SHA512 与 Blowfish 和 Bcrypt [英] SHA512 vs. Blowfish and Bcrypt
问题描述
我正在研究散列算法,但找不到答案.
I'm looking at hashing algorithms, but couldn't find an answer.
- Bcrypt 使用 Blowfish
- 河豚优于 MD5
- 问:Blowfish 是否比 SHA512 更好?
谢谢...
更新:
我想澄清一下,我理解散列和加密之间的区别.促使我以这种方式提问的原因是 这篇文章,作者将 bcrypt 称为自适应散列"
I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question this way is this article, where the author refers to bcrypt as "adaptive hashing"
由于 bcrypt 是基于 Blowfish 的,所以我被引导认为 Blowfish 是一种哈希算法.如果答案已经指出它是加密,那么在我看来它不应该在本文中占有一席之地.更糟糕的是,他得出的结论是 bcrypt 是最好的.现在让我感到困惑的是 phpass 类(我相信用于密码散列)使用 bcrypt(即河豚,即加密).根据你们告诉我的这个新信息(河豚是加密),这门课听起来不对.我错过了什么吗?
Since bcrypt is based on Blowfish, I was led to think that Blowfish is a hashing algorithm. If it's encryption as answers have pointed out, then seems to me like it shouldn't have a place in this article. What's worse is that he's concluding that bcrypt is the best. What's also confusing me now is that the phpass class (used for password hashing I believe) uses bcrypt (i.e. blowfish, i.e. encryption). Based on this new info you guys are telling me (blowfish is encryption), this class sounds wrong. Am I missing something?
推荐答案
只需说明 bcrypt 或 SHA-512(在适当的算法(如 PBKDF2)的上下文中)是否足够就足够了.答案是肯定的,任何一种算法都足够安全,因此漏洞将通过实现缺陷而不是密码分析发生.
It should suffice to say whether bcrypt or SHA-512 (in the context of an appropriate algorithm like PBKDF2) is good enough. And the answer is yes, either algorithm is secure enough that a breach will occur through an implementation flaw, not cryptanalysis.
如果您坚持要知道哪个更好",SHA-512 已经得到了 NIST 和其他机构的深入审查.这很好,但已经认识到缺陷,虽然现在无法利用,但导致了新哈希算法的 SHA-3 竞争.另外,请记住,哈希算法的研究比密码的研究更新",密码学家仍在学习它们.
If you insist on knowing which is "better", SHA-512 has had in-depth reviews by NIST and others. It's good, but flaws have been recognized that, while not exploitable now, have led to the the SHA-3 competition for new hash algorithms. Also, keep in mind that the study of hash algorithms is "newer" than that of ciphers, and cryptographers are still learning about them.
尽管 bcrypt 整体上没有像 Blowfish 本身那样受到严格审查,但我相信基于具有易于理解的结构的密码为其提供了一些基于哈希的身份验证所缺乏的固有安全性.此外,使用普通 GPU 作为攻击基于 SHA-2 的哈希的工具更容易;由于其内存要求,优化 bcrypt 需要更专业的硬件,如带有一些板载 RAM 的 FPGA.
Even though bcrypt as a whole hasn't had as much scrutiny as Blowfish itself, I believe that being based on a cipher with a well-understood structure gives it some inherent security that hash-based authentication lacks. Also, it is easier to use common GPUs as a tool for attacking SHA-2–based hashes; because of its memory requirements, optimizing bcrypt requires more specialized hardware like FPGA with some on-board RAM.
注意:bcrypt 是一种内部使用 Blowfish 的算法.它本身不是一种加密算法.它用于不可逆转地模糊密码,就像散列函数用于进行单向散列"一样.
Note: bcrypt is an algorithm that uses Blowfish internally. It is not an encryption algorithm itself. It is used to irreversibly obscure passwords, just as hash functions are used to do a "one-way hash".
加密哈希算法被设计成无法逆转.换句话说,仅给定散列函数的输出,应该永远"找到将产生相同散列输出的消息.事实上,找到任何两条产生相同哈希值的消息在计算上应该是不可行的.与密码不同,散列函数没有用密钥参数化;相同的输入总是会产生相同的输出.
Cryptographic hash algorithms are designed to be impossible to reverse. In other words, given only the output of a hash function, it should take "forever" to find a message that will produce the same hash output. In fact, it should be computationally infeasible to find any two messages that produce the same hash value. Unlike a cipher, hash functions aren't parameterized with a key; the same input will always produce the same output.
