什么是密码散列? [英] What is password hashing?

问题描述

散列密码是什么意思?

推荐答案

定义:
Hashing 是将函数 f() 应用于可变大小输入以产生恒定大小的输出.

Definition:
Hashing is the application of a function f() to a variable sized input to produce a constant sized output.

A => f() => X
B => f() => Y
C => f() => Z

散列也是一种单向函数，这意味着不存在反转或撤消散列的函数.同样，重新应用散列 f(f(x)) 不会再次产生 x.

A hash is also a one-way function which means that there isn't a function to reverse or undo a hash. As well re-applying the hash f(f(x)) isn't going to product x again.

细节:

散列函数可以像在输入中添加 13"一样简单，也可以像加密散列 例如 MD5 或 SHA1.有很多东西可以构成一个好的散列函数，例如:

A hash function can be as simple as "add 13 to the input" or complex like a Cryptographic Hash such as MD5 or SHA1. There are many things that constitute a good hash function like:

• 低成本:易于计算
• 确定性:如果我将输入 a 散列多个次，我每次都会得到相同的输出
• Uniformity:输入将均匀分布在可能的输出中.这符合所谓的鸽巢原则.由于输出数量有限，我们希望 f() 将这些输出均匀放置，而不是放在同一个桶中.当两个输入计算到相同的输出时，这称为碰撞.哈希函数产生更少的冲突是一件好事.

• Low Cost: Easy to compute
• Deterministic: if I hash the input a multiple times, I am going to get the same output each time
• Uniformity: The input will be evenly distributed among the possible outputs. This falls in line with something called the Pigeonhole Principle. Since there are a limited number of outputs we want f() to place those outputs evenly instead of in the same bucket. When two inputs compute to the same output this is known as a collision. It's a good thing for a hash function to produce fewer collisions.

应用于密码的哈希:

密码的散列与上述过程相同，但有一些特殊的考虑.构成良好散列函数的许多属性在涉及密码时都无济于事.

The hashing of passwords is the same process as described above, however it comes with some special considerations. Many of the properties that make up a good hash function are not beneficial when it comes to passwords.

以确定性为例，因为当两个人使用相同的密码时，哈希会产生确定性的结果，因此哈希在密码存储中看起来是相同的.这是一件坏事！然而，这可以通过一种叫做 salt 的东西来缓解.

Take for example determinism, because hashes produce a deterministic result when two people use the same password the hash is going to look the same in the password store. This is a bad thing! However this is mitigated by something called a salt.

一致性另一方面是有益的，因为希望算法限制冲突.

Uniformity on the other hand is beneficial because the desire is for the algorithm to limit collisions.

因为散列是单向意味着无法从输出中确定输入，这就是散列非常适合密码的原因！

Because a hash is One-Way means the input cannot be determined from the output, which is why hashing is great for passwords!

这篇关于什么是密码散列?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！