\u55ae\u7d14\u7684\u96dc\u6e4a\u904b\u7b97\u5df2\u7121\u6cd5\u6709\u6548\u9632\u6b62\u5bc6\u78bc\u88ab\u7834\u89e3\uff0c\u900f\u904e\u4ee5\u4e0b\u6280\u5de7\u53ef\u4ee5\u6709\u6548\u62b5\u79a6\u5f69\u8679\u8868\u653b\u64ca\u3001\u5927\u898f\u6a21\u96e2\u7dda\u66b4\u529b\u7834\u89e3\uff0c\u4ee5\u53ca\u90e8\u5206\u8cc7\u6599\u5916\u6d29\u6240\u5e36\u4f86\u7684\u98a8\u96aa\u3002<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u5047\u8a2d\u4e00\u500b\u7db2\u7ad9\u5132\u5b58\u7528\u6236\u5bc6\u78bc\uff0c\u6bd4\u8f03\u4e0d\u52a0\u9e7d\u503c\u548c\u52a0\u9e7d\u503c\u7684\u6548\u679c\u3002<\/p>\n\n\n\n
user A\uff1aSHA-256(\"myPassword\") = 34819d7bee...<\/code><\/li>\n\n\n\nuser B\uff1aSHA-256(\"myPassword\") = 34819d7bee...<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n- \u8cc7\u6599\u5eab\u5132\u5b58\uff1a
user A: 34819d7bee... <\/code>
user B: 34819d7bee...<\/code><\/li>\n\n\n\n- \u98a8\u96aa<\/strong>\uff1a\n
\n- \u99ed\u5ba2\u7aca\u53d6\u8cc7\u6599\u5eab\uff0c\u770b\u5230\u76f8\u540c\u96dc\u6e4a\u503c\uff0c\u7acb\u5373\u77e5\u9053 A \u548c B \u5bc6\u78bc\u76f8\u540c\u3002<\/li>\n\n\n\n
- \u99ed\u5ba2\u7528\u5f69\u8679\u8868\u67e5 34819d7bee…\uff0c\u627e\u5230\u5c0d\u61c9\u5bc6\u78bc “myPassword”\uff0c\u5e33\u865f\u88ab\u7834\u89e3\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\u52a0\u9e7d\u503c\uff08\u5b89\u5168\uff09<\/h4>\n\n\n\n\n- \u7528\u6236 A \u548c B \u90fd\u7528\u5bc6\u78bc “myPassword”\uff0c\u4f46\u7db2\u7ad9\u7528 Bcrypt\uff08\u5167\u5efa\u9e7d\u503c\uff09\u3002<\/li>\n\n\n\n
- \u8a08\u7b97\u904e\u7a0b\uff1a\n
\nuser A\uff1asalt= X7y9z0w2\uff0cBcrypt => $2b$12$X7y9z0w2...abc123...<\/code><\/li>\n\n\n\nuser B\uff1asalt= k4m6n8p0\uff0cBcrypt => $2b$12$k4m6n8p0...def456...<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n- \u8cc7\u6599\u5eab\u5132\u5b58\uff1a
user A: $2b$12$X7y9z0w2...abc123... <\/code>
user B: $2b$12$k4m6n8p0...def456...<\/code><\/li>\n\n\n\n- \u5b89\u5168\u6027<\/strong>\uff1a\n
\n- \u5373\u4f7f\u5bc6\u78bc\u76f8\u540c\uff0c\u96dc\u6e4a\u503c\u4e0d\u540c\uff0c\u99ed\u5ba2\u7121\u6cd5\u770b\u51fa A \u548c B \u5bc6\u78bc\u76f8\u540c\u3002<\/li>\n\n\n\n
- \u5f69\u8679\u8868\u7121\u6548\uff0c\u56e0\u70ba\u99ed\u5ba2\u9700\u70ba\u6bcf\u500b\u9e7d\u503c\u91cd\u65b0\u8a08\u7b97\u8868\u3002<\/li>\n\n\n\n
