在为数据库存储散列密码时，我总是使用适当的每项salt字符串。对于我的需要，在DB中将盐存储在散列密码旁边总是很好。

然而，有些人建议将盐与数据库分开存储。他们的论点是，如果数据库被破坏，攻击者仍然可以构建一个彩虹表，将特定的盐字符串考虑在内，以便一次破解一个帐户。如果这个帐户有管理权限，那么他甚至不需要破解任何其他帐户。

从安全的角度来看，把盐存放在不同的地方值得吗?考虑一个web应用程序，其服务器代码和DB位于同一台机器上。如果salt存储在该机器上的平面文件中，那么如果数据库受到威胁，那么盐类文件也会受到威胁。

对此有什么建议的解决方案吗?

我不确定密码哈希是如何工作的(稍后将实现它)，但现在需要创建数据库模式。

我正在考虑将密码限制为4-20个字符，但据我所知，加密哈希字符串将具有不同的长度。

那么，如何在数据库中存储这些密码呢?

当我试图通过pip install Cryptography或从他们的网站下载包并运行Python setup.py安装Python密码学包时，我得到以下错误:

---

D:\Anaconda\Scripts\pip-script.py run on 02/27/14 16:13:17
Downloading/unpacking cryptography
  Getting page https://pypi.python.org/simple/cryptography/
  URLs to search for versions for cryptography:
  * https://pypi.python.org/simple/cryptography/
  Analyzing links from page https://pypi.python.org/simple/cryptography/
    Skipping https://pypi.python.org/packages/cp26/c/cryptography/cryptography-0.2-cp26-none-win32.whl#md5=13e5c4b19520e7dc6f07c6502b3f74e2 (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp26/c/cryptography/cryptography-0.2.1-cp26-none-win32.whl#md5=00e733648ee5cdb9e58876238b1328f8 (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp27/c/cryptography/cryptography-0.2-cp27-none-win32.whl#md5=013ccafa6a5a3ea92c73f2c1c4879406 (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp27/c/cryptography/cryptography-0.2.1-cp27-none-win32.whl#md5=127d6a5dc687250721f892d55720a06c (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp32/c/cryptography/cryptography-0.2-cp32-none-win32.whl#md5=051424a36e91039807b72f112333ded3 (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp32/c/cryptography/cryptography-0.2.1-cp32-none-win32.whl#md5=53f6f57db8e952d64283baaa14cbde3d (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp33/c/cryptography/cryptography-0.2-cp33-none-win32.whl#md5=302812c1c1a035cf9ba3292f8dbf3f9e (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Skipping https://pypi.python.org/packages/cp33/c/cryptography/cryptography-0.2.1-cp33-none-win32.whl#md5=81acca90caf8a45f2ca73f3f9859fae4 (from https://pypi.python.org/simple/cryptography/) because it is not compatible with this Python
    Found link https://pypi.python.org/packages/source/c/cryptography/cryptography-0.1.tar.gz#md5=bdc1c5fe069deca7467b71a0cc538f17 (from https://pypi.python.org/simple/cryptography/), version: 0.1
    Found link https://pypi.python.org/packages/source/c/cryptography/cryptography-0.2.1.tar.gz#md5=872fc04268dadc66a0305ae5ab1c123b (from https://pypi.python.org/simple/cryptography/), version: 0.2.1
    Found link https://pypi.python.org/packages/source/c/cryptography/cryptography-0.2.tar.gz#md5=8a3d21e837a21e1b7634ee1f22b06bb6 (from https://pypi.python.org/simple/cryptography/), version: 0.2
  Using version 0.2.1 (newest of versions: 0.2.1, 0.2, 0.1)
  Downloading from URL https://pypi.python.org/packages/source/c/cryptography/cryptography-0.2.1.tar.gz#md5=872fc04268dadc66a0305ae5ab1c123b (from https://pypi.python.org/simple/cryptography/)
  Running setup.py (path:c:\users\paco\appdata\local\temp\pip_build_Paco\cryptography\setup.py) egg_info for package cryptography
    In file included from c/_cffi_backend.c:7:0:
    c/misc_win32.h:225:23: error: two or more data types in declaration specifiers
    c/misc_win32.h:225:1: warning: useless type name in empty declaration [enabled by default]
    c/_cffi_backend.c: In function 'convert_array_from_object':
    c/_cffi_backend.c:1105:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1105:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1130:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1130:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1150:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1150:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'convert_struct_from_object':
    c/_cffi_backend.c:1183:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1183:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1196:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1196:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'cdata_repr':
    c/_cffi_backend.c:1583:13: warning: unknown conversion type character 'L' in format [-Wformat]
    c/_cffi_backend.c:1583:13: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1595:9: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1595:9: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'cdataowning_repr':
    c/_cffi_backend.c:1647:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1647:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function '_cdata_get_indexed_ptr':
    c/_cffi_backend.c:1820:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1820:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1820:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function '_cdata_getslicearg':
    c/_cffi_backend.c:1872:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1872:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1872:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'cdata_ass_slice':
    c/_cffi_backend.c:1951:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1951:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1951:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1969:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1969:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1969:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:1983:22: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:1983:22: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'cdata_call':
    c/_cffi_backend.c:2367:30: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:2367:30: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]
    c/_cffi_backend.c:2367:30: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'cast_to_integer_or_char':
    c/_cffi_backend.c:2916:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:2916:26: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]
    c/_cffi_backend.c:2916:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c:2928:26: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:2928:26: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]
    c/_cffi_backend.c:2928:26: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'new_array_type':
    c/_cffi_backend.c:3480:9: warning: unknown conversion type character 'l' in format [-Wformat]
    c/_cffi_backend.c:3480:9: warning: too many arguments for format [-Wformat-extra-args]
    c/_cffi_backend.c: In function 'b_complete_struct_or_union':
    c/_cffi_backend.c:3878:22: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:3878:22: warning: unknown conversion type character 'z' in format [-Wformat]
    c/_cffi_backend.c:3878:22: warning: too many arguments for format [-Wformat-extra-args]
    Traceback (most recent call last):
      File "<string>", line 17, in <module>
      File "c:\users\paco\appdata\local\temp\pip_build_Paco\cryptography\setup.py", line 113, in <module>
        "build": cffi_build,
      File "D:\Anaconda\lib\distutils\core.py", line 112, in setup
        _setup_distribution = dist = klass(attrs)
      File "build\bdist.win-amd64\egg\setuptools\dist.py", line 239, in __init__
      File "build\bdist.win-amd64\egg\setuptools\dist.py", line 264, in fetch_build_eggs
      File "build\bdist.win-amd64\egg\pkg_resources.py", line 580, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "build\bdist.win-amd64\egg\pkg_resources.py", line 818, in best_match
        return self.obtain(req, installer) # try and download/install
      File "build\bdist.win-amd64\egg\pkg_resources.py", line 830, in obtain
        return installer(requirement)
      File "build\bdist.win-amd64\egg\setuptools\dist.py", line 314, in fetch_build_egg
      File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 593, in easy_install

