"密码哈希与凭证存储（PBKDF2/Scrypt/Pepper）最佳实践"

密码哈希与凭证存储（PBKDF2/Scrypt/Pepper）最佳实践概述安全的密码存储需采用抗暴力猜测的哈希算法、唯一Salt与受控Pepper，支持参数升级与泄露响应流程。哈希配置与版本化type HashParams = { alg: 'pbkdf2' | 'scrypt'; iter?: number; keyLen: number; saltLen: number; scryptN?: number; scryptR?: number; scryptP?: number; version: number } const CURRENT: HashParams = { alg: 'pbkdf2', iter: 120000, keyLen: 64, saltLen: 16, version: 2 } 生成哈希（PBKDF2/Scrypt）import crypto from 'crypto' function makeSalt(len: number): string { return crypto.randomBytes(len).toString('hex') } function derive(password: string, salt: string, pepper: string, params: HashParams): string { const material = password + pepper if (params.alg === 'pbkdf2') { const buf = crypto.pbkdf2Sync(material, salt, params.iter!, params.keyLen, 'sha512') return buf.toString('hex') } else { const buf = crypto.scryptSync(material, salt, params.keyLen, { N: params.scryptN!, r: params.scryptR!, p: params.scryptP! }) return buf.toString('hex') } } type StoredHash = { alg: string; ver: number; iter?: number; N?: number; r?: number; p?: number; keyLen: number; salt: string; hash: string } function hashPassword(password: string, pepper: string, params = CURRENT): StoredHash { const salt = makeSalt(params.saltLen) const hash = derive(password, salt, pepper, params) return { alg: params.alg, ver: params.version, iter: params.iter, keyLen: params.keyLen, salt, hash } } 验证与参数升级function verifyPassword(password: string, pepper: string, stored: StoredHash): boolean { const params: HashParams = stored.alg === 'pbkdf2' ? { alg: 'pbkdf2', iter: stored.iter!, keyLen: stored.keyLen, saltLen: stored.salt.length/2, version: stored.ver } : { alg: 'scrypt', keyLen: stored.keyLen, saltLen: stored.salt.length/2, scryptN: stored.N!, scryptR: stored.r!, scryptP: stored.p!, version: stored.ver } const hash = derive(password, stored.salt, pepper, params) return crypto.timingSafeEqual(Buffer.from(hash, 'hex'), Buffer.from(stored.hash, 'hex')) } function needsRehash(stored: StoredHash): boolean { return stored.ver < CURRENT.version } 运维与泄露响应Pepper仅存放在安全服务（KMS/Vault），应用侧不落盘定期评估迭代次数或Scrypt参数，进行无感升级（登录时重算）泄露时强制重置、提升参数并开启MFA与频控通过版本化参数、唯一Salt与Pepper治理，可在大多数Web场景下实现稳健的密码存储。