- Munyu iyi tambo isina kujairika iyo inowedzerwa kune password pamberi pehashi kuti uwane yakasarudzika hashe pamushandisi.
- Linux Inochengeta hashi, munyu uye algorithm mu/etc/mumvuri, inosimbisa chengetedzo pakurwisa duramazwi uye matafura emuraraungu.
- Maitiro akanaka anoda marefu, asina kurongeka, uye akasarudzika munyu, pamwe neakasimba hash algorithms uye dhatabhesi zvakachengetedzwa zvakanaka.
- Password salting inofanira kubatanidzwa mune yakakura kuchengetedza mitemo inosanganisira mapassword akasimba, MFA, uye password mamaneja.
Kana iwe ukashanda neGNU/Linux masisitimu kana uchingonetseka nezve kuchengetedzeka kwemaakaundi ako, zvimwe wakambonzwa nezvazvo. munyu mune password hashiNdiyo imwe yeaya pfungwa inotaurwa zvakanyanya, asi kazhinji hafu inonzwisiswa: inonzwika tekinoroji, asi muchokwadi inoita mutsauko pakati pehurongwa huri nyore kupaza uye iyo inonyanya kurwisa kurwiswa.
Muchidimbu, munyu ndiye a chinhu chakakosha kuita password hashe isingafungidzikeInoshanda nekuwedzera data isina kurongeka usati washandisa hash algorithm kuitira kuti, kunyangwe vashandisi vaviri vaine password yakafanana, mhedzisiro yakachengetwa mudhatabhesi ichave yakasiyana. Kubva ipapo, iyo chaiyo yekumisikidzwa muLinux, hukama hwayo ne /etc/mumvuri, maturusi akaita semkpasswd, uye yemazuva ano kuchengetedza maitiro akanakisa inyika yese pachayo, yatichaongorora zvakadzama.
Chii chaizvo chiri munyu mune password hashi?
Mune cryptography, a munyu (munyu) ndiye a mutsara usina kurongeka wemavara iyo inowedzerwa kune password yemushandisi usati waisa basa rehashi. Chinangwa ndechekuti hashi inoguma ive yakasarudzika kunyangwe iyo plaintext password yakafanana kune vakawanda vashandisi.
Kana mushandisi achigadzira kana kushandura password yavo, sisitimu inogadzira a munyu usina kurongekaInoisanganisa nepassword (pamberi, mushure, kana mune yakatarwa fomati zvichienderana nechirongwa) uye inoshandisa hash algorithm kumusanganiswa iwoyo, senge. SHA-256 o SHA-512Iyo password haina kuchengetwa mu database, asi pane iyo hashi ye (password + munyu), uye muzvirongwa zvakawanda munyu pachawo unochengetwa pamwe chete nehashi.
Iyi tekinoroji inoshandura akawanda eiyo maitiro ekurwisa akavakirwa pane precomputed hashes, sematafura emurarabungu, uye inoomesa zvikuru duramazwi uye kurwisa kwechisimba pamwero mukuru. Anorwisa haachakwanise kushandisa chokwadi chekuti vashandisi vakawanda vanogovana password, nekuti mumwe nemumwe anenge aine hashi yakasiyana.
Zvakakosha kunzwisisa kuti munyu haisi chakavanzika pachayo: Haisi password kana kiyi yakavanzikaBasa rayo ndere kuunza kusarudzika uye kusarudzika mune hashing maitiro. Chengetedzo ichiri kutsamira pakushandisa mapassword akasimba y akakodzera hash algorithms, zviri nani zvakagadzirirwa mapassword (akadai se bcrypt, scrypt, Argon2), kunyangwe akawanda emhando dzeLinux masisitimu anoshandisa akasiyana eSHA-256 kana SHA-512.
