>\n\n\n\n hashcat\uff1aphpass \u7684 MD5 \u6a21\u5f0f\u5c0d\u61c9 hashcat \u7684 -m 400\uff0c\u800c bcrypt \u6a21\u5f0f\u5c0d\u61c9 -m 3200<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u9019\u7a2e\u683c\u5f0f\u5e38\u898b\u65bc\u65e9\u671f\u5167\u5bb9\u7ba1\u7406\u7cfb\u7d71\uff08\u5982 Joomla 1.x\uff09\u6216\u81ea\u5b9a\u7fa9\u61c9\u7528\u4e2d<\/p>\n\n\n\n \u7d50\u69cb<\/strong>\uff1aMD5(password + salt):salt<\/p>\n\n\n\n \u7bc4\u4f8b<\/strong>\uff1a23859aaca71e43048d19e39d4cfd91f4:0FVBITlx9gfL7xCs07bKagEaTFnvv3LN<\/p>\n\n\n\n \u5de5\u5177<\/strong>\uff1ahashcat -m 10<\/p>\n\n\n\n \u5176\u4ed6\u88dc\u5145<\/strong>\uff1a\u5176\u4ed6salt\u7d44\u5408\u7684\u9084\u6709md5($salt.$pass), md5(utf16le($pass).$salt), md5($salt.utf16le($pass)) \u7b49<\/p>\n","protected":false},"excerpt":{"rendered":" \u5c08\u70ba\u5bc6\u78bc\u5132\u5b58\u548c\u91d1\u9470\u884d\u751f\u7684\u5bc6\u78bc\u96dc\u6e4a\u51fd\u6578\uff0c\u5305\u62ec Bcrypt\u3001PBKDF2\u3001Scrypt \u548c Argon2\uff0c\u5404\u5177\u7279\u8272\u3002Bcrypt \u65e9\u671f\u8a2d\u8a08\uff0c\u7a69\u5b9a\u4f46\u6297\u786c\u9ad4\u653b\u64ca\u6709\u9650\uff1bPBKDF2 \u6a19\u6e96\u5316\uff0c\u9010\u6f38\u88ab Argon2 \u53d6\u4ee3\uff1bScrypt \u8a18\u61b6\u9ad4\u5bc6\u96c6\uff0c\u6297\u786c\u9ad4\u653b\u64ca\u5f37\uff1bArgon2 \u6700\u65b0\uff0c\u5b89\u5168\u6027\u6700\u9ad8\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[375],"tags":[],"class_list":["post-2447","post","type-post","status-publish","format-standard","hentry","category-cryptographic-fundamentals"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=2447"}],"version-history":[{"count":4,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2447\/revisions"}],"predecessor-version":[{"id":2504,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2447\/revisions\/2504"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=2447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=2447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=2447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
$2b$<cost>$<salt><hash><\/code><\/p>\n\n\n\n\n
\n
$2b$12$abcdefghijklmnopqrstuvwxz1234567890abcdefghijk<\/code><\/p>\n\n\n\n\n
\n
\n
\n\n\n\nPBKDF2\uff08Password-Based Key Derivation Function 2\uff09<\/strong><\/h2>\n\n\n\n
\n
\n
<algorithm>$<iterations>$<salt>$<hash><\/code><\/p>\n\n\n\n\n