      File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 623, in install_item

      File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 809, in install_eggs

      File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 1015, in build_and_install

      File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 1003, in run_setup

    distutils.errors.DistutilsError: Setup script exited with error: command 'gcc' failed with exit status 1
    Complete output from command python setup.py egg_info:
    In file included from c/_cffi_backend.c:7:0:

c/misc_win32.h:225:23: error: two or more data types in declaration specifiers

c/misc_win32.h:225:1: warning: useless type name in empty declaration [enabled by default]

c/_cffi_backend.c: In function 'convert_array_from_object':

c/_cffi_backend.c:1105:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1105:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1130:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1130:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1150:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1150:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'convert_struct_from_object':

c/_cffi_backend.c:1183:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1183:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1196:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1196:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'cdata_repr':

c/_cffi_backend.c:1583:13: warning: unknown conversion type character 'L' in format [-Wformat]

c/_cffi_backend.c:1583:13: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1595:9: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1595:9: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'cdataowning_repr':

c/_cffi_backend.c:1647:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1647:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function '_cdata_get_indexed_ptr':

c/_cffi_backend.c:1820:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1820:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1820:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function '_cdata_getslicearg':

c/_cffi_backend.c:1872:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1872:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1872:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'cdata_ass_slice':

c/_cffi_backend.c:1951:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1951:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1951:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1969:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1969:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1969:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:1983:22: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:1983:22: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'cdata_call':

c/_cffi_backend.c:2367:30: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:2367:30: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]

c/_cffi_backend.c:2367:30: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'cast_to_integer_or_char':

c/_cffi_backend.c:2916:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:2916:26: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]

c/_cffi_backend.c:2916:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c:2928:26: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:2928:26: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'Py_ssize_t' [-Wformat]

c/_cffi_backend.c:2928:26: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'new_array_type':

c/_cffi_backend.c:3480:9: warning: unknown conversion type character 'l' in format [-Wformat]

c/_cffi_backend.c:3480:9: warning: too many arguments for format [-Wformat-extra-args]

c/_cffi_backend.c: In function 'b_complete_struct_or_union':

c/_cffi_backend.c:3878:22: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:3878:22: warning: unknown conversion type character 'z' in format [-Wformat]

c/_cffi_backend.c:3878:22: warning: too many arguments for format [-Wformat-extra-args]

Traceback (most recent call last):

  File "<string>", line 17, in <module>

  File "c:\users\paco\appdata\local\temp\pip_build_Paco\cryptography\setup.py", line 113, in <module>

    "build": cffi_build,

  File "D:\Anaconda\lib\distutils\core.py", line 112, in setup

    _setup_distribution = dist = klass(attrs)

  File "build\bdist.win-amd64\egg\setuptools\dist.py", line 239, in __init__

  File "build\bdist.win-amd64\egg\setuptools\dist.py", line 264, in fetch_build_eggs