Iyo password salting inoshanda sei nhanho nhanho
Iyo salting process inogona kupfupikiswa munhevedzano yematanho ari nyore, asi ne kukanganisa kukuru pakuchengeteka:
Chekutanga, kana mushandisi akanyoresa kana kuchinja password yavo, sisitimu inoburitsa a yakasarudzika uye isina munyu munyu nokuda kwechiratidzo ichocho. Munyu iwoyo unowanzo hurefu hwakakwana (somuenzaniso, 16 bytes kana kupfuura) uye unowanikwa kubva kune cryptographically yakachengeteka nhamba yejenareta.
Tevere, password inosarudzwa nemushandisi inosanganiswa nemunyu iwoyo kuita a cheni yepakatiMusanganiswa uyu unogona kuve wakapusa sekubatanidza munyu + password, kana inogona kuve neyakaomesesa fomati inotsanangurwa neiyo hash scheme. Chinhu chakakosha ndechekuti mushandisi wega wega anopedzisira aine musanganiswa wakasiyana.
Zvadaro, a imwe-nzira hash algorithmMhedzisiro yacho inoratidzika kunge yakasarudzika tambo, iyo hashi, yehurefu hwakagadziriswa, iyo ichachengetwa mudhatabhesi pamwe chete nemunyu. Mune masisitimu emazuva ano, maalgorithms ari kutsvakwa anoburitsa mabudiro akareba uye akaomaIzvi zvinowedzera nzvimbo yekutsvaga uye zvinoita kuti kurwisa kwechisimba kudhure.
Pakupedzisira, kana mushandisi apinda, sisitimu yacho inotora zvakare password yakapinda. munyu unobatanidzwa Kubva padhatabhesi, inodzokorora iyo chaiyo yekubatanidza uye hashing maitiro uye inoenzanisa mhedzisiro neyakachengetwa hashi. Kana vakaenderana, inoziva kuti password ndeyechokwadi pasina kuda kuziva zviri pachena.
Iyi nzira inovimbisa kuti kunyangwe dhatabhesi rikaburitswa, anorwisa anozoona chete hashe yega yega nemunyu wavoPanzvimbo peseti yemahashi anofananidzwa, kumisa kurwiswa hakusi mashiripiti, asi kunowedzera kudhura zvakanyanya.
Zvakanakira kushandisa munyu mune password hashes
Chikonzero chikuru chekushandisa salting ndechekuti inosimbisa kuchengetedzwa kwemapassword akachengetwa kurwiswa kwakasiyana siyana. Asi zvakakosha kudonongodza mabhenefiti chaiwo.
Kutanga, salting inopa kuramba kurwiswa neduramazwiPasina munyu, anorwisa anogona kugadzirira rondedzero yakakura yemapassword akajairwa uye hashi dzawo, uye kungozvienzanisa nedhatabhesi rakabiwa. Iine yakasarudzika munyu pamushandisi, iwo akaverengerwa hashes anova asina basa, nekuti yega password + munyu musanganiswa unoburitsa kukosha kwakasiyana.
Chechipiri, kushandiswa kwemunyu kunoputsa kushanda kweiyo matafura emurarabunguAya angori akafanoverengerwa dhatabhesi ehashes emapassword akakurumbira kuti akurumidze kupora. Zvekare, sezvo mhedzisiro inoenderana nemunyu chaiwo, aya matafura akagadzirirwa maheshi asina munyu anova asina basa kana, pazvishoma, zvakanyanya kusashanda.
Imwe bhenefiti yakajeka ndeyekuti inovandudza iyo kuvanzika kana pakadonhaKunyangwe kana muparidzi akawana mukana patafura yemushandisi nehashi nemunyu, havazokwanisa kukurumidza kuona kuti ndiani ane password yakafanana nevamwe kana kutanga nyore kurwisa vanhu vakawanda. Akaunti yega yega inoda kutariswa kwemunhu mumwe nemumwe, izvo zvinowanzoita zvisingaite pamwero mukuru.
