[{"data":1,"prerenderedAt":54},["ShallowReactive",2],{"i-lucide:menu":3,"i-lucide:grip":8,"i-lucide:chevron-right":10,"i-lucide:moon":12,"i-lucide:sun":14,"i-material-symbols:language":16,"i-lucide:chevron-down":18,"i-lucide:shield-check":20,"i-lucide:mail":22,"i-tabler:markdown":24,"i-lucide:code-xml":26,"i-lucide:film":28,"i-lucide:file-text":30,"i-lucide:box":32,"i-lucide:code-2":34,"i-lucide:image":35,"i-lucide:square-sigma":37,"i-lucide:gamepad-2":39,"i-lucide:sparkles":41,"i-lucide:graduation-cap":43,"blog-body-hash-salt-password-hashing-zh":45,"i-lucide:cpu":46,"i-lucide:code":48,"i-lucide:fingerprint":50,"i-lucide:key-round":52},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":7},0,24,false,"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M4 5h16M4 12h16M4 19h16\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":9},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Ccircle cx=\"12\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"12\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"12\" cy=\"19\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"19\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"19\" r=\"1\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":11},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m9 18l6-6l-6-6\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":13},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M20.985 12.486a9 9 0 1 1-9.473-9.472c.405-.022.617.46.402.803a6 6 0 0 0 8.268 8.268c.344-.215.825-.004.803.401\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":15},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Ccircle cx=\"12\" cy=\"12\" r=\"4\"\u002F>\u003Cpath d=\"M12 2v2m0 16v2M4.93 4.93l1.41 1.41m11.32 11.32l1.41 1.41M2 12h2m16 0h2M6.34 17.66l-1.41 1.41M19.07 4.93l-1.41 1.41\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":17},"\u003Cpath fill=\"currentColor\" d=\"M8.125 21.213q-1.825-.788-3.187-2.15t-2.15-3.188T2 11.988t.788-3.875t2.15-3.175t3.187-2.15T12.013 2t3.875.788t3.175 2.15t2.15 3.175t.787 3.875t-.787 3.887t-2.15 3.188t-3.175 2.15t-3.875.787t-3.888-.787M12 19.95q.65-.9 1.125-1.875T13.9 16h-3.8q.3 1.1.775 2.075T12 19.95m-2.6-.4q-.45-.825-.787-1.713T8.05 16H5.1q.725 1.25 1.813 2.175T9.4 19.55m5.2 0q1.4-.45 2.488-1.375T18.9 16h-2.95q-.225.95-.562 1.838T14.6 19.55M4.25 14h3.4q-.075-.5-.112-.987T7.5 12t.038-1.012T7.65 10h-3.4q-.125.5-.187.988T4 12t.063 1.013t.187.987m5.4 0h4.7q.075-.5.113-.987T14.5 12t-.038-1.012T14.35 10h-4.7q-.075.5-.112.988T9.5 12t.038 1.013t.112.987m6.7 0h3.4q.125-.5.188-.987T20 12t-.062-1.012T19.75 10h-3.4q.075.5.113.988T16.5 12t-.038 1.013t-.112.987m-.4-6h2.95q-.725-1.25-1.812-2.175T14.6 4.45q.45.825.788 1.713T15.95 8M10.1 8h3.8q-.3-1.1-.775-2.075T12 4.05q-.65.9-1.125 1.875T10.1 8m-5 0h2.95q.225-.95.563-1.838T9.4 4.45Q8 4.9 6.912 5.825T5.1 8\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":19},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m6 9l6 6l6-6\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":21},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z\"\u002F>\u003Cpath