- Bcrypt \u7684\u6162\u901f\u8a08\u7b97\uff08\u5de5\u4f5c\u56e0\u5b50\uff09\u4f7f\u66b4\u529b\u7834\u89e3\u8017\u6642\u5de8\u5927\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\u9a57\u8b49\u904e\u7a0b<\/strong><\/h4>\n\n\n\n\n- \u7528\u6236 A \u767b\u9304\uff0c\u8f38\u5165 “myPassword”\uff1a\n
\n- \u7db2\u7ad9\u53d6\u51fa\u5132\u521a\u521a\u5b8c\u6210<\/li>\n\n\n\n
- \u7db2\u7ad9\u7528\u5132\u5b58\u7684\u9e7d\u503c X7y9z0w2 \u548c Bcrypt \u91cd\u65b0\u8a08\u7b97\u96dc\u6e4a\uff0c\u6bd4\u5c0d\u8207 $2b$12$X7y9z0w2…abc123… \u4e00\u81f4\uff0c\u9a57\u8b49\u901a\u904e\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
\n\n\n\n<\/p>\n\n\n\n
Iteration<\/h2>\n\n\n\n\n- \u8fed\u4ee3\u662f\u6307\u5c07\u67d0\u500b\u96dc\u6e4a\u6f14\u7b97\u6cd5\uff08\u4f8b\u5982 MD5\uff09\u61c9\u7528\u65bc\u8f38\u5165\u8cc7\u6599\uff08\u5bc6\u78bc + \u9e7d\u503c\uff09\u591a\u6b21\uff0c\u800c\u4e0d\u662f\u50c5\u57f7\u884c\u4e00\u6b21\u3002<\/li>\n\n\n\n
- \u6bcf\u6b21\u8fed\u4ee3\u7684\u8f38\u51fa\u6703\u4f5c\u70ba\u4e0b\u4e00\u6b21\u8fed\u4ee3\u7684\u8f38\u5165\uff0c\u5982\u6b64\u53cd\u8986\u9032\u884c\u6307\u5b9a\u7684\u6b21\u6578\uff08\u5728 phpass \u7684 MD5 \u6a21\u5f0f\u4e2d\u70ba 8192 \u6b21\uff09\u3002<\/li>\n\n\n\n
- \u7bc4\u4f8b\u6d41\u7a0b\uff08\u7c21\u5316\uff09\uff1a\n
\n- \u521d\u59cb\u8f38\u5165\uff1apassword + salt<\/li>\n\n\n\n
- \u7b2c 1 \u6b21\uff1aMD5(password + salt) = hash1<\/li>\n\n\n\n
- \u7b2c 2 \u6b21\uff1aMD5(hash1) = hash2<\/li>\n\n\n\n
- …<\/li>\n\n\n\n
- \u7b2c 8192 \u6b21\uff1aMD5(hash8191) = final_hash<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- \u8cc7\u6e90\u5f71\u97ff\n
\n- \u5047\u8a2d\u55ae\u6b21 MD5 \u8a08\u7b97\u8017\u6642 1 \u5fae\u79d2\uff0c8192 \u6b21\u8fed\u4ee3\u7e3d\u8a08\u7d04 8192 \u00d7 1 \u5fae\u79d2 = 8.192 \u6beb\u79d2\uff080.008192 \u79d2\uff09\u3002 <\/li>\n\n\n\n
- \u5c0d\u65bc\u55ae\u500b\u5bc6\u78bc\u96dc\u6e4a\u6216\u9a57\u8b49\uff0c\u9019\u7a2e\u5ef6\u9072\u5c0d\u4f7f\u7528\u8005\u5e7e\u4e4e\u7121\u611f\uff08\u4eba\u985e\u611f\u77e5\u4e0d\u5230 10 \u6beb\u79d2\u4ee5\u4e0b\u7684\u5ef6\u9072\uff09\u3002<\/li>\n\n\n\n
- \u5373\u4f7f\u5728\u9ad8\u8ca0\u8f09\u5834\u666f\uff08\u5982\u7db2\u7ad9\u540c\u6642\u8655\u7406\u6578\u767e\u500b\u767b\u9304\u8acb\u6c42\uff09\uff0c8 \u6beb\u79d2\u7684\u55ae\u6b21\u8a08\u7b97\u5c0d\u4f3a\u670d\u5668\u8ca0\u64d4\u4e5f\u4e0d\u7b97\u5927\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nPepper<\/h2>\n\n\n\n
