国产精品香蕉在线观看网,亚洲欧美精品综合在线观看,亚洲不卡av一区二区无码不卡,亚洲日本精品国产第一区二区

Tags：應(yīng)用安全(1006)安全密碼(6)存儲(chǔ)用戶(3)　　

　　本文供給的代碼中 slowequals 函數(shù)是如何工作的

　　上一答復(fù)講到了我們需要比較時(shí)候固定的函數(shù)，這部門具體講一下代碼的實(shí)現(xiàn)。

　　1. private static boolean slowEquals(byte[] a, byte[] b)

　　2. {

　　3. int diff = a.length ^ b.length;

　　4. for(int i = 0; i

　　5. diff |= a[i] ^ b[i];

　　6. return diff == 0;

　　7. }

　　這段代碼利用了異或(XOR)把持符”^”來比較整數(shù)是不是相等，而沒有益用”==”把持符。啟事在于假定兩個(gè)數(shù)完全一致，異或以后的值為零。因?yàn)?0 XOR 0 = 0, 1 XOR 1 = 0, 0 XOR 1 = 1, 1 XOR 0 = 1。

　　所以，第一行代碼假定a.length便是b.length，變量diff便是0,不然的話diff就是一個(gè)非零的值。然后，讓a，b的每個(gè)字節(jié)XOR以后再跟diff OR。如許，只有diff一開端是0,并且，a，b的每個(gè)字節(jié)XOR的成果也是零，最后輪回完成后diff的值才是0,這類環(huán)境是a，b完全一樣。不然最后diff是一個(gè)非零的值。

　　我們利用XOR而不合用”==”的啟事是”==”凡是編譯成分支的情勢(shì)。好比C代碼”diff &= a == b” 可能編譯成下面的X86匯編。

　　MOV EAX, [A]

　　CMP [B], EAX

　　JZ equal

　　JMP done

　　equal:

　　AND [VALID], 1

　　done:

　　AND [VALID], 0

　　分支會(huì)導(dǎo)致代碼履行的時(shí)候呈現(xiàn)差別。

　　C代碼的”diff |= a ^ b”編譯以后近似于，

　　MOV EAX, [A]

　　XOR EAX, [B]

　　OR [DIFF], EAX

　　履行時(shí)候跟兩個(gè)變量是不是相等沒有關(guān)系。

　　為甚么要會(huì)商這么多關(guān)于hash的東西

　　用戶在你的網(wǎng)站上輸進(jìn)暗碼，是相信你的安然性。假定你的數(shù)據(jù)庫被黑了。而用戶暗碼又沒有得當(dāng)?shù)暮亲o(hù)，那么歹意的報(bào)復(fù)打擊者便可以操縱這些暗碼測(cè)驗(yàn)測(cè)驗(yàn)登岸其他的網(wǎng)站和辦事。進(jìn)行撞庫報(bào)復(fù)打擊。(良多用戶在所有的處所都是利用不異的暗碼)這不但僅是你的網(wǎng)站安然，是你的所有效戶的安然。你要對(duì)你用戶的安然負(fù)責(zé)。

　　大年夜大都的web開辟者城市碰著設(shè)計(jì)用戶賬號(hào)系統(tǒng)的需求。賬號(hào)系統(tǒng)最首要的一個(gè)方面就是若何呵護(hù)用戶的暗碼。一些大公司的用戶數(shù)據(jù)庫泄漏事務(wù)也時(shí)有產(chǎn)生，所以我們必需采納一些辦法來呵護(hù)用戶的暗碼，即便網(wǎng)站被攻破的環(huán)境下也不會(huì)造成較大年夜的風(fēng)險(xiǎn)。

　　PHP PBKDF2 暗碼hash代碼

　　代碼下載

　　/*

　　* Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).

　　* Copyright (c) 2013, Taylor Hornby

　　* All rights reserved.

