简体繁体 English

SHA-256密码生成器

[英]SHA-256 password generator

原文 2010-10-20 02:01:12 5 2 javascript/ python/ sha256

i saw a javascript implementation of sha-256. 我看到了sha-256的JavaScript实现。 i waana ask if it is safe (pros/cons wathever) to use sha-256 (using javascript implementation or maybe python standard modules) alogrithm as a password generator: 我waana询问使用sha-256（使用javascript实现或python标准模块）alogrithm作为密码生成器是否安全（优点/缺点）：

i remember one password, put it in followed(etc) by the website address and use the generated text as the password for that website. 我记得一个密码，将其放在网站地址的后面（等），并使用生成的文本作为该网站的密码。 repeat process every time i need password same for other websites 每当我需要其他网站的密码都相同时，重复此过程

2 个解决方案

I think you are describing the approach used by SuperGenPass : 我认为您正在描述SuperGenPass使用的方法：

Take a master password (same for every site), concatenate it with the site's domain name, and then hash the thing. 取一个主密码（每个站点都相同），将其与站点的域名连接起来，然后对内容进行哈希处理。

Yes, SHA-256 would be secure for that, likely more secure than when SuperGenPass uses. 是的，SHA-256对此将是安全的，它可能比SuperGenPass使用时更安全。 However, you will end up with very long passwords, too long for many sites to accept, and also not guaranteed to contain numbers and letters and special characters at the same time, which some sites require. 但是，您最终将获得非常长的密码，对于许多站点来说太长了，无法接受，并且也不能保证某些站点同时需要包含数字，字母和特殊字符。

Also, the general problem remains that if somehow (not by breaking the algorithm, but by other means) your master password does get leaked, all your passwords are belong to us. 同样，普遍的问题仍然在于，如果您以某种方式（不是通过破坏算法，而是通过其他方式）泄漏了您的主密码，则您的所有密码均属于我们。

Completely random passwords are most secure (if we ignore the problem of storing them securely somewhere). 完全随机的密码是最安全的（如果我们忽略将密码安全地存储在某个地方的问题）。

SHA-256 generates very long strings. SHA-256生成非常长的字符串。 You're better off using random.choice() with a string a fixed number of times. 您最好对字符串使用random.choice()固定次数。