Hashlib和System.Security.Cryptography.HashAlgorithm之间的区别 [英] Difference between Hashlib and System.Security.Cryptography.HashAlgorithm
问题描述
我试图了解哈希算法的工作原理,尤其是SHA3-512.为了查看其工作原理,我在Google中搜索了代码,并遇到了
I am trying to understand how hashing algorithms works, specially SHA3-512. To see how it works I searched for codes in Google and came across with Hashlib. The code doesn't work as I don't have the Hashlib library (not sure what it should be called). How can I get that and is it the only way to apply SHA3-512 in C#?
我想知道的一些基本知识,
Some basic things that I want to know,
-
什么是
Hashlib?
是图书馆吗?
Hashlib和System.Security.Cryptography.HashAlgorithm的输出结果/工作过程/功能是否相同?如果不是,那么它们之间有什么区别?
Is the output result/work process/function of Hashlib and System.Security.Cryptography.HashAlgorithm same? If not, then what is the difference between them?
编辑:很抱歉,您从中间删除了几个问题.据我所知,它们不再需要在此处显示.
Sorry for removing few questions from the middle. As I feel they don't need to be shown here anymore.
推荐答案
注意:更新于2017年.
Hashlib是哈希实现的库:
Hashlib is a library of hash implementations:
它包括许多加密和非加密哈希的实现-.NET框架(在System.Security.Cryptography中)已经支持了这些哈希和不支持这些哈希的实现.您将需要它-或其他外部实现-支持SHA-3.
It includes implementations of quite a few cryptographic and non-cryptographic hashes - both ones that are already supported by the .NET framework (in System.Security.Cryptography) and ones that aren't. You'll need it - or another external implementation - to support SHA-3.
但是请注意,Hashlib实际上并没有以其最终形式包含SHA-3,而是在对其进行一些调整之前的样子.这意味着,其输出将不会达到您希望从SHA-3获得的输出.
Note, however, that Hashlib doesn't actually include SHA-3 in its final form - but rather, the way it looked before some adjustments were made to it. That means, its output will not be what you'd expect from SHA-3.
HashLib的哈希算法使用与.NET的HashAlgorithm不同的体系结构-输出相同(对于相同的算法,例如SHA256),用法却不同.但是它具有包装程序/适配器,可以使工作流程与HashAlgorithm相同,例如:
HashLib uses a different architecture than .NET's HashAlgorithm for its hash algorithms - the output is the same (for the same algorithm, e.g. SHA256), the usage isn't. But it has a wrapper/adapter that can make the workflow the same as for HashAlgorithm, for example:
IHash hash = HashFactory.Crypto.SHA3.CreateKeccak512();
HashAlgorithm hashAlgo = HashFactory.Wrappers.HashToHashAlgorithm(hash);
// Now hashAlgo can be used the same as any .NET HashAlgorithm, e.g.:
// Create byte input from string encoded as UTF-8
byte[] input = Encoding.UTF8.GetBytes("Hello Keccak!");
byte[] output = hashAlgo.ComputeHash(bytes);
但是同样,请注意Keccak512与SHA-3不同-它不会提供与实际512位SHA-3实现相同的哈希值.
But again, be aware that Keccak512 is not the same as SHA-3 - it won't give the same hash as an actual 512 bit SHA-3 implementation.
在C#中最终SHA-3的实际实现仍然很少(2017)之间-与Hashlib中实现的与Keccak的差异非常小,尽管它对输出产生重大影响,例如一种哈希算法-由于Wikipedia不再提供这种差异的示例,因此,这里有一个例子:
Actual implementations of the final SHA-3 in C# are still (2017) few and far between - the difference to Keccak as implemented in Hashlib is extremely minor, although it has major impact on the output, as would be the case for a hash algorithm - since Wikipedia no longer provides an example of the difference, here's one:
Keccak-512('abc') =
Keccak[1024]('abc', 512) =
18 58 7d c2 ea 10 6b 9a 15 63 e3 2b 33 12 42 1c
a1 64 c7 f1 f0 7b c9 22 a9 c8 3d 77 ce a3 a1 e5
d0 c6 99 10 73 90 25 37 2d c1 4a c9 64 26 29 37
95 40 c1 7e 2a 65 b1 9d 77 aa 51 1a 9d 00 bb 96
SHA3-512('abc') =
Keccak[1024]('abc' || 01, 512) =
b7 51 85 0b 1a 57 16 8a 56 93 cd 92 4b 6b 09 6e
08 f6 21 82 74 44 f7 0d 88 4f 5d 02 40 d2 71 2e
10 e1 16 e9 19 2a f3 c9 1a 7e c5 76 47 e3 93 40
57 34 0b 4c f4 08 d5 a5 65 92 f8 27 4e ec 53 f0
Keccak[c](M || s, d)的意思是具有容量 c,消息 M,后缀位 s和输出大小 d."
Keccak[c](M || s, d) means "Keccak with capacity c, message M, suffix bits s, and output size d."
这(来自Wikipedia文章)是标准" Keccak(和Hashlib的实现)与SHA-3在当前规范中的唯一区别:
This (from the Wikipedia article) is the only difference between "standard" Keccak (and Hashlib's implementation) and SHA-3 as it looks in the current spec:
对于SHA3-n,在填充之前,会将附加的两位01附加到消息中.
For SHA3-n, an additional two bits 01 are appended to the message before padding.
在不知道Hashlib的工作原理的情况下,实现它(例如通过修补Hashlib代码)并不是一件容易的事.
Implementing it (by e.g. patching the Hashlib code) isn't trivial, though, without knowing how Hashlib works.
这取决于您的用途-如果要与最终的SHA-3标准兼容,那就不好了.
It depends on what you want it for - it's no good if you want compatibility with the finalized SHA-3 standard.
整个Keccak系列独立于SHA-3,本身就是一个标准-但是NIST对SHA-3的调整仍然是Keccak-只是其中的一个特定子集(就像AES是Rijndael的子集一样).当SHA-3最终出现在-.NET框架本身中时,它很可能只是选择了NIST参数的SHA-3,而不是带有可调整参数的通用Keccak.
The whole Keccak family, independent of SHA-3, is a standard in itself - but NIST's tweaks for SHA-3 are still Keccak - just a specific subset of it (much like AES is a subset of Rijndael). When SHA-3 eventually shows up in - for example - the .NET framework itself, it will likely just be SHA-3 with the parameters NIST picked, rather than a generic Keccak with tweakable parameters.
SHA-512是 SHA-2 512位-不同于与SHA-3 512相同.也就是说,要使用它,只需导入System.Security.Cryptography-在这种情况下,using导入 namespace -使名称空间内的类可用于您的代码.
SHA-512 is SHA-2 512 bit - not the same as SHA-3 512. That said, to use it, you simply import System.Security.Cryptography - using in this case imports the namespace - making the classes inside the namespace available to your code.
此后,工作流程与任何其他HashAlgorithm相同.
After that, the workflow is the same as any other HashAlgorithm.
都不是.或至少两者都不是自己的.虽然盐可以改善问题,但这也不是最佳的安全性.请参阅如何安全地对密码进行哈希处理,特别是从以下位置开始:
Neither of them. Or at least neither on their own. And while a salt improves matters, that's not optimal security either. See How to securely hash passwords, specifically starting from:
即使安全的作为散列函数,基本的散列函数也不适合密码散列
A basic hash function, even if secure as a hash function, is not appropriate for password hashing
这篇关于Hashlib和System.Security.Cryptography.HashAlgorithm之间的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