如果有人提供了一个密码,该密码对存储在密码表中的值进行了哈希处理,则他们通过了身份验证.特别是,由于散列函数的不可逆性,假设用户不是获得散列并反转它以找到有效密码的攻击者.
If someone provides a password that hashes to the value stored in the password table, they are authenticated. In particular, because of the irreversibility of the hash function, it's assumed that the user isn't an attacker that got hold of the hash and reversed it to find a working password.
现在考虑 bcrypt.它使用 Blowfish 来加密魔法字符串,使用从密码派生"的密钥.之后,当用户输入密码时,再次推导出密钥,如果使用该密钥加密产生的密文与存储的密文匹配,则用户通过身份验证.密文存储在password"表中,但从不存储派生密钥.
Now consider bcrypt. It uses Blowfish to encrypt a magic string, using a key "derived" from the password. Later, when a user enters a password, the key is derived again, and if the ciphertext produced by encrypting with that key matches the stored ciphertext, the user is authenticated. The ciphertext is stored in the "password" table, but the derived key is never stored.
为了破解这里的密码,攻击者必须从密文中恢复密钥.这称为已知明文"攻击,因为该攻击知道已加密的魔法字符串,但不知道使用的密钥.河豚已被广泛研究,目前还没有已知的攻击可以让攻击者使用单个已知的明文找到密钥.
In order to break the cryptography here, an attacker would have to recover the key from the ciphertext. This is called a "known-plaintext" attack, since the attack knows the magic string that has been encrypted, but not the key used. Blowfish has been studied extensively, and no attacks are yet known that would allow an attacker to find the key with a single known plaintext.
因此,就像基于不可逆算法的加密摘要一样,bcrypt 根据密码、盐和成本因素产生不可逆的输出.它的优势在于 Blowfish 对已知明文攻击的抵抗力,这类似于对摘要算法的第一次原像攻击".由于它可以代替散列算法用于保护密码,因此 bcrypt 被混淆地称为散列"算法本身.
So, just like irreversible algorithms based cryptographic digests, bcrypt produces an irreversible output, from a password, salt, and cost factor. Its strength lies in Blowfish's resistance to known plaintext attacks, which is analogous to a "first pre-image attack" on a digest algorithm. Since it can be used in place of a hash algorithm to protect passwords, bcrypt is confusingly referred to as a "hash" algorithm itself.
假设彩虹表因正确使用盐而受阻,任何真正不可逆的功能都会使攻击者陷入反复试验.攻击者进行试验的速度取决于不可逆哈希"算法的速度.如果使用散列函数的单次迭代,攻击者可以使用成本约为 1000 美元的设备每秒进行数百万次试验,在几个月内测试所有长达 8 个字符的密码.
Assuming that rainbow tables have been thwarted by proper use of salt, any truly irreversible function reduces the attacker to trial-and-error. And the rate that the attacker can make trials is determined by the speed of that irreversible "hash" algorithm. If a single iteration of a hash function is used, an attacker can make millions of trials per second using equipment that costs on the order of $1000, testing all passwords up to 8 characters long in a few months.
然而,如果摘要输出被反馈"数千次,则需要数百年才能在该硬件上测试同一组密码.Bcrypt 通过在其密钥派生例程中进行迭代来实现相同的密钥强化"效果,而像 PBKDF2 这样的基于哈希的适当方法也可以做同样的事情;在这方面,两种方法是相似的.
If however, the digest output is "fed back" thousands of times, it will take hundreds of years to test the same set of passwords on that hardware. Bcrypt achieves the same "key strengthening" effect by iterating inside its key derivation routine, and a proper hash-based method like PBKDF2 does the same thing; in this respect, the two methods are similar.
因此,我对 bcrypt 的建议源于以下假设:1) Blowfish 的审查水平与 SHA-2 哈希函数系列相似,以及 2) 密码的密码分析方法比哈希的密码分析方法开发得更好功能.
So, my recommendation of bcrypt stems from the assumptions 1) that a Blowfish has had a similar level of scrutiny as the SHA-2 family of hash functions, and 2) that cryptanalytic methods for ciphers are better developed than those for hash functions.
这篇关于SHA512 与 Blowfish 和 Bcrypt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