d=\"m9 12l2 2l4-4\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":23},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"m22 7l-8.991 5.727a2 2 0 0 1-2.009 0L2 7\"\u002F>\u003Crect width=\"20\" height=\"16\" x=\"2\" y=\"4\" rx=\"2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":25},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M3 7a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z\"\u002F>\u003Cpath d=\"M7 15V9l2 2l2-2v6m3-2l2 2l2-2m-2 2V9\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m18 16l4-4l-4-4M6 8l-4 4l4 4m8.5-12l-5 16\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":29},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\u002F>\u003Cpath d=\"M7 3v18M3 7.5h4M3 12h18M3 16.5h4M17 3v18m0-13.5h4m-4 9h4\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":31},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M6 22a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h8a2.4 2.4 0 0 1 1.704.706l3.588 3.588A2.4 2.4 0 0 1 20 8v12a2 2 0 0 1-2 2z\"\u002F>\u003Cpath d=\"M14 2v5a1 1 0 0 0 1 1h5M10 9H8m8 4H8m8 4H8\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":33},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z\"\u002F>\u003Cpath d=\"m3.3 7l8.7 5l8.7-5M12 22V12\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":36},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\" ry=\"2\"\u002F>\u003Ccircle cx=\"9\" cy=\"9\" r=\"2\"\u002F>\u003Cpath d=\"m21 15l-3.086-3.086a2 2 0 0 0-2.828 0L6 21\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":38},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\u002F>\u003Cpath d=\"M16 8.9V7H8l4 5l-4 5h8v-1.9\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":40},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M6 11h4M8 9v4m7-1h.01M18 10h.01m-.69-5H6.68a4 4 0 0 0-3.978 3.59l-.017.152C2.604 9.416 2 14.456 2 16a3 3 0 0 0 3 3c1 0 1.5-.5 2-1l1.414-1.414A2 2 0 0 1 9.828 16h4.344a2 2 0 0 1 1.414.586L17 18c.5.5 1 1 2 1a3 3 0 0 0 3-3c0-1.545-.604-6.584-.685-7.258q-.01-.075-.017-.151A4 4 0 0 0 17.32 5\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":42},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M11.017 2.814a1 1 0 0 1 1.966 0l1.051 5.558a2 2 0 0 0 1.594 1.594l5.558 1.051a1 1 0 0 1 0 1.966l-5.558 1.051a2 2 0 0 0-1.594 1.594l-1.051 5.558a1 1 0 0 1-1.966 0l-1.051-5.558a2 2 0 0 0-1.594-1.594l-5.558-1.051a1 1 0 0 1 0-1.966l5.558-1.051a2 2 0 0 0 1.594-1.594zM20 2v4m2-2h-4\"\u002F>\u003Ccircle cx=\"4\" cy=\"20\" r=\"2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":44},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M21.42 10.922a1 1 0 0 0-.019-1.838L12.83 5.18a2 2 0 0 0-1.66 0L2.6 9.08a1 1 0 0 0 0 1.832l8.57 3.908a2 2 0 0 0 1.66 0zM22 10v6\"\u002F>\u003Cpath d=\"M6 12.5V16a6 3 0 0 0 12 0v-3.5\"\u002F>\u003C\u002Fg>","\u003Cblockquote>\n\u003Cp>&quot;用 MD5 加密密码&quot;这句话里有两个错：MD5 不是加密、而且它不该用来存密码。哈希、加盐、口令哈希常被混为一谈，但它们解决的是完全不同的问题。理清这三层，才能判断什么场景该用哪种，以及为什么校验文件和存密码要用截然相反的算法。\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"\u002Fblog\u002Fhash-salt-password-hashing\u002Fcover.webp\" alt=\"哈希单向、加盐、慢口令哈希的区别\">\u003C\u002Fp>\n\u003Ch2>哈希不是加密，先分清这点\u003C\u002Fh2>\n\u003Cp>哈希（hash）是\u003Cstrong>单向\u003C\u002Fstrong>的：把任意输入压成固定长度的指纹，无法从指纹反推原文。