　　*

　　* Redistribution and use in source and binary forms, with or without

　　* modification, are permitted provided that the following conditions are met:

　　*

　　* 1. Redistributions of source code must retain the above copyright notice,

　　* this list of conditions and the following disclaimer.

　　*

　　* 2. Redistributions in binary form must reproduce the above copyright notice,

　　* this list of conditions and the following disclaimer in the documentation

　　* and/or other materials provided with the distribution.

　　*

　　* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

　　* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

　　* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

　　* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

　　* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

　　* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

　　* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

　　* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

　　* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

　　* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

　　* POSSIBILITY OF SUCH DAMAGE.

　　*/

　　// These constants may be changed without breaking existing hashes.

　　define("PBKDF2_HASH_ALGORITHM", "sha256");

　　define("PBKDF2_ITERATIONS", 1000);

　　define("PBKDF2_SALT_BYTE_SIZE", 24);

　　define("PBKDF2_HASH_BYTE_SIZE", 24);

　　define("HASH_SECTIONS", 4);

　　define("HASH_ALGORITHM_INDEX", 0);

　　define("HASH_ITERATION_INDEX", 1);

　　define("HASH_SALT_INDEX", 2);

　　define("HASH_PBKDF2_INDEX", 3);

　　function create_hash($password)

　　{

　　// format: algorithm:iterations:salt:hash

　　$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM));

　　return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .

　　base64_encode(pbkdf2(

　　PBKDF2_HASH_ALGORITHM,

　　$password,

　　$salt,

　　PBKDF2_ITERATIONS,

　　PBKDF2_HASH_BYTE_SIZE,

　　true

　　));

　　}

　　function validate_password($password, $correct_hash)

　　{

　　$params = explode(":", $correct_hash);

　　if(count($params) <　　/*

　　* Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).

　　* Copyright (c) 2013, Taylor Hornby

　　* All rights reserved.

　　*

　　* Redistribution and use in source and binary forms, with or without

　　* modification, are permitted provided that the following conditions are met:

　　*

　　* 1. Redistributions of source code must retain the above copyright notice,

　　* this list of conditions and the following disclaimer.

　　*

　　* 2. Redistributions in binary form must reproduce the above copyright notice,

　　* this list of conditions and the following disclaimer in the documentation

　　* and/or other materials provided with the distribution.

　　*

　　* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

　　* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

　　* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

　　* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

　　* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

　　* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

　　* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

　　* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

　　* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

　　* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

　　* POSSIBILITY OF SUCH DAMAGE.

　　*/

　　// These constants may be changed without breaking existing hashes.

　　define("PBKDF2_HASH_ALGORITHM", "sha256");

　　define("PBKDF2_ITERATIONS", 1000);

　　define("PBKDF2_SALT_BYTE_SIZE", 24);

　　define("PBKDF2_HASH_BYTE_SIZE", 24);

　　define("HASH_SECTIONS", 4);

　　define("HASH_ALGORITHM_INDEX", 0);

　　define("HASH_ITERATION_INDEX", 1);

　　define("HASH_SALT_INDEX", 2);

　　define("HASH_PBKDF2_INDEX", 3);

　　function create_hash($password)

　　{

　　// format: algorithm:iterations:salt:hash

　　$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM));

　　return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .

　　base64_encode(pbkdf2(

　　PBKDF2_HASH_ALGORITHM,

　　$password,

　　$salt,

　　PBKDF2_ITERATIONS,

　　PBKDF2_HASH_BYTE_SIZE,

　　true

　　));

　　}

　　function validate_password($password, $correct_hash)

　　{

　　$params = explode(":", $correct_hash);

　　if(count($params) <　　/*

　　* Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).

　　* Copyright (c) 2013, Taylor Hornby

　　* All rights reserved.

　　*

　　* Redistribution and use in source and binary forms, with or without

　　* modification, are permitted provided that the following conditions are met:

　　*

　　* 1. Redistributions of source code must retain the above copyright notice,

　　* this list of conditions and the following disclaimer.

