| 词条 | Pepper (cryptography) | |||||||||||||||
| 释义 |
In cryptography, a pepper is a secret added to an input such as a password prior to being hashed with a cryptographic hash function. As of 2017, NIST recommends[1] using a secret input when storing memorized secrets such as passwords. A pepper performs a comparable role to a salt, but while a salt is not secret (merely unique) and can be stored alongside the hashed output, a pepper is secret and must not be stored with the output. The hash and salt are usually stored in a database, but a pepper must be stored separately (e.g. in a configuration file) to prevent it from being obtained by the attacker in case of a database breach. Where the salt only has to be long enough to be unique, a pepper has to be secure to remain secret (at least 112 bits is recommended by NIST), otherwise an attacker only needs one known entry to crack the pepper. Finally, the pepper must be generated anew for every application it is deployed in, otherwise a breach of one application would result in lowered security of another application. A pepper adds security to a database of salts and hashes because unless the attacker is able to obtain the pepper, they cannot crack a single hash, no matter how weak the original password. If a strong hashing algorithm is not selected, an attacker can brute force the hashes and recover weak passwords. The encryption equivalent of a pepper is the encryption key. By including pepper in the hash, one can have the advantages of both methods: uncrackable passwords so long as the pepper remains unknown to the attacker, and even in the case the pepper is breached, an attacker still has to crack the hashes. For comparison, when encrypting passwords, anyone with knowledge of the encryption key (including system administrators) can instantly decrypt all passwords; hence, it is always recommended to hash passwords instead of encrypting them, even when not using a pepper. Example usage{{See also|Salt (cryptography)#Example usage}}Here is an incomplete example of using a constant pepper when storing passwords. This first table has two username and password combinations.
The password is not stored, and the 8-byte (64-bit) pepper 44534C70C6883DE2 is stored in a secure location separate from the hashed values.
In contrast to a salt, a pepper does not on its own protect against identifying users who have the same password, but it does protect against both dictionary attacks and brute-force attacks so long as the attacker does not have the pepper value. See also
References1. ^{{Cite web|url=https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers|title=NIST Special Publication 800-63B|date=June 2017|access-date=2018-10-13|at=Section 5.1.1.2|quote="... verifiers SHOULD perform an additional iteration of a key derivation function using a salt value that is secret and known only to the verifier ..."}} 2 : Cryptography|Password authentication |
|||||||||||||||
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。