自定义sha1 +盐通解码 [英] Custom sha1+salt pass decode
问题描述
好吧,我的回答是关于密码保护的答案( php用户密码保护)和我的最终代码:
函数sha1_custom($ string){
$ salt = sha1(1。$ string。 1);
//在最终代码1中替换为其他字符
$ string = sha1($ salt $ string $ salt);
返回$ string;
}
假设最强安全,我想加密IP,注册日期,只是一切。但是在管理面板中,我想检索该信息,所以这意味着我需要对它进行标记。
是否可以从此脚本/函数创建解密脚本/函数?
否。 SHA-1和其他哈希函数的目标是仅仅是单向的。如果甚至可以稍微加快将散列解码为原始值的过程,散列函数机制将被视为破坏,很多人可能会退出使用该算法。
使用散列函数的原因仅仅是因为您可以使用它们来检查您是否编码了相同的值(如果您编码 $ value1 code>并得到了一些散列,然后你编码了 $ value2 ,并得到了相同的散列作为结果,你可以肯定 - 实际上 100%肯定 - $ value1 等于 $ value2 )。 它们的设计目的是使得将哈希解码为输入变量非常困难( )。
但是...
有尝试和可能性来了解输入变量,但它们基于彩虹表。 彩虹表是一个包含生成散列的输入变量对的表。它们是预编译的并且大小很大,但它们允许你为一些哈希值查找输入值。
$ b
和这就是为什么 salt em>被引入。盐被用来使输入变量进一步复杂化,使彩虹表成为不太可靠的解决方案。例如,如果您为字符串'home'生成带有 MD5 的散列,您将得到 106a6c241b8797f52e1e77317b96a201 散列,你可能会使用互联网上的一些公共彩虹表服务来解码它。但是如果你添加一些盐(例如一些换行符号,一些非打印字符等),你会发现任何允许你解码散列的彩虹表的机会(甚至是这样一个短而简单的单词的散列)会是极低的。
还有一个额外的理由使用salt。原因如下。如果你使用盐,例如。对于你的认证机制,所有的值都附加了这个salt。对于攻击者来说,它意味着他必须确定创建一些给定散列的值,并且该值必须包含您在系统中使用的salt(散列函数本身能够从两个不同的散列创建一些散列)值),然后提取原始输入值(您附加到salt值然后散列的值)以使其可用。所以这个问题进一步复杂化。
我希望这个澄清了哈希算法和盐的概念。
Ok, my answer was answered about password protection(php users passwords protection) and my final code:
function sha1_custom($string) {
$salt = sha1("1".$string."1");
//In final code 1 replaced with others chars
$string = sha1("$salt$string$salt");
return $string;
}
Let's say for strongest security, I want to encrypt IP, signup date, just everything. But in admin panel I want to retrieve that info, so it means I need decript it
Is it possible from this script/function to make a decrypt script/function?
No. The SHA-1 and other hashing functions' goal is to be one-direction only. If you could even slightly speed up the process of decoding hash into original value, the hashing function mechanism would be considered broken and many people would probably resign from using that algorithm.
The reason the hashing functions are used is just because you can use them to check whether you encoded the same value (if you encoded $value1 and got some hash as a result, and then you encoded $value2 and got the same hash as a result, you can be sure - practically 100% sure - that the $value1 is equal to $value2). They were just designed to make it extremely difficult (practically impossible) to decode hashes into input variables.
However...
There are attempts and possibilities to get to know the input variable, but they are based on the concept of Rainbow Tables. Rainbow table is a table consisting of pairs of input variables with generated hashes. They are precompiled and large in size, but they allow you to find input values for some of the hashes.
And that is why salt was introduced. Salt is used to further complicate the input variable, to make rainbow table a less reliable solution. If you, for example, generate hash with MD5 for string 'home', you will get 106a6c241b8797f52e1e77317b96a201 hash and you will probably be able to decode it using some public rainbow table service on the Internet. But if you add some salt (eg. some line break symbols, some non-print characters etc.), the chances you will find any rainbow table allowing you to decode the hash (even the hash of such a short and simple word) would be extremely low.
There is also one, additional reason to use salt. The reason is the following. If you use salt eg. for your authentication mechanism, all the values are being attached with this salt. For the attacker it means, that he has to determine the value that creates some given hash, and this value must contain salt you use within your system (hashing function itself is able to create some hash from two different values), and then extract the original input value (the one you attached to salt value and then hashed) to make it usable. So the issue complicates further.
I hope this clarifies the concept of hashing algorithms and salts.
这篇关于自定义sha1 +盐通解码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