Uyezve, salting inowedzera kuoma kune iyo brute force attackPanzvimbo yekukwanisa kuyedza password yemumiriri pane ese hashes kamwechete, anorwisa anomanikidzwa kufunga nezve munyu wemushandisi wega wega, achiwedzera huwandu hwebasa rose. Kana izvi zvakasanganiswa neinononoka uye parameterizable hashing algorithm (senge bcrypt kana Argon2), mutengo wekurwisa unowedzera zvakanyanya.
Chekupedzisira, salting inzira inoenderana neshanduko yetekinoroji. Kunyangwe midziyo yemakomputa ichivandudza uye kurwiswa kutsva kunobuda, kusanganiswa kwehashi yakasimba uye yakasarudzika munyu Iyo inochengetedza yakakwirira uye scalable nhanho yekuomerwa: iwe unogona kuwedzera urefu hwemunyu, kusimbisa iyo algorithm, kuwedzera computational mutengo, nezvimwe.
Linux inoshandisa sei password salting (/etc/mumvuri)
MuLinux masisitimu uye mamwe *NIX akasiyana, mapassword evashandisi haana kuchengetwa mukati /etc/passwd, asi mufaira. / etc / mumvuriIyi faira, inowanikwa chete kune superuser, inochengetedza password hashes pamwe chete neruzivo rwekuwedzera, uye ndipo panoonekwa kushandiswa kwemunyu uye hash algorithm.
Mitsetse mu /etc/shadow ine chimiro chakafanana ne:
mushandisi:$id$sal$hash:additional_fields…
Chiratidzo $ Kuparadzanisa zvikamu zvakasiyana. Chikamu chekutanga mushure mezita rekushandisa rinoratidza iyo rudzi rwe algorithm kushandiswa. Semuyenzaniso, $ 1 $ kazhinji inomiririra MD5, $ 5 $ SHA-256 uye $ 6 $ SHA-512, inova ndiyo yakajairika algorithm mukugovera kwemazuva ano nekuti inopa chengetedzo yakakura kupfuura zvirongwa zvekare zvakavakirwa paDES kana MD5.
Mushure meiyo algorithm identifier inooneka iyo Saluye ipapo mhedzisiro hashiZvose izvi zviri mukati memunda mumwe chete. Kana password ikasimbiswa, sisitimu inoverenga icho chiziviso, munyu, inoshandisa algorithm inoenderana nepassword yakapinda, uye inoenzanisa iyo yakaverengerwa hashi neyakachengetwa.
Kana iwe uchida kukurumidza kuongorora kuti ndevapi vashandisi vane encrypted mapassword uye chii algorithm iri kushandiswa, unogona kushandisa rairo senge. grep '\$' /etc/shadowMuchirevo chechinyorwa chino, chiratidzo chedhora ($) chinoshandiswa kutsvaga mitsetse ine hashi mune yazvino fomati. Chiratidzo chinofanirwa kupukunyuka nekudzokera kumashure nekuti mumataurirwo enguva dzose chinoreva "kuguma kwemutsara".
Maakaunti asina password kana maakaundi akakiiwa anowanzo ratidza kukosha seizvi mumunda iwoyo. ! o * pachinzvimbo chehashi ine madhora, zvichiratidza kuti haigone kutenderwa uchishandisa standard password. Ichi chimiro chinojekesa chinhu chimwe: Linux inobatanidza salting mune yayo fomati ye kuchengetedza passwords natively.
Musiyano pakati pepassword hashing uye salting
Zvakakosha kusiyanisa zvakajeka pakati pepfungwa mbiri dzimwe nguva dzinosanganiswa: hashing y munyuPassword hashing ndiyo nzira iyo password inoshandurwa kuita kukosha kusingazivikanwe uchishandisa nzira imwe chete algorithm. Sevha haifanire kuziva iyo password yepakutanga, chete kuratidza kuti mushandisi anoziva iyo password nekuti inoburitsa imwe hashi.