pbkdf2-sha256$100000$4d0c7b9e8f2a3b4c5d6e7f8091a2b3c4$8c7b9e8f2a3b4c5d6e7f8091a2b3c4d5e6f7a8b9<\/code><\/p>\n\n\n\n\n
\n
\n\n\n\nScrypt<\/strong><\/h2>\n\n\n\n
\n
\n
scrypt$<N>$<r>$<p>$<salt>$<hash><\/code><\/p>\n\n\n\n\n
scrypt$16384$8$1$4d0c7b9e8f2a3b4c5d6e7f8091a2b3c4$8c7b9e8f2a3b4c5d6e7f8091a2b3c4d5<\/code><\/p>\n\n\n\n\n
\n
\n\n\n\nArgon2<\/strong><\/h2>\n\n\n\n
\n
\n
$<algorithm>$v=<version>$m=<memory>,t=<iterations>,p=<parallelism>$<salt>$<hash><\/code><\/p>\n\n\n\n\n
$argon2id$v=19$m=65536,t=3,p=4$4d0c7b9e8f2a3b4c5d6e7f80$8c7b9e8f2a3b4c5d6e7f8091a2b3c4d5<\/code><\/p>\n\n\n\n\n
\n
\n\n\n\n\u6bd4\u8f03\u8868\u683c<\/strong><\/h3>\n\n\n\n
\u7279\u6027<\/th> Bcrypt<\/th> PBKDF2<\/th> Scrypt<\/th> Argon2 (Argon2id)<\/th><\/tr><\/thead> \u8a2d\u8a08\u5e74\u4efd<\/strong><\/td> 1999<\/td> 2000<\/td> 2009<\/td> 2015<\/td><\/tr> \u57fa\u790e\u6f14\u7b97\u6cd5<\/strong><\/td> Blowfish<\/td> \u4efb\u610f\u96dc\u6e4a\uff08\u5982 SHA-256\uff09<\/td> Salsa20\/8<\/td> Keccak\uff08SHA-3 \u76f8\u95dc\uff09<\/td><\/tr> \u8a18\u61b6\u9ad4\u5bc6\u96c6<\/strong><\/td> \u5426\uff08\u4f4e\u8a18\u61b6\u9ad4\uff09<\/td> \u5426\uff08\u4f4e\u8a18\u61b6\u9ad4\uff09<\/td> \u662f\uff08\u53ef\u8abf\uff09<\/td> \u662f\uff08\u53ef\u8abf\uff09<\/td><\/tr> \u9e7d\u503c<\/strong><\/td> \u5167\u5efa\u96a8\u6a5f\u9e7d\u503c<\/td> \u652f\u63f4\u96a8\u6a5f\u9e7d\u503c<\/td> \u5167\u5efa\u96a8\u6a5f\u9e7d\u503c<\/td> \u5167\u5efa\u96a8\u6a5f\u9e7d\u503c<\/td><\/tr> \u8a08\u7b97\u901f\u5ea6<\/strong><\/td> \u6162\uff08\u53ef\u8abf\u5de5\u4f5c\u56e0\u5b50\uff09<\/td> \u6162\uff08\u53ef\u8abf\u8fed\u4ee3\u6b21\u6578\uff09<\/td> \u6162\uff08\u53ef\u8abf\u8a18\u61b6\u9ad4\/\u8fed\u4ee3\uff09<\/td> \u6162\uff08\u53ef\u8abf\u8a18\u61b6\u9ad4\/\u8fed\u4ee3\uff09<\/td><\/tr> \u5b89\u5168\u6027<\/strong><\/td> \u9ad8\uff08\u4f46\u6297\u786c\u9ad4\u653b\u64ca\u5f31\uff09<\/td> \u9ad8\uff08\u4f46\u6297\u786c\u9ad4\u653b\u64ca\u5f31\uff09<\/td> \u9ad8\uff08\u6297\u786c\u9ad4\u653b\u64ca\uff09<\/td> \u6700\u9ad8\uff08\u6297\u786c\u9ad4\u3001\u5074\u4fe1\u9053\uff09<\/td><\/tr> \u7528\u9014<\/strong><\/td> \u5bc6\u78bc\u5132\u5b58<\/td> \u5bc6\u78bc\u5132\u5b58\u3001\u91d1\u9470\u884d\u751f<\/td> \u5bc6\u78bc\u5132\u5b58\u3001\u91d1\u9470\u884d\u751f<\/td> \u5bc6\u78bc\u5132\u5b58\u3001\u91d1\u9470\u884d\u751f<\/td><\/tr> \u666e\u53ca\u5ea6<\/strong><\/td> \u5ee3\u6cdb<\/td> \u5ee3\u6cdb\uff08\u6a19\u6e96\u5316\u61c9\u7528\uff09<\/td> \u4e2d\u7b49\uff08\u52a0\u5bc6\u8ca8\u5e63\u5e38\u898b\uff09<\/td> \u65b0\u8208\uff0c\u9010\u6f38\u666e\u53ca<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n <\/h3>\n\n\n\n
