如何解码哈希 [英] How to decode a Hash

问题描述

如果攻击者可以访问用户的数据库并且密码存储在哈希中，那么攻击者可以解码该哈希吗?您可以使用我们可以解码哈希的工具建议任何工具吗?

解决方案

此答案假定您正在谈论一种标准的，相对安全的哈希算法，例如MD5或SHA-1.

这些算法产生的散列被设计为单向"，即散列不能用于导出用于创建散列的值.

有些东西叫做彩虹表，它们本质上是巨大的数据库，可以将哈希映射回值，但是，它们通常只覆盖常见的值，例如英语单词.

一种使哈希更安全并提供针对基于彩虹表的攻击的保护的常用方法是使用盐.

另一个问题是，从散列到值的映射是一对多的，因此给定的散列将具有许多(实际上是无限数量)将产生该散列值的值，因此存在没办法确定原始值是什么.

If an attacker got access to user’s database and the passwords are stored in hashes, can the attacker decode that hashes? Can you suggest any tool by using we can decode the hash?

解决方案

This answer assumes that you are talking about one of the standard, relatively secure hashing algorithms such as MD5 or SHA-1.

Hashes produced by these algorithms are designed to be 'one-way', that is a hash cannot be used to derive the value that was used to create it.

There exist things called Rainbow Tables which are essentially huge databases which map hashes back to values, however they generally only cover common values such as English words.

One common method to make a hash more secure, and provide some protection against rainbow table based attacks, is to use a salt.

The other issue is that the mapping from a hashes to values is one-to-many, so a given hash will have many (in fact an infinite number) of values which will yield that hash value, so there is no way to be sure what the original value was.

这篇关于如何解码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！