\u5be6\u73fe<\/strong>\uff1ahash = MD5(pepper + password + salt)\u3002<\/p>\n\n\n\n\u88dc\u5145\u9e7d\u503c<\/strong>\uff1a\u9e7d\u503c\u5132\u5b58\u5728\u8cc7\u6599\u5eab\uff0c\u5bb9\u6613\u88ab\u653b\u64ca\u8005\u7372\u53d6\uff1bpepper \u662f\u4e00\u500b\u5168\u5c40\u79d8\u5bc6\u503c\uff0c\u5132\u5b58\u5728\u4f3a\u670d\u5668\u7aef\uff08\u5982\u914d\u7f6e\u6587\u4ef6\uff09\uff0c\u5373\u4f7f\u8cc7\u6599\u5eab\u6d29\u6f0f\uff0c\u6c92\u6709 pepper \u4e5f\u96e3\u4ee5\u7834\u89e3\u3002<\/p>\n\n\n\n
\n\n\n\n<\/p>\n\n\n\n
Secret<\/h2>\n\n\n\n
\u5c07Secret\u548chash\u7d50\u5408\u5728\u4e00\u8d77\uff0c\u53ef\u5be6\u4f5cMAC\u6a5f\u5236\uff0c\u5e38\u898b\u7684\u5be6\u505a\u6709HMAC<\/p>\n\n\n\n
HMAC\uff08Hash-based Message Authentication Code\uff0c\u57fa\u65bc\u96dc\u6e4a\u7684\u8a0a\u606f\u8a8d\u8b49\u78bc\uff09\uff1a<\/strong><\/p>\n\n\n\n\n- \u662f\u4f7f\u7528hash function\u4f86\u5efa\u69cb MAC \u7684\u6a19\u6e96\u65b9\u6cd5\u3002 <\/li>\n\n\n\n
- \u5b83\u57fa\u65bc\u4e00\u500b\u5b89\u5168\u7684\u96dc\u6e4a\u51fd\u6578\uff08\u5982 SHA-256\u3001SHA-1\uff09\uff0c\u518d\u7d50\u5408\u4e00\u500b\u79d8\u5bc6\u91d1\u9470\u3002<\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
MAC\uff08\u8a0a\u606f\u78ba\u8a8d\u78bc\uff0cMessage Authentication Code\uff09<\/strong>\uff1a<\/p>\n\n\n\n\n- \u63d0\u4f9b\u78ba\u8a8d\u6027\u6280\u8853<\/li>\n\n\n\n
- \u5229\u7528\u8a0a\u606f\u5167\u5bb9\u548c\u4e00\u500b\u5171\u4eab\u7684\u79c1\u9470\uff0c\u901a\u904e\u7279\u5b9a\u6f14\u7b97\u6cd5\u751f\u6210\u4e00\u500b\u78ba\u8a8d\u78bc\uff08MAC\uff09\uff0c\u4e26\u9644\u5728\u8a0a\u606f\u5f8c\u3002<\/li>\n\n\n\n
- \u63a5\u6536\u65b9\u7528\u76f8\u540c\u7684\u8a0a\u606f\u548c\u79c1\u9470\u91cd\u65b0\u8a08\u7b97 MAC\uff0c\u8207\u6536\u5230\u7684 MAC \u6bd4\u5c0d\u3002\u5982\u679c\u4e00\u81f4\uff0c\u8b49\u660e\u8a0a\u606f\u672a\u88ab\u7be1\u6539\u3002<\/li>\n\n\n\n
- \u96d9\u65b9\u5fc5\u9808\u4f7f\u7528\u76f8\u540c\u7684\u5bc6\u9470\u3002<\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
MAC\u904b\u4f5c\u539f\u7406<\/strong><\/p>\n\n\n\n\n- \u767c\u9001\u65b9\uff1a\n
\n- \u8f38\u5165\uff1a\u8a0a\u606f\uff08m\uff09 + \u5171\u4eab\u7684\u5bc6\u9470\uff08k\uff09<\/li>\n\n\n\n
- \u4f7f\u7528 MAC \u6f14\u7b97\u6cd5\uff08\u4f8b\u5982 HMAC-SHA256\uff09\u8a08\u7b97\uff1aMAC = MAC_algorithm(m, k)<\/li>\n\n\n\n
- \u5c07\u8a0a\u606f\uff08m\uff09\u548c MAC \u4e00\u8d77\u767c\u9001\u7d66\u63a5\u6536\u65b9<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- \u63a5\u6536\u65b9\uff1a\n
