主要是參考「Cryptographic Right Answers」這篇給的建議:
Password handling: As soon as you receive a password, hash it using scrypt or PBKDF2 and erase the plaintext password from memory.
Do NOT store users' passwords. Do NOT hash them with MD5. Use a real key derivation algorithm. PBKDF2 is the most official standard; but scrypt is stronger.
Please keep in mind that even if YOUR application isn't particularly sensitive, your users are probably re-using passwords which they have used on other, more sensitive, websites -- so if you screw up how you store your users' passwords, you might end up doing them a lot of harm.
其中 scrypt 是作者自己發展的演算法,這邊看看就好。
你可以用 PBKDF2 (RFC 2898)。這邊假設的前提是,你不需要常常重複計算使用者的密碼是否正確。在這個前提下,我們可以把演算法弄得很複雜,而且很耗時,要複雜到用硬體加速也無法產生實質上有效的攻擊。
如果你對密碼學這個領域並不熟,Colin Percival 這篇文章可以拿來當做起點,文章裡面告訴你,某些類型的問題會用某些工具解決。
