这个视频的标题应该是…不如就用这个吧
The title of this, ur, video should be, c…can we have this.
题目就叫“如何不存储密码”
The title of this video should be “How not to store passwords”.
好吧 谢谢 嗯…
Um…uh, thank you, um,
因为能避免的话 你真的不应该保存密码
because, y…you really shouldn’t store passwords yourself if you can at all avoid it.
如果你运行使用某个网络服务
If you are running any kind of web service
然后保存了密码
and you are storing passwords
那你就大错特错了
it is so incredibly easy to get it wrong ur,
所以劝你不要这样做
that basically you shouldn’t try.
如果你能使用Facebook或Twitter或Google账号进行联合登录
If you can use sign-in with Facebook or Twitter or Google
让他们帮你搞定
and get them to handle it for you,
请一定这么做
for crying out loud please do.
如果你是网页设计者
If you’re web programmer sooner or later,
你早晚得面对密码保存的问题
you’re gonna have to store passwords
下面介绍几种不用保存密码的方法
and this is the ways not to do it.
如果你想知道具体方法
If you wanna know the ways to do it,
我会在后面提到
I will kinda say that at the end
但请一定要查阅最新的
but please please please look up a recent tutorial
你使用的编程语言的教程
for the language you’re using.
因为 你看视频时
Um, by the time you watch this video,
建议可能就过时了
the advice will have changed.
你看到的可能是几年前的视频
You may be watching this years in the future,
所以你应该看最近几个月的教程
look up a tutorial that has been written
且写这个教程的人一定得有可信度
the last few months by someone reputable and follow that
然后你再看他是如何不保存密码的
how do you not store passwords.
第一个最简单的办法就是
The first instinct, the naive thing
直接选择保存用户密码
is just store the users passwords.
比如 这是一个注册框
So let’s say you have a signup box,
这里要填上用户名和密码
and you have a username and password box.
最省事的办法就是当用户注册时
The naive thing is when a user signs up,
将密码以纯文本的形式
you take their password and store it in the database
储存在数据库中
as it is in plain text.
这样做的优点是：
That has a couple of advantages:
首先 如果用户忘记密码
first of all if they forget their password,
就可以用邮件发给他们
you could just email it to them.
这样也使核查更简单
And it means that checking it is really simple:
当他们下一次登录时
when they log in again, you take the username,
你将他们输入的用户名和密码
you take that password, and then you check what they just typed you
和数据库里的数据作比照
compare it to what it’s in the database,
如果正好匹配 就允许他们进入
and if it matches, you let them in.
这是保存密码的最简单的方式
And that is the naive approach to storing passwords
有一些专业的网络也用了这个方法
and there are still professional websites.
那些大企业所运营的网络
Out there, run by big corporations
它们用的就是这个储存办法
that still use this strategy.
你能看出来它们用的就是这个方式
And you can tell that they’re using this strategy
因为当你点击忘记密码时
because they email your password back to you
它们会以纯文本的形式将密码发给你
in plain text when you ask for it.
这个做法非常不好
This is a monumentally bad idea.
极其不好
This is an astonishingly bad idea
因为如果有人利用安全漏洞进入你的数据库
because if someone gets into your database through a security hole,
或者他们是拥有进入权限的内部人员
or because they’re an insider with access,
老实说
and let’s be honest,
如果你以这种方式保存密码
if you’re storing passwords this way
你可能也会有其他安全漏洞
you probably have other security holes too,
这样你的用户的身份和密码就暴露了
then they can just read out every user, and their passwords,
还有用户的邮箱地址 甚至登录密码
so you have their email address, and you have their passwords.
说实话
And let’s be honest,
在网络上很多人的邮箱设得都是同一个密码
most people reuse the same password for their email address on websites,
所以这很不明智
so this is a bad idea,
安全隐患太大了
because it’s incredibly insecure.
方法2
Approach number 2.
比第一个方法稍难 仍然不是好方法
Slightly less naive, still a bad idea,
就是将密码加密
is you take that password, and you encrypt it,
这样就有了一定的隐蔽性
so you hide it behind something.
有两种加密方式
And encryption is two way.
加密就是你有一把钥匙
So encryption is so you have a key that will lock something,
既能锁门 也能开门
and then unlock it again.
那么这个方法就是
So the naive approach is you take the user’s password,
你把密码放进数据库
you take it into your database,
再这样加密 把密码锁在里面
encrypt it like this behind the other thing you’ve locked.