\n- \u6536\u5230\uff1a\u8a0a\u606f\uff08m\u2019\uff09\u548c MAC<\/li>\n\n\n\n
- \u7528\u76f8\u540c\u7684\u5bc6\u9470\uff08k\uff09\u548c\u6536\u5230\u7684\u8a0a\u606f\uff08m\u2019\uff09\u91cd\u65b0\u8a08\u7b97\uff1aMAC\u2019 = MAC_algorithm(m\u2019, k)<\/li>\n\n\n\n
- \u6bd4\u5c0d MAC \u548c MAC\u2019 \u662f\u5426\u76f8\u540c\uff1a\n
\n- \u76f8\u540c\uff1a\u8a0a\u606f\u672a\u88ab\u7be1\u6539\uff0c\u9a57\u8b49\u901a\u904e<\/li>\n\n\n\n
- \u4e0d\u540c\uff1a\u8a0a\u606f\u53ef\u80fd\u88ab\u4fee\u6539\uff0c\u9a57\u8b49\u5931\u6557<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
<\/p>\n\n\n\n
\u5e38\u898b\u7684MAC\u5be6\u4f5c\u65b9\u6cd5\u5982\u4e0b <\/p>\n\n\n\n
<\/ol>\n\n\n\n\u985e\u578b<\/th> \u57fa\u790e<\/th> \u8aaa\u660e<\/th><\/tr><\/thead> HMAC<\/strong><\/td>\u96dc\u6e4a\u51fd\u6578<\/td> \u6700\u5e38\u7528<\/td><\/tr> CMAC<\/strong><\/td>\u5340\u584a\u52a0\u5bc6\uff08\u5982 AES\uff09<\/td> \u57fa\u65bc AES\uff0c\u9069\u5408\u786c\u9ad4<\/td><\/tr> GMAC<\/strong><\/td>Galois \u6a21\u5f0f<\/td> \u7528\u5728 GCM \u52a0\u5bc6\u6a21\u5f0f\u4e2d<\/td><\/tr> Poly1305<\/strong><\/td>\u591a\u9805\u5f0f\u96dc\u6e4a<\/td> \u9ad8\u901f\uff0c\u5e38\u7528\u5728 ChaCha20-Poly1305<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"\u55ae\u7d14\u7684\u96dc\u6e4a\u904b\u7b97\u5df2\u7121\u6cd5\u6709\u6548\u9632\u6b62\u5bc6\u78bc\u88ab\u7834\u89e3\uff0c\u900f\u904e\u4e00\u4e9b\u6280\u5de7\u53ef\u4ee5\u6709\u6548\u62b5\u79a6\u5f69\u8679\u8868\u653b\u64ca\u3001\u5927\u898f\u6a21\u96e2\u7dda\u66b4\u529b\u7834\u89e3\uff0c\u4ee5\u53ca\u90e8\u5206\u8cc7\u6599\u5916\u6d29\u6240\u5e36\u4f86\u7684\u98a8\u96aa\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[375],"tags":[],"class_list":["post-2501","post","type-post","status-publish","format-standard","hentry","category-cryptographic-fundamentals"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=2501"}],"version-history":[{"count":2,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2501\/revisions"}],"predecessor-version":[{"id":2849,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2501\/revisions\/2849"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=2501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=2501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=2501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}