  File "build\bdist.win-amd64\egg\pkg_resources.py", line 580, in resolve

    dist = best[req.key] = env.best_match(req, ws, installer)

  File "build\bdist.win-amd64\egg\pkg_resources.py", line 818, in best_match

    return self.obtain(req, installer) # try and download/install

  File "build\bdist.win-amd64\egg\pkg_resources.py", line 830, in obtain

    return installer(requirement)

  File "build\bdist.win-amd64\egg\setuptools\dist.py", line 314, in fetch_build_egg

  File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 593, in easy_install



  File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 623, in install_item



  File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 809, in install_eggs



  File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 1015, in build_and_install



  File "build\bdist.win-amd64\egg\setuptools\command\easy_install.py", line 1003, in run_setup



distutils.errors.DistutilsError: Setup script exited with error: command 'gcc' failed with exit status 1

----------------------------------------
Cleaning up...
  Removing temporary dir c:\users\paco\appdata\local\temp\pip_build_Paco...
Command python setup.py egg_info failed with error code 1 in c:\users\paco\appdata\local\temp\pip_build_Paco\cryptography
Exception information:
Traceback (most recent call last):
  File "D:\Anaconda\lib\site-packages\pip-1.5.4-py2.7.egg\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "D:\Anaconda\lib\site-packages\pip-1.5.4-py2.7.egg\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "D:\Anaconda\lib\site-packages\pip-1.5.4-py2.7.egg\pip\req.py", line 1229, in prepare_files
    req_to_install.run_egg_info()
  File "D:\Anaconda\lib\site-packages\pip-1.5.4-py2.7.egg\pip\req.py", line 325, in run_egg_info
    command_desc='python setup.py egg_info')
  File "D:\Anaconda\lib\site-packages\pip-1.5.4-py2.7.egg\pip\util.py", line 697, in call_subprocess
    % (command_desc, proc.returncode, cwd))
InstallationError: Command python setup.py egg_info failed with error code 1 in c:\users\paco\appdata\local\temp\pip_build_Paco\cryptography

我发现了其他egg_info错误帖子(这里和这里)，但那里提供的解决方案不能解决我的问题。另外，我可以通过PIP安装其他包。

PIP版本1.5.4 setuptools版本2.2

在存储密码之前对密码进行两次哈希比只进行一次哈希更安全还是更不安全?

我说的是这样做:

$hashed_password = hash(hash($plaintext_password));

而不是这样:

$hashed_password = hash($plaintext_password);

如果它不太安全，你能提供一个好的解释(或一个链接)吗?

另外，使用哈希函数有区别吗?如果混合使用md5和sha1(例如)，而不是重复相同的哈希函数，会有任何区别吗?

注1:当我说“双重哈希”时，我指的是对密码进行两次哈希，以使其更加模糊。我说的不是解决碰撞的技术。

注2:我知道我需要添加一个随机的盐，以真正使它安全。问题是用同一个算法进行两次哈希运算对哈希是有利还是有害。

License keys are the defacto-standard as an anti-piracy measure. To be honest, this strikes me as (in)Security Through Obscurity, although I really have no idea how license keys are generated. What is a good (secure) example of license key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so, what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators? How are key generators made?

我需要实现256位AES加密，但我在网上找到的所有示例都使用“KeyGenerator”来生成256位密钥，但我想使用我自己的passkey。如何创建自己的密钥?我尝试将其填充到256位，但随后我得到一个错误，说键太长。我确实安装了无限管辖权补丁，所以这不是问题:)

Ie。KeyGenerator是这样的…

// Get the KeyGenerator
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128); // 192 and 256 bits may not be available

// Generate the secret key specs.
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();

这里的代码

EDIT

我实际上是把密码填充到256字节，不是位，太长了。以下是我现在使用的一些代码，我有了更多的经验。

byte[] key = null; // TODO
byte[] input = null; // TODO
byte[] output = null;
SecretKeySpec keySpec = null;
keySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
output = cipher.doFinal(input)

你需要自己做的“TODO”部分:-)

我看到哈希和加密算法之间有很多混淆，我想听到一些关于以下方面的专家建议:

什么时候使用哈希和加密 是什么让哈希或加密算法不同(从理论/数学层面) 例如，是什么使得哈希不可逆(没有彩虹树的帮助)

以下是一些类似的SO问题，但没有像我想要的那样详细:

混淆、哈希和加密之间的区别是什么? 加密和哈希的区别

如何在c#中加密和解密字符串?

我经常听到这样的建议:“使用bcrypt在PHP中存储密码，使用bcrypt规则”。

但是bcrypt是什么?PHP并没有提供任何这样的函数，维基百科上有关于文件加密实用程序的喋喋不休，网络搜索只显示了一些不同语言的Blowfish实现。现在Blowfish也可以通过mcrypt在PHP中使用，但这如何帮助存储密码呢?河豚是一种通用密码，有两种工作方式。如果可以加密，就可以解密。密码需要单向哈希函数。

怎么解释呢?