phpass<\/h2>\n\n\n\n
phpass\uff08Portable PHP Password Hashing Framework\uff09\u662f\u7531 Openwall \u7684 Solar Designer \u65bc 2000 \u5e74\u4ee3\u521d\u958b\u767c\u7684 PHP \u5bc6\u78bc\u96dc\u6e4a\u6846\u67b6\uff0c\u65e8\u5728\u63d0\u4f9b\u5b89\u5168\u3001\u4fbf\u651c\u7684\u5bc6\u78bc\u5132\u5b58\u89e3\u6c7a\u65b9\u6848\u3002\u57fa\u65bc MD5<\/strong> \u6216 bcrypt<\/strong>\uff08\u8996\u74b0\u5883\u800c\u5b9a\uff09\u9032\u884c\u591a\u8f2a\u96dc\u6e4a\uff0c\u5ee3\u6cdb\u61c9\u7528\u65bc WordPress<\/strong> \u548c Joomla<\/strong> \u7b49 CMS \u7cfb\u7d71\uff0c\u7528\u65bc\u5b89\u5168\u5132\u5b58\u4f7f\u7528\u8005\u5bc6\u78bc\u3002<\/p>\n\n\n\n\n
phpass \u7684\u96dc\u6e4a\u8f38\u51fa\u9075\u5faa\u5176\u81ea\u5b9a\u7fa9\u683c\u5f0f\uff0c\u652f\u63f4\u591a\u7a2e\u6f14\u7b97\u6cd5\uff0c\u5e38\u7528\u683c\u5f0f\u70ba $P$<\/code>\uff08\u57fa\u65bc MD5\uff09\u6216 $H$<\/code>\uff0c\u82e5\u74b0\u5883\u652f\u63f4 bcrypt\uff0c\u5247\u4f7f\u7528 bcrypt \u7684\u6a21\u7d44\u5316\u5bc6\u78bc\u683c\u5f0f\uff08Modular Crypt Format\uff09\u3002<\/p>\n\n\n\n$P$B<salt><hash><\/code><\/p>\n\n\n\n\n
$P$<\/code>\uff1a\u8868\u793a\u4f7f\u7528 phpass \u6846\u67b6\u3002<\/li>\n\n\n\n$B<\/code>\uff1a\u8868\u793a\u57fa\u65bc MD5 \u6f14\u7b97\u6cd5\uff0c\u9810\u8a2d\u9032\u884c 8192 \u6b21\u8fed\u4ee3\u3002<\/li>\n\n\n\n<salt><\/code>\uff1a8 \u5b57\u5143\u96a8\u6a5f\u9e7d\u503c\uff08Base64 \u7de8\u78bc\uff0c\u4f7f\u7528 .\/A-Za-z0-9 \u5b57\u7b26\u96c6\uff09\u3002<\/li>\n\n\n\n<hash><\/code>\uff1a22 \u5b57\u5143\u96dc\u6e4a\u503c\uff0c\u5305\u542b\u5bc6\u78bc\u8207\u9e7d\u503c\u7684\u8a08\u7b97\u7d50\u679c\u3002<\/li>\n<\/ul>\n\n\n\n$P$Bsalt1234567890abcdef1234567890a<\/code><\/p>\n\n\n\n\n
salt1234<\/code>\uff088 \u5b57\u5143\uff09\u3002<\/li>\n\n\n\n567890abcdef1234567890a<\/code>\uff0822 \u5b57\u5143\uff09\u3002<\/li>\n<\/ul>\n\n\n\n
\u82e5\u4f3a\u670d\u5668\u652f\u63f4 bcrypt\uff0cphpass \u6703\u751f\u6210 bcrypt \u683c\u5f0f\u7684\u96dc\u6e4a\uff0c\u7d50\u69cb\u53c3\u8003\u4e0a\u8ff0 bcrypt\u8aaa\u660e<\/p>\n\n\n\n
\u512a\u9ede<\/strong>\uff1a<\/p>\n\n\n\n\n
\n
md5($pass.$salt)<\/h2>\n\n\n\n
\n