　　*

　　* 2. Redistributions in binary form must reproduce the above copyright notice,

　　* this list of conditions and the following disclaimer in the documentation

　　* and/or other materials provided with the distribution.

　　*

　　* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

　　* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

　　* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

　　* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

　　* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

　　* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

　　* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

　　* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

　　* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

　　* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

　　* POSSIBILITY OF SUCH DAMAGE.

　　*/

　　// These constants may be changed without breaking existing hashes.

　　define("PBKDF2_HASH_ALGORITHM", "sha256");

　　define("PBKDF2_ITERATIONS", 1000);

　　define("PBKDF2_SALT_BYTE_SIZE", 24);

　　define("PBKDF2_HASH_BYTE_SIZE", 24);

　　define("HASH_SECTIONS", 4);

　　define("HASH_ALGORITHM_INDEX", 0);

　　define("HASH_ITERATION_INDEX", 1);

　　define("HASH_SALT_INDEX", 2);

　　define("HASH_PBKDF2_INDEX", 3);

　　function create_hash($password)

　　{

　　// format: algorithm:iterations:salt:hash

　　$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM));

　　return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .

　　base64_encode(pbkdf2(

　　PBKDF2_HASH_ALGORITHM,

　　$password,

　　$salt,

　　PBKDF2_ITERATIONS,

　　PBKDF2_HASH_BYTE_SIZE,

　　true

　　));

　　}

　　function validate_password($password, $correct_hash)

　　{

　　$params = explode(":", $correct_hash);

　　if(count($params) < HASH_SECTIONS)

　　return false;

　　$pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);

　　return slow_equals(

　　$pbkdf2,

　　pbkdf2(

　　$params[HASH_ALGORITHM_INDEX],

　　$password,

　　$params[HASH_SALT_INDEX],

　　(int)$params[HASH_ITERATION_INDEX],

　　strlen($pbkdf2),

　　true

　　)

　　);

　　}

　　// Compares two strings $a and $b in length-constant time.

　　function slow_equals($a, $b)

　　{

　　$diff = strlen($a) ^ strlen($b);

　　for($i = 0; $i < strlen($a) && $i < strlen($b); $i++)

　　{

　　$diff |= ord($a[$i]) ^ ord($b[$i]);

　　}

　　return $diff === 0;

　　}

　　/*

　　* PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt

　　* $algorithm - The hash algorithm to use. Recommended: SHA256

　　* $password - The password.

　　* $salt - A salt that is unique to the password.

　　* $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.

　　* $key_length - The length of the derived key in bytes.

　　* $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.

　　* Returns: A $key_length-byte key derived from the password and salt.

　　*

　　* Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt

　　*

　　* This implementation of PBKDF2 was originally created by https://defuse.ca

　　* With improvements by http://www.variations-of-shadow.com

　　*/

　　function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)

　　{

　　$algorithm = strtolower($algorithm);

　　if(!in_array($algorithm, hash_algos(), true))

　　trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);

　　if($count <= 0 || $key_length <= 0)

　　trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);

　　if (function_exists("hash_pbkdf2")) {

　　// The output length is in NIBBLES (4-bits) if $raw_output is false!

　　if (!$raw_output) {

　　$key_length = $key_length * 2;

　　}

　　return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);

　　}

　　$hash_length = strlen(hash($algorithm, "", true));

　　$block_count = ceil($key_length / $hash_length);

　　$output = "";

　　for($i = 1; $i <= $block_count; $i++) {

　　// $i encoded as 4 bytes, big endian.

　　$last = $salt . pack("N", $i);

　　// first iteration

　　$last = $xorsum = hash_hmac($algorithm, $last, $password, true);

　　// perform the other $count - 1 iterations

　　for ($j = 1; $j < $count; $j++) {

　　$xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));

　　}

　　$output .= $xorsum;

　　}

　　if($raw_output)

　　return substr($output, 0, $key_length);

　　else

　　return bin2hex(substr($output, 0, $key_length));

　　}

　　>