加密（encryption）是\u003Cstrong>双向\u003C\u002Fstrong>的：用密钥能加密也能解密。所以&quot;MD5 加密&quot;是个常见误称——MD5 是哈希，没有&quot;解密&quot;一说。\u003C\u002Fp>\n\u003Cp>哈希的两个核心性质决定了它的用途：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>确定性\u003C\u002Fstrong>：同样的输入永远得到同样的输出。这让它能当&quot;指纹&quot;用于校验。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>抗碰撞\u003C\u002Fstrong>：很难找到两个不同输入产生相同哈希。这让指纹难以伪造。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>通用哈希（MD5、SHA-1、SHA-256、SHA-512）还有第三个特点：\u003Cstrong>为速度优化\u003C\u002Fstrong>，算得飞快。这个&quot;快&quot;在文件校验里是优点，在存密码里却是致命伤——下面就分场景看。\u003C\u002Fp>\n\u003Ch2>为什么不能用通用哈希存密码？\u003C\u002Fh2>\n\u003Cp>因为通用哈希太快了。结论先说：\u003Cstrong>MD5\u002FSHA-256 这类哈希每秒能在普通硬件上算几十亿次，攻击者拿到哈希后可以高速暴力枚举或查表反推\u003C\u002Fstrong>，尤其对常见弱密码几乎瞬破。\u003C\u002Fp>\n\u003Cp>具体有两种攻击：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>彩虹表（rainbow table）\u003C\u002Fstrong>：预先把海量常见密码的哈希算好存成表，拿到一个哈希直接查表命中。因为哈希是确定性的，\u003Ccode>123456\u003C\u002Fcode> 的 SHA-256 永远是同一个值，一查就中。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>暴力 \u002F 字典枚举\u003C\u002Fstrong>：现代 GPU 每秒能算数十亿次 SHA-256，按字典和规则猛试，弱密码扛不住几秒。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>哈希快，本意是好事，但用来存密码就等于给攻击者送了高速试错的靶子。所以存密码需要反其道而行——故意让哈希变慢。\u003C\u002Fp>\n\u003Ch2>加盐：让相同密码不再相同\u003C\u002Fh2>\n\u003Cp>加盐（salt）解决的是\u003Cstrong>&quot;相同密码产生相同哈希&quot;\u003C\u002Fstrong>这个结构性弱点。做法是给每个用户生成一段随机字符串（盐），把&quot;盐 + 密码&quot;一起哈希，并把盐和结果一起存。\u003C\u002Fp>\n\u003Cp>它带来两个直接效果：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>彩虹表失效\u003C\u002Fstrong>：预先算好的表是针对&quot;裸密码&quot;的，加了随机盐后哈希结果完全不同，表里查不到。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>无法一次破多个账户\u003C\u002Fstrong>：每个用户盐不同，即使两人用同一密码，哈希也不同，攻击者只能逐个账户单独破，成本陡增。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>但要注意：\u003Cstrong>加盐只防&quot;批量\u002F查表&quot;攻击，不解决&quot;哈希太快&quot;\u003C\u002Fstrong>。攻击者拿到某个用户的盐和哈希后，仍可以针对这一个账户高速枚举。要堵这个口子，得换算法本身。\u003C\u002Fp>\n\u003Ch2>口令哈希：故意做得又慢又吃内存\u003C\u002Fh2>\n\u003Cp>针对&quot;哈希太快&quot;，密码学界设计了专门的\u003Cstrong>口令哈希（password hashing）\u003C\u002Fstrong>算法——bcrypt、scrypt、Argon2。它们的核心思路是\u003Cstrong>故意昂贵\u003C\u002Fstrong>：\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>算法\u003C\u002Fth>\n\u003Cth>关键设计\u003C\u002Fth>\n\u003Cth>防御重点\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>bcrypt\u003C\u002Ftd>\n\u003Ctd>可调&quot;工作因子&quot;，迭代次数指数增长\u003C\u002Ftd>\n\u003Ctd>拖慢 CPU 暴力\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>scrypt\u003C\u002Ftd>\n\u003Ctd>高内存占用\u003C\u002Ftd>\n\u003Ctd>拖垮 GPU\u002FASIC 并行\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Argon2\u003C\u002Ftd>\n\u003Ctd>时间+内存+并行三参数可调\u003C\u002Ftd>\n\u003Ctd>综合抗 GPU\u002FASIC，现代首选\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\u003Cp>它们内置加盐，并允许你调一个&quot;代价参数&quot;：让单次哈希耗时几十到几百毫秒。对正常登录，几百毫秒无感；对攻击者，每秒只能试几千次而非几十亿次，暴力破解的成本被抬高几个数量级。而且随着硬件变快，只要调高代价参数就能持续保持难度。\u003C\u002Fp>\n\u003Ch2>那 SHA-256 到底什么时候用？\u003C\u002Fh2>\n\u003Cp>通用哈希没被淘汰，只是\u003Cstrong>用对场景\u003C\u002Fstrong>：它适合&quot;要快、要稳定指纹&quot;的任务，而不是存口令。