使用2个不同的哈希函数一个好的方法来检查文件完整性? [英] Is using 2 different hash functions a good way to check for file integrity?
问题描述
我有一个网站,用户可以上传他们的文件;这些都存储在服务器上,并且它们的元数据记录在数据库中。我正在实现一些简单的完整性检查,即这个文件的内容现在是字节为字节相同,当它被上传吗?
I have a website where users can upload their files; these are stored on the server and their metadata recorded in a database. I'm implementing some simple integrity checks, i.e. "is the content of this file now byte-for-byte identical as when it was uploaded?"
一个例子:for内容 userfile.jpg ,MD5哈希是 39f9031a154dc7ba105eb4f76f1a0fd4 ,SHA-1哈希是 878d8d667721e356bf6646bd2ec21fff50cdd4a9 。 如果此文件的内容更改,但前后都有相同的MD5哈希,那么SHA-1哈希值是否也会保持不变?(使用哈希,有时可能会发生哈希冲突 - )
An example: for content of userfile.jpg, MD5 hash is 39f9031a154dc7ba105eb4f76f1a0fd4 and SHA-1 hash is 878d8d667721e356bf6646bd2ec21fff50cdd4a9. If this file's content changes, but has the same MD5 hash before and after, is it probable that the SHA-1 hash will also stay the same? (With hashing, sometimes you can get a hash collision - could this happen with two different hashing algorithms at once?)
或者是为一个文件无节点计算两个不同的哈希值(我应该尝试其他验证完整性的机制)?
Or is computing two different hashes for a file pointless (and I should try some other mechanism for verifying integrity)?
编辑:我不是真的担心意外损坏,但我应该防止用户更改文件不注意(生日攻击和朋友)。
I'm not really worried about accidental corruption, but I'm supposed to prevent users changing the file unnoticed (birthday attack and friends).
我可能会用一个哈希,SHA-512 - 检查不会发生,经常是一个性能瓶颈,反正正如布鲁斯Schneier说,有足够的快速,不安全的系统已经有了。 - @ MichaelGG在注释
I'll probably go with one hash, SHA-512 - the checks don't happen that often to be a performance bottleneck and anyway, "As Bruce Schneier says, there's enough fast, insecure systems out there already. –@MichaelGG in the comments".
推荐答案
MD5可能对你正在做的是安全的,但没有理由继续使用哈希与已知缺陷。事实上,没有理由你不应该使用SHA256或SHA512,除非你有一些已知的主要性能瓶颈。
MD5 is probably safe for what you're doing, but there's no reason to continue to use a hash with known flaws. In fact, there's no reason you shouldn't be usign SHA256 or SHA512, unless you have some known major performance bottleneck.
编辑:为了澄清,没有理由使用两种算法;只是使用一个适合你需要的。如果你担心人们对你进行MD5冲突(如,这是一个安全威胁吗?),那么使用不那么弱的算法,如SHA256。
To clarify, there's no reason to use two algorithms; just use one that fits what you need. If you're worried about people doing MD5 collisions on you (as in, is this a security threat?), then use an algorithm that isn't as weak, such as SHA256.
编辑2:为了解决一个显然仍然常见的误解:在散列上找到随机碰撞不是1/2 ^ n的概率。它接近1/2 ^(n / 2)。因此,128位散列可能与2 ^ 64次尝试冲突。有关详情,请参见生日攻击。
Edit 2: To address an apparently still common misunderstanding: Finding a random collision on a hash is not a 1/2^n probability. It's closer to 1/2^(n/2). So a 128-bit hash can probably be collided with 2^64 attempts. See birthday attack for details.
这篇关于使用2个不同的哈希函数一个好的方法来检查文件完整性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
