我们可以使用 CNG(Windows 密码学 API)生成 BCrypt / SCrypt / Argon2 哈希密码吗?
Can we generate BCrypt / SCrypt / Argon2 hash password using CNG (Windows Cryptography API)?
是否可以使用 CNG(Windows 密码学 API:下一代)生成 BCrypt / SCrypt / Argon2 哈希密码?
BCrypt is a computationally difficult algorithm designed to store
passwords by way of a one-way hashing function. You input your
password to the algorithm and after significant (relative)
computation, an output is produced. Bcrypt has been around since the
late 90s and has handled significant scrutiny by the information
security/cryptography community. It has proven reliable and secure
over time.
Scrypt is an update to the same model from which Bcrypt arose. Scrypt
is designed so as to rely on high memory requirements as opposed to
high requirements on computational power. The realization that lead to
this, was that specialized computer chips (FPGA/ASICs/GPUs) could be
purchased at scale by an attacker easier than could huge amounts of
memory for a traditional computer.
简答
没有
长答案
CryptoAPI 和 CryptoAPI 下一代 (CryptNG) 都不支持 bcrypt、scrypt 或 argon2
bcrypt 是 blowfish 加密算法的定制版本。 CNG 不支持河豚。即使是这样,bcrypt 使用带有自定义 “昂贵” 密钥设置的 bcrypt 版本。
scrypt(几乎)是 PBKDF2, 受 CNG 支持:
Byte[] scrypt(String password, int DesiredNumberOfBytes, ...)
{
Byte[] salt = SpecialScryptSaltGeneration(password, ...)
return PBKDF2(password, salt, DesiredNumberOfBytes, 1);
}
但 SpecialScryptSaltGenration 使用 CNG 中未包含的原语(ChaCha,Salsa/20)。
Argon2 使用在任何地方都不存在的自定义基元。
是否可以使用 CNG(Windows 密码学 API:下一代)生成 BCrypt / SCrypt / Argon2 哈希密码?
BCrypt is a computationally difficult algorithm designed to store passwords by way of a one-way hashing function. You input your password to the algorithm and after significant (relative) computation, an output is produced. Bcrypt has been around since the late 90s and has handled significant scrutiny by the information security/cryptography community. It has proven reliable and secure over time.
Scrypt is an update to the same model from which Bcrypt arose. Scrypt is designed so as to rely on high memory requirements as opposed to high requirements on computational power. The realization that lead to this, was that specialized computer chips (FPGA/ASICs/GPUs) could be purchased at scale by an attacker easier than could huge amounts of memory for a traditional computer.
简答
没有
长答案
CryptoAPI 和 CryptoAPI 下一代 (CryptNG) 都不支持 bcrypt、scrypt 或 argon2
bcrypt 是 blowfish 加密算法的定制版本。 CNG 不支持河豚。即使是这样,bcrypt 使用带有自定义 “昂贵” 密钥设置的 bcrypt 版本。
scrypt(几乎)是 PBKDF2, 受 CNG 支持:
Byte[] scrypt(String password, int DesiredNumberOfBytes, ...)
{
Byte[] salt = SpecialScryptSaltGeneration(password, ...)
return PBKDF2(password, salt, DesiredNumberOfBytes, 1);
}
但 SpecialScryptSaltGenration 使用 CNG 中未包含的原语(ChaCha,Salsa/20)。
Argon2 使用在任何地方都不存在的自定义基元。