Dambudziko nderekuti kana mapassword maviri akafanana, iyo Hashi isina munyu ichave yakafananaIzvi zvinobvumira anorwisa kuenzanisa uye kuunganidza vashandisi nepassword kana kushandisa pre-yakaverengerwa matafura. Uyezve, kana iyo hash algorithm ichikurumidza uye yakagadzirirwa kutendeseka kwedata (senge iri nyore SHA-256), inova panjodzi yekurwiswa kukuru kwechisimba.
Kuisa munyu kunouya chaizvo kugadzirisa kusasimba uku: zvave kuda wedzera zvisina kurongeka data kune password usati waita hasha. Mhedzisiro ndeyokuti kunyange kana vashandisi vaviri vakasarudza "casa" se password yavo, ma hashes ari mudhatabhesi achave akasiyana zvachose, nokuti mumwe achava, semuenzaniso, "casa + 7Ko #" uye imwe "casa8p? M" se pre-hash tambo.
Saka, hashing uye salting hazvikwikwidze, asi kuti zvinozadzisana. Hashing inopa iyo unidirectionality pfuma uye nyore kwekusimbisa; munyu unopa kusasiyana uye kusimba pakurwisa kukuruIyo yakachengeteka password yekuchengetedza kushandiswa inosanganisa ese maviri matekiniki, zvine mutsindo kushandisa algorithm yakagadzirirwa chinangwa ichi, ine mutengo unogadziriswa.
Kushandisa munyu muLinux ine mkpasswd
Munzvimbo dzeGNU/Linux uye mamwe masisitimu UnixNzira inoshanda kwazvo yekuedza kuisa salting ndiyo chishandiso mkpasswdUyu murairo unoshandiswa kugadzira encrypted passwords zvakachengeteka, uye inowanzobatanidzwa mumashandisi ekugadzira maitiro, zvinyorwa zvekutonga, nezvimwe.
Iyo yekutanga syntax ye mkpasswd inokutendera kuti utaure password kuti ivharwe uye nhevedzano yesarudzo senge rudzi rwe algorithm (semuenzaniso, des, md5, sha-256, sha-512) uchishandisa sarudzo. -mMuzvirongwa zvemazuva ano, chinhu chine musoro chekuita ndechokusarudza SHA-512 padikidiki, kana neakanyanya kusimba zvirongwa kana kugovera kuchivatsigira.
Iyo inonyanya kunakidza sarudzo muchirevo che salting ndeye -S, iyo inobvumira isa munyu kune password usati wainyorera. Kana zvisina kutaurwa nemaoko, mkpasswd inogona kugadzira a munyu usina kurongeka mukuurayiwa kwega kwegazvekuti kunyangwe uchishandisa iyo yakafanana login password, iyo inokonzeresa hashi yakasiyana nguva imwe neimwe.
Izvi zvinogona kusimbiswa zviri nyore: kana ukanyora "password123" kakawanda nemkpasswd, uchishandisa SHA-512 uye munyu usina kurongeka, iwe uchawana hashi dzakasiyana zvachose. Nekudaro, kana iwe ukapasa imwechete kukosha kwemunyu uchishandisa -S, iyo hashi inogara yakafanana, nekuti iyo password + munyu musanganiswa haichinji.
Kutenda kune chishandiso ichi, zviri nyore kwazvo Gadzirira mapassword akavharidzirwa nemunyu kuwedzera kumafaira ekugadzirisa, maneja vashandisi nemaoko, kana kuyedza kuita salting pasina kuronga chero chinhu.
Anofarira munyori nezve nyika yemabytes uye tekinoroji zvakazara. Ini ndinoda kugovera ruzivo rwangu kuburikidza nekunyora, uye ndizvo zvandichaita mune ino blog, kukuratidza zvinhu zvese zvinonyanya kufadza nezve gadget, software, hardware, tekinoroji maitiro, nezvimwe. Chinangwa changu ndechekukubatsira kufamba munyika yedhijitari nenzira iri nyore uye inonakidza.