HSM 和 Argon2 的区别? 哪一个更可取
[英]Difference between HSM and Argon2 ? which one is preferrable
问题描述
I am working on a application dealing with customer details, which we want to store in our DB as encrypted, Which one is preferable Argon2
我正在开发一个处理客户详细信息的应用程序,我们希望将其以加密形式存储在我们的数据库中,哪个更可取 Argon2
1 个解决方案
解决方案1
1 已采纳 2019-11-19 12:01:30
Argon2 is a hashing algorithm, it can be used to store password in database, in more or less secure way. Argon2 是一种散列算法,它可用于以或多或少的安全方式将密码存储在数据库中。 See OWASP guide to storing passwords.请参阅OWASP 存储密码指南。
HSM is hardware dedicated for key storage - if you have access to HSM, you should use it to store your encryption keys, certificate keys and so on. HSM是专用于密钥存储的硬件- 如果您可以访问 HSM,您应该使用它来存储您的加密密钥、证书密钥等。
While you may use HSM to store a password encrypted with reversible encryption alghorithm (ie AES, SALSA), it would perform similar role to password storage software, like KeePass.虽然您可以使用 HSM 存储使用可逆加密算法(即 AES、SALSA)加密的密码,但它的作用类似于密码存储软件,如 KeePass。
If you just need to store password in order to authenticate users, you need to keep salt, and a hash of salted password.如果您只需要存储密码以验证用户身份,则需要保留盐,以及盐渍密码的 hash。 Hashing function by definition always gives you the same result for the same data.根据定义散列 function 总是为相同的数据提供相同的结果。 When user account is created, you generate salt, add it to password, and hash the result.创建用户帐户后,您生成盐,将其添加到密码中,结果为 hash。 Then you save hash and salt.然后你保存 hash 和盐。 When user tries to authenticate, add stored salt to password, hash the result, and check if its value is equal to value of hash in your database.当用户尝试进行身份验证时,将存储的盐添加到密码中,结果为 hash,并检查其值是否等于数据库中 hash 的值。
On the other hand, if you are making a password vault of some kind, you need to be able to decrypt stored data.另一方面,如果您要创建某种密码库,则需要能够解密存储的数据。 HSM may be useful for that. HSM 可能对此有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.