使用SHA-1哈希作为AES密钥 [英] Using SHA-1 hash as AES key

问题描述

比方说，我想将"password-derived-bytes"作为AES密钥. 例如，我有一个密码"topsecret"，我确实为其计算了SHA-1散列(160位)，并且我想将这些字节作为AES-128的密钥.

Let's say I would like to have "password-derived-bytes" as AES key. For example, I have a password "topsecret", I do calculate SHA-1 hash for it (160bit) and I want to feed those bytes as key for AES-128.

我应该在128位之后截断还是进行某种折叠? AES-256呢?我应该重复字节，以0填充还是进行一些展开"操作?

Should I just truncate after 128 bits or do some kind of folding? What about AES-256? Should I repeat bytes, pad with 0's or do some "unfolding" operation?

我知道，在后一种情况下，安全性仍保持在160位，因为256位密码池减少到2 ^ 160种可能的组合，但是我只是在尝试克服技术限制(没有AES-160).

I know that in the later case security remains at 160-bit because the pool of 256-bit passwords is reduced to 2^160 possible combinations, but I'm just trying to overcome technical limitation (no AES-160).

什么说理论? (不可以，不能将MD5用于128位，而将SHA-256用于256位长哈希)

What theory says? (No, using MD5 for 128-bit and SHA-256 for 256-bit long hashes is not an option)

推荐答案

典型的密码只有几十个熵，并且通过哈希函数运行密码不会为其添加任何熵.因此，使用字典或蛮力很容易攻击此类密钥.

A typical password only has a few dozen bits of entropy, and running a password through a hash function does not add any entropy to it. Therefore, such keys are easily attacked using a dictionary or brute force.

最普遍接受的解决方案是使哈希函数非常慢.为此设计的算法称为基于密码的密钥派生函数". PBKDF2和bcrypt是最受欢迎的.

The most commonly accepted solution is to make the hash function very slow. Algorithms designed for this are called "password-based key derivation functions". PBKDF2 and bcrypt are among the most popular ones.

这篇关于使用SHA-1哈希作为AES密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！