SHA256在C#中散列 [英] SHA256 Hashing in C#
本文介绍了SHA256在C#中散列的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试过一些在线转换工具,用于将不同的文件转换为SHA256哈希值。
我有三个问题:
1-每当我将exe文件转换为SHA256哈希时,转换器究竟做了什么?将文件的整个内容转换为哈希代码或只是简单的属性,如名称和大小,..
2-如何在C#中执行此操作,例如,读取exe文件,然后将它们转换为哈希值。
3-如果我将受感染的文件转换为哈希值,我可以使用它们来检测病毒吗?
我需要知道这个因为我真的需要了解防病毒软件是如何工作的。
解决方案
请看我的评论。第一个问题需要澄清,但如果你继续阅读,你可以自己回答。
首先,请看:
< a href =http://en.wikipedia.org/wiki/Cryptographic_hash_function> http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ],
http://en.wikipedia.org/wiki/Sha2 [ ^ ]。
如果您计算SHA265的话,应该向您解释一下。
关于散列的C#编程,在.NET FCL中已经为你实现了一切。请参阅: http://msdn.microsoft.com/en-us/library /system.security.cryptography.hashalgorithm.aspx [ ^ ]。
现在,受感染的文件。你没有转换任何东西,你只需计算数据的哈希值。
不,你不能使用整个文件的加密哈希函数 检测病毒。如果您阅读了加密哈希函数的属性,您将清楚地看到它。该函数用于不同的目的:它可以帮助检测某些可执行文件已被更改。如果存储某些可执行文件的哈希函数并定期检查新计算的哈希函数与存储值相同,则可以很好地保证文件不会更改。可执行文件更改的唯一合法原因应该是升级或重建。
以一致的方式修改文件及其哈希函数是不可行的欺骗这样的系统,由于加密哈希函数的相同属性。一种类似但更强大的方法是在可执行文件上使用数字签名,基于一种非常不同的技术,公钥加密。请参阅:
http://en.wikipedia.org/wiki/Digital_signature [< a href =http://en.wikipedia.org/wiki/Digital_signaturetarget =_ blanktitle =New Window> ^ ],
http://en.wikipedia.org/wiki/Public-key_cryptography [ ^ ]。
除其他外,它使文件是自我保护的。
哈希函数实际上用于通过比较来检测病毒,但它与你试图建议的内容无关。但是,基于已知病毒签名数据库的方法还不够严重。您可以将其视为第一道防线。它可以快速检测到最简单的病毒,就是这样。 严重病毒具有多态性/变态性:
http://en.wikipedia.org/wiki/Computer_virus [ ^ ]。
进入复杂的病毒检测领域将是一个巨大的矫枉过正,远远超出了本论坛的正常格式,而且,我想,超出了你的目标。
-SA
看看这个例如
http://msdn.microsoft.com/en-us/library/system。 security.cryptography.sha256.aspx [ ^ ]
..它将SHA256哈希算法应用于整个文件(好的,所以它也适用于所有文件在一个直接的保守党) - 这个答案分1和2 - 第3点是更加困难
对于第3点,''也许''..如果您存储了哈希值文件在时间= t0,并且,在稍后的某个时间t1重新计算哈希值,将t0-hash与t1-hash进行比较并且它们是不同的,然后,''已经发生了''到文件中......这足以说明它了是一种病毒 - 不,它不是......你必须通过一个寻找所有已知病毒''签名'的过程运行你的可疑文件...
顺便说一下,如果你在sha256算法上做了一些谷歌搜索,你可以回答第1点
''g''
1。哈希值应该取决于文件中的所有数据,并且如果修改了任何数据,则应该具有雪崩效应,即数据中的小变化应该使哈希值发生较大变化。
2.尝试例如谷歌。经过一次搜索,我找到了链接所有你在密码学方面可能需要很长时间。
3.不,不确定,但如果哈希值与原始哈希值不同,您可以非常确定文件是以某种方式修改还是损坏。 / BLOCKQUOTE>
I have tried some online conversion tools for converting different files to SHA256 hashes.
I have three question :
1- Whenever I convert an exe file to a SHA256 hash, what does the converter exactly do ? does the whole content of the file get converted to the hash code or just simple attributes like name and size ,.. .
2- How can do it in C#, for example reading exe files and then converting them into hashes.
3- If I convert infected files into hashes, can I use them to detect viruses ?
I need to know this because I really need to learn how antiviruses really work.解决方案Please see my comment. First question needs clarification, but you can answer it yourself if you read on the rest.
First of all, please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/Sha2[^].
If should explain you what happens if you calculate SHA265 of anything.
About C# programming of hash, everything is already implemented for you in .NET FCL. Please see: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].
Now, infected files. You don''t "convert" anything, you just calculate the hash of data.
No, you cannot use the cryptographic hash function of the whole file to detect viruses. If you read about the properties of cryptographic hash functions, you will clearly see it. The function is used for different purposes: it can help to detect that some executable files have been changed. If you store the hash functions of some set of executable files and check up on regular basis that newly calculated hash function is the same as the stored value, you can have a pretty good guarantee that the files were not changed. The only legitimate reason for an executable file to change should be its upgrade or rebuild.
It''s infeasible to modify a file and its hash function in a consistent manner to cheat such system, due to the same properties of the cryptographic hash function. A similar but more powerful approach is using digital signatures on executable files, based on a very different technology, public-key cryptography. Please see:
http://en.wikipedia.org/wiki/Digital_signature[^],
http://en.wikipedia.org/wiki/Public-key_cryptography[^].
Among other things, it makes the files self-protected.
Hash functions are actually used for detecting viruses by comparing, but it has nothing to do with what you tried to suggest. However, the approach based on the database of know virus signatures, is not serious enough. You can consider it only as a first line of defense. It can detect the simplest viruses quickly, that''s it. "Serious" viruses are polymorphic/metamorphic:
http://en.wikipedia.org/wiki/Computer_virus[^].
Digging into the complex field of virus detection would be a huge overkill, well beyond the normal format of this forum, and, I guess, beyond your goals.
—SA
Have a look at this for example
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256.aspx[^]
.. It applies the SHA256 Hash algorithm to the entire file (ok, so it also does it for all files in a directory) - this answer points 1 and 2 - point 3 is a lot tougher
For point 3, ''maybe'' .. if you stored the hash of the file at time = t0, and, at some later time t1 recalculated the hash, compared t0-hash to t1-hash and they were different, then, ''something has happened'' to the file.. is this enough to say it was a virus - no, its not .. you then have to run your suspect file through a process looking for the ''signatures'' of all known viruses ...
btw, you could have answered point 1 if you''d done some googling on the sha256 algorithm
''g''
1. A hash value should depend on all data in the file and should have a avalanche effect if any data is modified, i.e. a small change in the data should make a large change in the hash value.
2. Try e.g. Google. After one search I found link all you probably gonna need for a long time when it comes to cryptography.
3. No, not for sure but you can be pretty sure the file is modified in some way or corrupt if the hash value differs from the original one.
这篇关于SHA256在C#中散列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
