什么是密码哈希？ [英] What is password hashing?

问题描述

这是什么意思哈希密码吗？

What does it mean to hash a password?

推荐答案

定义：
散列是一个功能的应用 F（）来可变大小的输入，以产生一个恒定大小输出

Definition:
Hashing is the application of a function f() to a variable sized input to produce a constant sized output.

A => f() => X
B => f() => Y
C => f() => Z

一个散列也是一个单向函数，这意味着没有一个函数逆转或撤消一个散列。除了重新应用散列 F（F（X））是不会的产品 X 了。

A hash is also a one-way function which means that there isn't a function to reverse or undo a hash. As well re-applying the hash f(f(x)) isn't going to product x again.

的详细信息：

一个散列函数可以是简单的添加13到输入或复杂的像密码散列如 MD5 或 SHA1 。有迹象表明，构成一个良好的散列函数一样的东西：

A hash function can be as simple as "add 13 to the input" or complex like a Cryptographic Hash such as MD5 or SHA1. There are many things that constitute a good hash function like:

• 低成本：容易计算
• 确定性：如果我凑输入 A 多次，我会每次都得到相同的输出
• 均匀：输入将均匀分布在可能的输出。这恰巧与东西线称为鸽巢原理。既然有产出数量有限，我们希望 F（）来放置这些输出均匀而不是在同一个桶。当两个输入计算到相同的输出这是被称为一个冲突。这是一个散列函数产生更少的碰撞是一件好事。

• Low Cost: Easy to compute
• Deterministic: if I hash the input a multiple times, I am going to get the same output each time
• Uniformity: The input will be evenly distributed among the possible outputs. This falls in line with something called the Pigeonhole Principle. Since there are a limited number of outputs we want f() to place those outputs evenly instead of in the same bucket. When two inputs compute to the same output this is known as a collision. It's a good thing for a hash function to produce fewer collisions.

散列应用于密码：

的密码散列是相同的处理，如上所述，然而它带有一些特殊的考虑。许多组成一个好的哈希函数的性质并无益处，当涉及到的密码。

The hashing of passwords is the same process as described above, however it comes with some special considerations. Many of the properties that make up a good hash function are not beneficial when it comes to passwords.

举个例子的决定的，因为哈希生成一个确定性的结果，当两个人使用同一个密码的哈希值会看起来相同的密码存储区。这是一件坏事！然而，这是由一种叫做盐缓解。

Take for example determinism, because hashes produce a deterministic result when two people use the same password the hash is going to look the same in the password store. This is a bad thing! However this is mitigated by something called a salt.

均匀的另一方面是有益的，因为在所求的是该算法，以限制冲突。

Uniformity on the other hand is beneficial because the desire is for the algorithm to limit collisions.

由于一个哈希的单向的表示输入不能从输出，这是确定的，为什么散列是伟大的密码！

Because a hash is One-Way means the input cannot be determined from the output, which is why hashing is great for passwords!

这篇关于什么是密码哈希？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！