Jiang haike (Chief Technical architect of antian Lab)'s "encryption policies for password fields from database theft attacks" briefly lists the commonProgramAnd some recommended security encryption policies. At the same time, he also mentioned the antiy password mixer developed by the CERT Lab (which is a common cryptographic Toolkit) for developers to choose.
Currently, only Python versions are available. php and Ruby versions will be available in the future. If you need C/C ++ or other language versions, you will be charged.
After a brief look at the source code, the principle is similar to what we imagined:
The ciphertext uses the"Sha256 (username + 32-bit random salt + plaintext password)", And then stored in Kyoto Cabinet (the predecessor of TC) together with salt and the extended Information encrypted by RSA ).
If the plaintext of the password is hard to be stored, the RSA public key will be used to encrypt "salt + plaintext of the password" and then stored in KC. If necessary, the private key can be used to solve the plaintext of the password.
In additionAlgorithmFor example, the hash algorithm does not select common MD5 and sha1, but selects 256bit sha256. The RSA key certificate uses a long 4096-bit value.
After figuring out the principles, you can implement them flexibly in your own projects :)