当用户下一次登录时
And then, when they log in again,
他提取他们输入的内容
you take what they’ve got,
然后来到数据库 解锁数据库
you go here, you unlock this,
然后比照一下 匹配后就允许他们进入
you compare them, and then you let them in!
这种方法又安全了一点
Now that’s a little bit more secure,
因为就算有人想读取数据库 他们也没有密钥
because if someone just reads out the database you’ve got an encryption key there,
但这种方法也有缺点
but it’s got a couple of big flaws.
首先
First of all,
只要钥匙能用
as soon as that key is available,
就能拿到密码 读出密码
the password is still visible and can still be read out
所以内部人员
and it means that an insider,
或者黑客之类的
or even a hacker in some cases
就能轻而易举地拿到密钥
can just take the encryption key as well with them
然后进入 并获得密码
and they’ve still got access to all the passwords
这样就不妙了
that’s a pretty bad idea.
还有一个缺点就是
The other flaw with this is that if you have lots
很多人用同一个密码
of people using the same password,
如果网站够大的话 这种情况当然会发生
and if you’ve got a big site this will happen
因为很多人的密码是123456 或者password1
because lots of people will use 123456 or password1.
如果你的YouTube密码就是这个
And if I’ve just said either of your youtube passwords,
就赶快换吧
go change it.
真是这样简单的话 加密也不管用
If you have that all the encryption will be the same,
因为即使你没有密钥
so even if you don’t have the encryption key,
你也能猜猜那些常用的密码
you can still tell that all these people have the same password, so it’s probably a common one.
这个月Adobe公司就犯了这么一个错误
Adobe just made this mistake this month,
就在我们录制本视频不久前
as we record this,
那个开发了Acrobat软件的大公司
Adobe, the big company behind Acrobat,
就是制作pdf文档的那个软件
which makes PDFs.
Photoshop等软件也都是Adobe公司开发的
Behind Photoshop, behind all the big tools,
数以百万计的用户受到波及
millions and millions and millions of users
他们的密码数据库被攻破 数个G的密码数据丢失了
their password database got breached gigabytes of passwords lost.
但幸好……
But it’s fine…this…
[调试设备]你的吧？是的 我的没问题
Yours, yes mine were as well
我没在其他地方用过这个密码
fortunately I didn’t use that password anywhere else,
希望你也是如此
which is what you should hopefully be doing.
一旦密码被加密
Their passwords were encrypted,
也就是 给密码加了一把锁
and that was it, it was just a lock on it,
但这也意味着 拥有相同密码的人
and it meant that everyone who had the same password
他们的加密密码也一样
had the same encrypted code.
不幸的是他们还保存了密码提示
Unfortunately they’d also stored all the password hints with them
这就有意思了
which is wonderful.
不信你去看一下 比如说
Because then you can look, oh look,
有20个人有相同的密码
there’s 20 people who’ve used the same password here.
一个人的密码提示是“迈克尔·杰克逊”
And that one says Michael Jackson is the password hint,
另一个人的是“万圣节”
and that one says Halloween,
第三个人密码提示是“典型类型” 答案就是“thriller（惊悚片）”
and that one says “type of movie”, oh look it’s “thriller”.
好吧 这下真的让人“惊悚”了
OK, wonderful it’s “thriller”.
而世界上最大的软件公司之一
And that’s one of the biggest software companies in the world,
竟然也犯这种错误
didn’t do this properly anyway.
所以 密码加密也不可靠
So, don’t use encryption.
简单方法3
Naive attempt number 3.
散列法 这个概念我在之前的视频中提到过
Hashing. Now I talked about this in an earlier video,
散列法就是大量数据的摘要
a hash is a summary of a load of data.
所以假如你有用户输入的登录密码
So let’s say you have the password the user enters,
那么当用户登录时
and you know that, when they enter it,
你会把它散列化
you’re gonna hash it.
将其代入回旋算法
You’re gonna put it through some kind
得到这样一个结果
of convolutions that ends up like that.
然后 用户下一次输入密码时
And then, when the users enters their password again,
密码的改变方式一样 所以最终结果也一样
mutate in the same way, compare, they’re the same
理论上看散列法很可靠
which is great in theory.
但不幸的是 你还会遇到Adobe的问题
But unfortunately you open the same problem that Adobe had
也就是如果你能找出共同密码
which is that if you can tell a common password,
如果许多人的数据列中都有它
if it’s in loads of people’s database entries,
你就可能找到原始密码
you probably can work out what it is.
