最近我改变了我的认证系统来设计。 我想将现有的用户数据迁移到这个新系统。 上一个使用SHA256哈希来保存密码。 据我所知,这种加密是一种方式,因此在这种情况下,将用户数据迁移到新系统的最佳方法是什么。 如我所知,设计支持SHA512加密,但不支持SHA256。
Recently I have changed my authentication system to devise. I want to migrate my existing user data to this new system. Previous one was using SHA256 hash to save password. As I know this encryption is one way so in that case what will be the best way to migrate users data to new system. Devise support SHA512 encryption as well but not SHA256 as I know.
最满意答案
简单地增加散列大小并不会带来太大的安全性。 请阅读经过处理的哈希和盐渍。
传统上,您在用户更改密码时升级密码。 密码类型与密码一起存储(通用格式: $type$salt$hashpassword ),或者存储在相邻列中,允许您检测要使用的算法。
是否强制用户更改密码是您的选择。
Simply upping the hash size isn't buying much security. Please read up on intreated hashes and salting.
Traditionally, you upgrade a password upon the user changing their password. The type of password is either stored with the password (common format: $type$salt$hashpassword), or in an adjacent column, allowing you detect which algorithm to use.
Whether you force users to change their password is your choice.
更多推荐
发布评论