PBKDF2WithHmacSHA512Vs. PBKDF2WithHmacSHA1 [英] PBKDF2WithHmacSHA512 Vs. PBKDF2WithHmacSHA1

问题描述

我正在一个Java身份验证子系统上，该子系统将数据库中密码的存储指定为PBKDF2生成的哈希，现在我正在尝试确定是否应该使用SHA1或SHA512作为PRF .我经历了两者的规格，但是它们在数学上非常耗费我的精力.能够更好地了解加密的人可以解释PBKDF2WithHmacSHA512与PBKDF2WithHmacSHA1有何不同吗?

I'm working on a Java authentication subsystem that specs the storage of passwords in the DB as PBKDF2-generated hashes, and I'm now trying to decide whether I should use SHA1 or SHA512 as PRF. I went through the specs of both but they are very mathematically intensive for me to follow. Can somebody with better crypto-understanding explain how PBKDF2WithHmacSHA512 differs from PBKDF2WithHmacSHA1?

这就是我想要做的:

private static final int HASH_BYTE_SIZE = 64 * 8; // 512 bits
private static final int PBKDF2_ITERATIONS = 1000;      

// generate random salt
SecureRandom random = new SecureRandom();
byte salt[] = new byte[SALT_BYTE_SIZE]; // use salt size at least as long as hash
random.nextBytes(salt);

// generate Hash
PBEKeySpec spec = new PBEKeySpec(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); // we would like this to be "PBKDF2WithHmacSHA512" instead? What Provider implements it?
byte[] hash = skf.generateSecret(spec).getEncoded();

// convert hash and salt to hex and store in DB as CHAR(64)...

推荐答案

让我们逐字细分单词:

PBKDF2--WithHmac--SHA512

让我们逐一介绍一下

• PBKDF2

• PBKDF2

基于密码的密钥派生功能的基础，它是PBKDF1的后继产品，用于对输入的密码或口令实施伪随机函数(例如，密码哈希，密码或HMAC)以及盐值和重复此过程多次以生成派生密钥，然后可以将其用作后续操作中的加密密钥.

Stands for Password-based-Key-Derivative-Function, a successor of PBKDF1 and is used to implement a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations.

HMAC

密钥散列消息身份验证代码(HMAC)的站台是一种特定的结构，用于计算与密码哈希函数和秘密密码密钥结合使用的消息身份验证代码(MAC).任何密码散列函数都可以用于HMAC的计算；由此产生的MAC算法相应地称为HMAC-MD5或HMAC-SHA1.

Stands for Keyed-Hash Message Authentication Code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any cryptographic hash function,may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly.

SHA512

好吧，你知道的..:P

Well, you know about it.. :P

现在，回到您的问题所在的代码行:

Now, coming back to your question, the line of code:

SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

指定keyFactory使用算法PDBKDF2WithHmacSHA1.当您要做类似的事情时:

specifies the keyFactory to use the algorithm PDBKDF2WithHmacSHA1. When you would do something like:

SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");

您告诉工厂使用算法PBDKF2WithHmacSHA512.

本质上，PBKDF2WithHmacSHA1和PBKDF2WithHmacSHA512之间的主要区别在于:

Essentialy the main difference between PBKDF2WithHmacSHA1 and PBKDF2WithHmacSHA512 is that:

1. PBKDF2WithHmacSHA1将产生160位的哈希长度.
2. PBKDF2WithHmacSHA512将产生512位的哈希长度.

1. The PBKDF2WithHmacSHA1 will produce a hash length of 160 bits.
2. The PBKDF2WithHmacSHA512 will produce a hash length of 512 bits.

因此，后者更安​​全.但是双方都有争论，哪一个足以进行加密.没有辩论.只是说.

Hence the latter is more secure. But there are arguments on both sides as to which is sufficient for encryption. No debate. Just saying.

有关这两种算法的一些其他信息:

Some additional information about the two algorithms:

1. HMACSHA1

HMACSHA1是一种密钥哈希算法，由SHA1哈希函数构造而成，并用作HMAC或基于哈希的消息 验证码. HMAC进程将密钥与 消息数据，使用哈希函数对结果进行哈希处理，然后将其混合 再次使用密钥对哈希值进行哈希处理，然后应用哈希值 再次运行.输出的哈希长度为1​​60位.

HMACSHA1 is a type of keyed hash algorithm that is constructed from the SHA1 hash function and used as an HMAC, or hash-based message authentication code. The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 160 bits in length.

HMACSHA512

HMACSHA512是一种密钥哈希算法，它是从 SHA-512哈希函数，并用作基于哈希的消息 验证码(HMAC). HMAC进程将密钥与 消息数据并哈希结果.哈希值与 再次输入密钥，然后再次进行哈希处理.输出哈希 长度为512位.

HMACSHA512 is a type of keyed hash algorithm that is constructed from the SHA-512 hash function and used as a Hash-based Message Authentication Code (HMAC). The HMAC process mixes a secret key with the message data and hashes the result. The hash value is mixed with the secret key again, and then hashed a second time. The output hash is 512 bits in length.

主要优点是HmacWith512比HmacWith256更安全.例如

The main advantage is that HmacWith512 is more secure than HmacWith256. For e.g.

HMAC_SHA1("key","The quick brown fox jumps over the lazy dog") = 0xde7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9

HMAC_SHA512("key","The quick brown fox jumps over the lazy dog") = 0xb42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a

差异很大(如图所示).希望能帮助到你. :)

The difference is pretty huge (as seen). Hope it helps. :)

编辑:如OP所述

PBEKeySpec(char[] password, byte[] salt, int iterationCount, int keyLength)

参数keyLength用于指示对密钥长度的偏好 用于可变密钥大小的密码.实际密钥大小取决于每个提供程序的实现.因此说，做类似的事情

The parameter keyLength is used to indicate the preference on key length for variable-key-size ciphers. The actual key size depends on each provider's implementation. Hence say, doing something like

PBEKeySpec(password, salt, int 100, 512)并不意味着您将使用SHA1生成512的keyLength.它只是意味着. SHA1最多支持160位.你不能超过那个.

PBEKeySpec(password, salt, int 100, 512) doesn't mean you will be using SHA1 to generate a keyLength of 512. It simply means that. SHA1 supports upto a maximum of 160 bits. You cannot exceed that.

关于第二个问题，请查看 HMAC-SHA1 .有很多陈述说，如果您的哈希很长，那么SHA256之类的算法就非常好.

As for your second question, have a look at the HMAC-SHA1. There are many statements that say algorithms like SHA256 is pretty good if you a long hash.

此外，根据美国国家安全局(NSA):

Also, as per the NSA :

NSA指定使用 FIPS-186-2中指定的256位素数模量椭圆曲线 和SHA-256适用于保护机密信息 到SECRET级别. 384位素模椭圆曲线的使用 和SHA-384对保护TOP SECRET是必不可少的 信息.

The NSA specifies that "Elliptic Curve Public Key Cryptography using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 and SHA-256 are appropriate for protecting classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve and SHA-384 are necessary for the protection of TOP SECRET information.

我认为结合使用HMAC函数和SHA512是相当安全的.

I think using a HMAC function in conjunction SHA512 is quite secure.

这篇关于PBKDF2WithHmacSHA512Vs. PBKDF2WithHmacSHA1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！