本文翻译自:How can bcrypt have built-in salts?
Coda Hale's article "How To Safely Store a Password" claims that: Coda Hale的文章“如何安全地存储密码”声称:
bcrypt has salts built-in to prevent rainbow table attacks. bcrypt内置了盐来防止彩虹表攻击。
He cites this paper , which says that in OpenBSD's implementation of bcrypt
: 他引用了这篇论文 ,其中说在OpenBSD的bcrypt
实现中:
OpenBSD generates the 128-bit bcrypt salt from an arcfour (arc4random(3)) key stream, seeded with random data the kernel collects from device timings. OpenBSD从arcfour(arc4random(3))密钥流生成128位bcrypt salt,并使用内核从设备计时收集的随机数据进行种子处理。
I don't understand how this can work. 我不明白这是如何工作的。 In my conception of a salt: 在我的盐概念中:
- It needs to be different for each stored password, so that a separate rainbow table would have to be generated for each 每个存储的密码需要不同,因此必须为每个密码表生成一个单独的彩虹表
- It ne