如果您知道字符串的长度并对其应用 SHA1 散列，您能对其进行解散吗? [英] If you know the length of a string and apply a SHA1 hash to it, can you unhash it?

问题描述

只是想知道知道原始字符串长度是否意味着您可以更好地解开 SHA1 加密.

Just wondering if knowing the original string length means that you can better unlash a SHA1 encryption.

推荐答案

不，不是在一般情况下:散列函数不是加密函数，它的设计不可逆.

No, not in the general case: a hash function is not an encryption function and it is not designed to be reversible.

通常肯定无法恢复原始哈希.这是因为哈希函数的域大小大于函数的范围.对于 SHA-1，域是无界的，但范围是 160 位.

It is usually impossible to recover the original hash for certain. This is because the domain size of a hash function is larger than the range of the function. For SHA-1 the domain is unbounded but the range is 160bits.

这意味着，根据鸽巢原则，多重价值在域映射到范围内的相同值.当这两个值映射到相同的哈希时，称为 哈希冲突.

That means that, by the Pigeonhole principle, multiple values in the domain map to the same value in the range. When such two values map to the same hash, it is called a hash collision.

但是，对于特定有限的输入集(其中输入的域远小于散列函数的范围)，那么如果散列冲突找到，例如通过蛮力搜索，假设导致散列的输入是原始值可能是可接受的".上述过程实际上是一个原像攻击.请注意，这种方法很快就会变得不可行，如底部所示.(可能有一些很好的数学公式可以根据给定域大小的碰撞机会定义可接受"，但我不是那么精明.)

However, for a specific limited set of inputs (where the domain of the inputs is much smaller than the range of the hash function), then if a hash collision is found, such as through an brute force search, it may be "acceptable" to assume that the input causing the hash was the original value. The above process is effectively a preimage attack. Note that this approach very quickly becomes infeasible, as demonstrated at the bottom. (There are likely some nice math formulas that can define "acceptable" in terms of chance of collision for a given domain size, but I am not this savvy.)

知道这是映射到散列的唯一输入的唯一方法是对范围内的所有值执行穷举搜索-- 例如具有给定长度的 所有 字符串 -- 并确保它是导致给定哈希值的唯一此类输入.

The only way to know that this was the only input that mapped to the hash, however, would be to perform an exhaustive search over all the values in the range -- such as all strings with the given length -- and ensure that it was the only such input that resulted in the given hash value.

但是请注意，在任何情况下都不会反转"哈希过程.即使没有有效的鸽子洞原理，SHA-1 和其他加密哈希函数 专门设计为 不可逆转——也就是说，它们是一种方式"哈希函数.有一些先进的技术可用于减少各种散列的范围；这些最好留给博士或专门从事密码学分析的人:-)

Do note, however, that in no case is the hash process "reversed". Even without the Pigeon hole principle in effect, SHA-1 and other cryptographic hash functions are especially designed to be infeasible to reverse -- that is, they are "one way" hash functions. There are some advanced techniques which can be used to reduce the range of various hashes; these are best left to Ph.D's or people who specialize in cryptography analysis :-)

快乐编码.

为了好玩，请尝试对 3 个字符的字符串进行暴力原像攻击.假设只允许使用英文字母 (A-Z, a-z) 和数字 (0-9)，则在这种情况下仅"有 62³ (238,328) 个组合.然后尝试 4 个字符的字符串(62⁴ = 14,776,336 个组合)... 5 个字符(62⁵ = 916,132,832 个组合)... 6 个字符(62⁶ = 56,800,235,584 种组合)...

For fun, try creating a brute-force preimage attack on a string of 3 characters. Assuming only English letters (A-Z, a-z) and numbers (0-9) are allowed, there are "only" 62³ (238,328) combinations in this case. Then try on a string of 4 characters (62⁴ = 14,776,336 combinations) ... 5 characters (62⁵ = 916,132,832 combinations) ... 6 characters (62⁶ = 56,800,235,584 combinations) ...

注意每个附加字符的域有多大:这种方法很快变得不切实际(或不可行")并且哈希函数获胜:-)

Note how much larger the domain is for each additional character: this approach quickly becomes impractical (or "infeasible") and the hash function wins :-)

密码破解者加速原像攻击的一种方法是使用彩虹表(可能只涵盖他们设计用于攻击的域中所有值的小集合)，这就是为什么使用散列(SHA-1 或其他)的密码应该始终具有大随机盐 也是.

One way password crackers speed up preimage attacks is to use rainbow tables (which may only cover a small set of all values in the domain they are designed to attack), which is why passwords that use hashing (SHA-1 or otherwise) should always have a large random salt as well.

这篇关于如果您知道字符串的长度并对其应用 SHA1 散列，您能对其进行解散吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！