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>文件完整性校验\u003C\u002Fstrong>：下载完算一遍 SHA-256，和官方公布的值比对，确认没被篡改或传输出错。这里要的就是快和确定性。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>内容寻址 \u002F 去重\u003C\u002Fstrong>：用哈希当数据的唯一标识（如 Git 的对象、CDN 缓存键）。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>数字签名的预处理\u003C\u002Fstrong>：先哈希再签名，缩短待签数据。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>这些场景里，对一段文本或文件算一遍 MD5、SHA-1、SHA-256、SHA-512 得到指纹做比对就够了——因为目标是生成稳定指纹，而非抵御针对口令的暴力枚举。这也正是通用哈希&quot;快&quot;的价值所在。\u003C\u002Fp>\n\u003Ch2>一张表收束：哪种需求用哪种\u003C\u002Fh2>\n\u003Cp>把三层和场景对齐，选择其实很清晰：\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>需求\u003C\u002Fth>\n\u003Cth>该用什么\u003C\u002Fth>\n\u003Cth>不该用什么\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>校验文件没被篡改\u003C\u002Ftd>\n\u003Ctd>SHA-256\u003C\u002Ftd>\n\u003Ctd>——\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>数据去重\u002F唯一标识\u003C\u002Ftd>\n\u003Ctd>SHA-256 等\u003C\u002Ftd>\n\u003Ctd>MD5（碰撞已被攻破）\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>存用户密码\u003C\u002Ftd>\n\u003Ctd>Argon2 \u002F bcrypt \u002F scrypt + 盐\u003C\u002Ftd>\n\u003Ctd>MD5 \u002F SHA-256 裸哈希\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>防彩虹表\u002F批量破解\u003C\u002Ftd>\n\u003Ctd>每用户随机盐\u003C\u002Ftd>\n\u003Ctd>全局固定盐或不加盐\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\u003Cp>判断标准很简单：\u003Cstrong>要快、要指纹 → 通用哈希；要扛暴力枚举 → 口令哈希；要防批量\u002F查表 → 必须每用户加随机盐。\u003C\u002Fstrong> 用错方向（拿快哈希存密码，或拿慢哈希校验大文件）才是真正的问题。\u003C\u002Fp>\n\u003Ch2>小结\u003C\u002Fh2>\n\u003Cp>哈希不是加密；通用哈希（MD5\u002FSHA-256）为速度而生，适合文件校验和去重，但正因为快，直接拿来存密码会被彩虹表和 GPU 暴力枚举轻易反推。加盐解决&quot;相同密码同哈希&quot;和批量破解，但不改变&quot;太快&quot;；真正存口令要用 bcrypt\u002Fscrypt\u002FArgon2 这类\u003Cstrong>故意又慢又吃内存\u003C\u002Fstrong>的口令哈希，并可随硬件升级调高代价。一句话：校验文件用 SHA-256，存密码用 Argon2 加盐，别把两者用反。\u003C\u002Fp>\n",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":47},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M12 20v2m0-20v2m5 16v2m0-20v2M2 12h2m-2 5h2M2 7h2m16 5h2m-2 5h2M20 7h2M7 20v2M7 2v2\"\u002F>\u003Crect width=\"16\" height=\"16\" x=\"4\" y=\"4\" rx=\"2\"\u002F>\u003Crect width=\"8\" height=\"8\" x=\"8\" y=\"8\" rx=\"1\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":49},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m16 18l6-6l-6-6M8 6l-6 6l6 6\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":51},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M12 10a2 2 0 0 0-2 2c0 1.02-.1 2.51-.26 4M14 13.12c0 2.38 0 6.38-1 8.88m4.29-.98c.12-.6.43-2.3.5-3.02M2 12a10 10 0 0 1 18-6M2 16h.01m19.79 0c.2-2 .131-5.354 0-6\"\u002F>\u003Cpath d=\"M5 19.5C5.5 18 6 15 6 12a6 6 0 0 1 .34-2m2.31 12c.21-.66.45-1.32.57-2M9 6.8a6 6 0 0 1 9 5.2v2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":53},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M2.586 17.414A2 2 0 0 0 2 18.828V21a1 1 0 0 0 1 1h3a1 1 0 0 0 1-1v-1a1 1 0 0 1 1-1h1a1 1 0 0 0 1-1v-1a1 1 0 0 1 1-1h.172a2 2 0 0 0 1.414-.586l.814-.814a6.5 6.5 0 1 0-4-4z\"\u002F>\u003Ccircle cx=\"16.5\" cy=\"7.5\" r=\".5\" fill=\"currentColor\"\u002F>\u003C\u002Fg>",1782539692983]