更糟的是 我之前也提到过这一点
Worse than that, as I’ve said before,
谷歌浏览器提供散列索引表
Google has an index of these things,
如果你用的是基础散列算法
if you’re using a basic hashing algorithm,
那么只要你输入散列代码
you can pretty much just type the code
谷歌就能把密码给你发过来
into Google and it will give you the password back.
只要在谷歌中搜索常用散列表
As well as just searching for common hashes on Google
就会出现一些称为“彩虹表”的东西
there are these things called “rainbow tables”
这样你就不用辛辛苦苦地用电脑算来算去
which trade off computation time for hard drive space.
所以你不必计算数百万个散列
So rather than having to calculate millions and milions of hashes,
只需提供一个密码就能解决一切问题
for this one password, someone has already done it for you
因为有人计算了数十亿常见密码的散列
calculated hashes for billions of common passwords
然后将其放在一个数据库里
and just put them out in a database.
散列有数十亿字节的长度
It’s gigabytes long,
但搜索起来很容易
but it’s a lot easier to search through that
比你做一大堆计算简单多了
than it is to try and do a load of calculations.
所以如果你用的是常见的散列函数
So if you’re using something common
比如MD5或SHA1 却没有进一步的加密
like MD5 or SHA1 with nothing else added
那么通过彩虹表几秒内就能破译了
the rainbow table will pretty much help you crack that in a few seconds.
我本人以前用过这些方法
I have in the past used all those naive approaches myself
用在我以前建立的系统上
on things I built in my youth.
我对还在使用的系统进行了重新加密
I’ve gone back and fixed them where they’re still alive
就是默默地改了加密方式
and just sort of quietly buried code where they weren’t.
但现在能用的方法就是
But the approach nowadays is to
散列法 加盐加密之类的
use something called hashing and salting.
我觉得最保险的方法就是从不保存密码
As I said the best thing is not to store passwords at all.
但如果迫不得已
But if you have to,
就建议你使用散列法和加盐加密
the advice these days is hash, salt.
加盐加密就是随机生成一串字符
So a salt is a random string of characters
每个用户的字符都不同
that is different for every single user.
它就是你的密码 存在数据库里
It’s a password you know, in your database,
你可以直接存成纯文本的形式 这不要紧
you can store it in plain text, it doesn’t matter.
其他用户甚至知道它
The user could even know it,
反正也没什么用
not it would help them with anything.
这意味着 用户注册时
That means when the user registers,
输入密码后
they put their password in
选择相同的运算法则
and it goes into the same algorithm.
但不同的是
But as well as that,
将针对每个用户产生随机的字符串
you generate a random string of characters for each user,
完全随机 简直就是你的第二密码
completely random, a new second password if you like.
进入数据库前
That goes in the database
先通过加盐加密
and that gets fed into this algorithm too.
所以密码经过算法后 改变了很多
So that comes in, mutates it a bit more,
出来后变得你都不认识了
comes out with something else.
所以如果另一个用户使用了相同的密码
So if another user uses the same password
加盐后会据此得到完全不同的字符
that algorithm will get a completely different salt from them.
有些人可能会直接保存原始密码 这可不太好
Some people might base it on the username that’s generally a bad thing to do.
应该加密成一个随机的字符串
It should just be a random string of characters.
这样不同用户的相同密码
So the same password going
会被改成完全不同的内容
in from a different user will mutate into something entirely different.
不过关键是
The point of this
你现在拥有的是
is that now you just have
一个随机的字符串
a random string for each user,
你可能不能根据它找回密码了
you cannot possibly pull the password back from this.
拿着这个字符串 你上网也搜不到对应的密码
It wont appear in Google
因为这些字符又长又随机
because it’s a massively long random string,
你不能使用暴力破解
you can’t brute force it back
猜测那些常用密码
by looking at what common passwords are reused.
你能做的就是用最原始的破解方法
All you can do is do the old style attack
一个一个地试那些常用密码（穷举法）
of trying every single common password one after the other.
这时候如果你的加盐密码很长
And if your salt is long
散列算法也足够复杂
enough and your hashing algorithm is complicated enough,
那你就别想找回原始密码了
then that’s really incredibly difficult to do.
正确保存密码
Do it right,
是个需要漫长的时间来克服的难题
and it’s lifetime of the universe difficult to do.
的确是个难题 除非你直接拿123456当密码
Or at least it is, until they use the password 123456