在散列之前加扰加盐密码。好主意？

Posted 2023-02-19

【中文标题】在散列之前加扰加盐密码。好主意？

【英文标题】：Scrambling a salted password before hashing. Good idea?

【发布时间】：2018-03-26 10:21:51

【问题描述】：

我正在更新一个旧的经典 ASP 站点，并且我需要存储密码，因此鉴于经典 ASP 的局限性，我自然对如何进行此操作有些谨慎。

我同时使用了盐和胡椒（胡椒是存储在服务器上的常量，而不是存储在数据库中），我只是想知道，洗牌/打乱“”的字符有什么好处哈希之前的胡椒+密码+盐”字符串？

我编写了一个函数，它可以根据预定义的（秘密）数字序列（该序列也存储在服务器上，而不是数据库中）对任意长度的字符串进行加扰。因此该函数将始终返回相同的加扰值而不是随机加扰值（这当然没有用）。

我已经阅读了很多关于密码加盐的文章，但我从未见过有人建议在散列之前对加盐密码进行加扰。但对我来说，这似乎是一种额外的安全级别。

只是想知道别人怎么想？

这是打乱函数（它是用 VBscript 编写的）：

Function ScrambleSalt(the_str)

    '// Once you've joined the pepper + password + salt, you pass it through the "ScrambleSalt" function before 
    '// hashing. The "ScrambleSalt" function will scramble any string based on a pre-set sequence of numbers. 
    '// The sequence is imported from a txt file (kept in an offline folder, just like the pepper).

    '// The sequence needs to be an incremental collection of numbers (starting from 1) but in a random order 
    '// and comma delimited. Here's and example with 1 to 50, although the actual sequence uses 1 - 500:

    '// 22,8,21,45,49,42,3,36,11,47,19,9,15,23,40,16,29,31,43,38,44,4,41,13,35,26,17,14,10,28,6,5,34,12,39,1,
    '// 30,46,32,7,27,48,33,25,18,2,50,20,24,37

    '// (^ the numbers 1 to 50 in a random order)

    '// How the scrambling process works (using the above example sequence) is by rearranging the characters in 
    '// the string so that characters 22 appears first, followed by character 8, then character 21 etc, etc... 
    '// the function cycles through the sequence ignoring any numbers that are larger than the length of the 
    '// string until the characters in the string have all been rearranged (scrambled).

    '// If a string is more than 50 characters long, it will be split into individual strings, each containing 
    '// 50 characters (or a remainder in the case of the last string).

    '// So if the length of the string is 120 characters long, it will be split into 3 string:

    '// String 1 = 50 chars (chars 1 - 50)
    '// String 2 = 50 chars (chars 51 - 100)
    '// String 3 = 20 chars (chars 101 - 120)

    '// Each string will be scrambled, then joined back together before being returned by the function. 
    '// Using this method means the function can scramble strings of any length and without limit.

    Dim scramble_sequence, sequence_array, scramble_loop, in_loop_str, scrambled_str
    scramble_sequence = file_get_contents(request.ServerVariables("APPL_PHYSICAL_PATH") & "/../keys/scramble_sequence.txt")
    sequence_array = split(scramble_sequence,",")
    scramble_loop = Ceil(len(the_str),uBound(sequence_array)+1) '// round up
    for fx = 0 to scramble_loop-1
        in_loop_str = mid(the_str,fx*(uBound(sequence_array)+1)+1,uBound(sequence_array)+1)
        for fy = 0 to uBound(sequence_array)
            if int(sequence_array(fy)) =< len(in_loop_str) then
                scrambled_str = scrambled_str & mid(in_loop_str,int(sequence_array(fy)),1)
            end if
        next
    next
    ScrambleSalt = scrambled_str

End Function

function Ceil(dividend, divider) ' for rounding up a number
    if (dividend mod divider) = 0 Then
        Ceil = dividend / divider
    else
        Ceil = Int(dividend / divider) + 1
    end if
End function

function file_get_contents(file_path)
    Set fs = Server.CreateObject("Scripting.FileSystemObject")
    Set f = fs.OpenTextFile(file_path,1)
        file_get_contents = f.ReadAll
    f.Close : Set f = Nothing : Set fs = Nothing
end function

上述函数的一个例子

pepper value used for this example = "XC3Qpm7CNXauwAbX"
scramble sequence used for this example = "9,39,50,43,18,11,36,7,29,41,27,34,12,45,1,14,42,13,6,4,25,19,24,33,30,20,23,10,46,16,49,38,15,5,17,8,47,28,26,3,2,40,37,44,35,32,48,22,31,21"

password = "p@44w0rd"
salt = "G1sWNd0andiIhOYA"

concatenated pepper+password+salt:
XC3Qpm7CNXauwAbXp@44w0rdG1sWNd0andiIhOYA

scrambled using the example sequence:
NY@aI7NsduXAwmQG4dnd4rXXObppCW13CAhia00w

SHA512 Hash:
9d5a7781eeb815250c55c1a1f172c569b3b6167a48951c819e4982bea9b84bd8ecad6a417ff8f110541a1039ddf1fd8daa61a52a7c401fccae71dda77c607540

【问题讨论】：

盐的目的是使彩虹表无用（因为攻击者必须为他们想要破解的每个哈希重新计算它们）。攻击者是否知道盐是无关紧要的。你的方法给你带来了什么好处？

我了解盐的用途（将存储在散列密码旁边）。如果数据库遭到破坏，黑客可以针对单个帐户并重建一个实施 salt 的彩虹表。我的想法是打乱密码+盐而不是仅仅将两者连接起来会使这几乎不可能，除非他们可以访问网站源代码和数据库......我也意识到这有点矫枉过正，但似乎就像一个很好的额外安全级别。

重建彩虹表本质上与暴力破解哈希相同。攻击者无论如何都可以这样做。

谷歌“Kerckhoff 原理”。假设攻击者知道密码和哈希是如何组合的。无论如何，你是在问你正在做的事情是否是个好主意。我的回答是：“不，不是”。随心所欲。

我投票结束这个问题，因为它属于Information Security Stack Exchange。

【参考方案1】：

如果有人获得了对您数据库的访问权，那么如果他们在同一台服务器上，他们也可以获得对您的脚本的访问权。