MD5 和 SHA1 的安全性如何 [英] How secure is MD5 and SHA1

问题描述

嘿只是一个简单的问题，因为我试图更多地了解哈希函数，我知道它们如何工作以及它们做什么，但它们有多安全?

Hey just a simple questions, as im tryng to understand a bit more on Hash functions, I know how they work and what they do but how secure are they?

我希望得到一个简单的答案而不是链接，因为我从来没有发现它们有用.

I would appreciate a simple answer not links as I never find them useful.

推荐答案

以现在的技术，两者都可以破裂.还有 哈希字典 帮助找出哈希对于短字符串的含义.

With nowadays technology, both can be cracked. There are also hash dictionaries that help find what a hash means for short strings.

它们是否安全，很大程度上取决于您要保护的内容.如果您正在构建在线银行系统，则根本不推荐使用它们(取决于它们在在线银行系统中的哪个位置使用).例如，如果您仅针对在线用户密码哈希实施它们，还取决于:您的网站是否值得破解，您拥有多少用户等.

If they are secure or not, highly depends on what you want to protect. If you are building an online banking system, they are not recommended at all (depending where in the online banking system they come to use). If you implement them just for online user password hashing, for example, it also depends on: is you website worth cracking, how many users you have, etc.

一般建议是首先研究您希望在您的场景中实现的安全级别，然后决定您使用哪些技术(在这种情况下是散列).也没有 100% 的安全性.也不要在一个安全问题上投入太多时间而忽略其他可能不那么明显或技术性的问题(人为错误、默默无闻的安全、人为工程).

A general advice, is to first study the level of security you want to achieve in you scenario and decide what technologies (in this case hashing) you use. There is also no 100% security. Also don't invest too much time into one security issues and ignore others which might not be as obvious or technical (human errors, security by obscurity, human engineering).

看看这个:

1. 在此处生成一个小词的哈希值.例如，password 具有 MD5 哈希值:5f4dcc3b5aa765d61d8327deb882cf99
2. 现在去这里并要求回复文本.

1. generate the hash for a small word here. For example, password has the MD5 hash: 5f4dcc3b5aa765d61d8327deb882cf99
2. now go here and ask back for the text.

上面的例子只是破解它们的许多(字典攻击)可能的方法之一.此外，每个安全算法的维基百科文章都为您提供了一个漏洞列表.

The above example is just one of many (dictionary attack) possible way to crack them. Also the wikipedia articles of each security algorithms gives you a list of vulnerabilities.

另见:

• MD5 的安全性是否低于沙等.阿尔.在实际意义上?

边注

永远不要让网站为您拥有的真实密码生成哈希(以防您需要在某处进行测试或其他原因).始终使用测试密码，或在本地计算机上生成哈希值.构建哈希数据库的人(黑客与否)也提供用于捕获哈希的在线哈希工具.

Never let websites generate a hash for a real password that you have (in case you need it somewhere for testing or other reasons). Always use test passwords, or generate hashes on your local machine. People building hash databases (hackers or not), also provide online hash tools for capturing hashes.

这篇关于MD5 和 SHA1 的安全性如何的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！