February 2013
Intermediate to advanced
380 pages
7h 45m
Japanese
Content preview from Nodeクックブック
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
239
レシピ 7.2 crypto モジュールでパスワードをハッシュ化する
server.js
var hash = crypto
.createHmac('md5', 'supersecretkey')
.update(req.body.pass)
.digest('hex');
HMAC
を利用すると、レインボーテーブルを使用した攻撃を防ぐことができます。秘密鍵が
ハッシュを変化させるので、攻撃者が秘密鍵を取得しない限り、レインボーテーブルをほぼ無力化
します(サーバの管理者権限が乗っ取られて秘密鍵が取得されると、
HMAC
の利点は無力化しま
す。ただしそのような場合には、レインボーテーブル攻撃はもはや必要とされません)。
ミニレシピ
7.2.2
PBKDF2
で強固なハッシュ値を生成する
PBKDF2
は
Password-Based Cryptography
標準の一部である「
Password-Based Key Derivation
Function
」の頭文字をとったもので、そのバージョン
2
です。
PBKDF2
は、ハッシュ値のハッシュ値を何千回にもわたって生成して最終的な値を提供すると
いう、非常に強力な性質を持っています。ハッシュ関数を複数回適用すると、
1
回だけ適用した場
合と比べて元データの候補数を飛躍的に増やすため、攻撃者にとっては解析結果の価値を大きく超
えるレベルの多大なハードウェアの投資が必要となります。
crypto.pbkdf2
メソッドは、パスワード、ソルト値(
salt value
。単に
salt ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.