[WEB] Bcrypt๐Ÿ’ก

inah-_-ยท2021๋…„ 3์›” 8์ผ
0

WEB

๋ชฉ๋ก ๋ณด๊ธฐ
6/10

์ค‘์š”์ค‘์š”์ค‘์š” x 100

Bcrypt๐Ÿ’ก

๊ฐ€์žฅ ๊ฐ•๋ ฅํ•œ ๋‹จ๋ฐฉํ–ฅ ๋น„๋ฐ€๋ฒˆํ˜ธ ํ•ด์‹œ ๋งค์ปค๋‹ˆ์ฆ˜ ์ค‘ ํ•˜๋‚˜๋กœ
C, C++, C#, Go, Java, PHP, Perl, Python, Ruby๋“ฑ์˜ ์–ธ์–ด๋ฅผ ์ง€์›ํ•œ๋‹ค.
๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋‹จ๋ฐฉํ–ฅ ์•”ํ˜ธํ™” ํ•˜๊ธฐ ์œ„ํ•ด ๋งŒ๋“ค์–ด์ง„ ํ•ด์‰ฌํ•จ์ˆ˜์ด๋ฉฐ,
Salting & Key Stretching ๋Œ€ํ‘œ์  ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋กœ,
์•ž์„œ ๋งํ–ˆ๋“ฏ์ด ๋‹ค์–‘ํ•œ ์–ธ์–ด๋ฅผ ์ง€์›ํ•˜๊ณ  ์žˆ๊ณ  ์‚ฌ์šฉ์ด ๊ฐ„ํŽธํ•˜์—ฌ ์‰ฝ๊ฒŒ ์ ์šฉ์ด ๊ฐ€๋Šฅํ•˜๋‹ค.

bcrypt๋Š” hash๊ฒฐ๊ณผ๊ฐ’์— ์†Œ๊ธˆ๊ฐ’๊ณผ ํ•ด์‹œ๊ฐ’ ๋ฐ ๋ฐ˜๋ณตํšŸ์ˆ˜๋ฅผ ๊ฐ™์ด ๋ณด๊ด€ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋น„๋ฐ€๋ฒˆํ˜ธ ํ•ด
์‹ฑ์„ ์ ์šฉํ•˜๋Š”๋ฐ ์žˆ์–ด DB์„ค๊ณ„๋ฅผ ๋ณต์žกํ•˜๊ฒŒ ํ•  ํ•„์š”๊ฐ€ ์—†๋‹ค.

In [40]: import bcrypt

In [41]: bcrypt.hashpw(b"secrete password", bcrypt.gensalt())
Out[41]: b'$2b$12$.XIJKgAepSrI5ghrJUaJa.ogLHJHLyY8ikIC.7gDoUMkaMfzNhGo6'

In [42]: bcrypt.hashpw(b"secrete password", bcrypt.gensalt()).hex()
Out[42]: '243262243132242e6b426f39757a69666e344f563852694a43666b5165445469397448446c4d366635613542396847366d5132446d62744b70357353'


๋‹จ๋ฐฉํ–ฅ ํ•ด์‰ฌ ํ•จ์ˆ˜์˜ ์ทจ์•ฝ์ ๋“ค์„ ๋ณด์•ˆํ•˜๊ธฐ ์œ„ํ•ด ์ผ๋ฐ˜์ ์œผ๋กœ 2๊ฐ€์ง€ ๋ณด์™„์ ๋“ค์ด ์‚ฌ์šฉ๋œ๋‹ค.

SALTING

์‹ค์ œ ๋น„๋ฐ€๋ฒˆํ˜ธ ์ด์™ธ์— ์ถ”๊ฐ€์ ์œผ๋กœ ๋žœ๋ค ๋ฐ์ดํ„ฐ(์ž„์˜์˜ ๋ฌธ์ž์—ด)๋ฅผ ๋”ํ•˜์—ฌ ํ•ด์‹œ๊ฐ’์„ ๊ณ„์‚ฐ

KeyStretching

๋‹จ๋ฐฉํ–ฅ ํ•ด์‰ฌ๊ฐ’์„ ๊ณ„์‚ฐํ•œ ํ›„ ๊ทธ ํ•ด์‰ฌ๊ฐ’์„ ๋˜ ํ•ด์‰ฌํ•˜๊ณ , ๋˜ ๋ฐ˜๋ณตํ•˜๋Š” ๊ฒƒ์„ ๋งํ•œ๋‹ค.
ํ•ด์‰ฌ๋ฅผ ๋ฐ˜๋ณตํ•  ์ˆ˜๋ก ํ•ดํ‚นํ•˜๋Š”๋ฐ์— ์‹œ๊ฐ„์ด ๋งŽ์ด ๊ฑธ๋ฆฐ๋‹ค.
ex) ๋ชธ ์ŠคํŠธ๋ ˆ์นญ ํ•˜๋“ฏ์ด ๋Š˜๋ฆฐ๋‹ค๊ณ  ์ƒ๊ฐํ•˜๋ฉด ์‰ฌ์›€

์š”์•ฝ


profile
์‚ฝ์งˆ์€ ์˜๋ฏธ๊ฐ€ ์žˆ๋‹ค๐Ÿฅด

0๊ฐœ์˜ ๋Œ“๊ธ€