怎么可能“解密"MD5 哈希? [英] How can it be impossible to "decrypt" an MD5 hash?
问题描述
可能的重复:
为什么 MD5 哈希值不可逆?
我正在阅读一个关于 MD5 的问题,它让我想起了一些让我感到困惑的事情.非常简单的问题,如果它不是一个好问题,我很抱歉.我只是无法理解您如何使用某种算法将某物转换为一物,并且无法反向使用该算法将其转换回.
I was reading a question about MD5, and it made me remember something that boggles me. Very simple question, and I'm sorry if it's not a good one. I just can't understand how you convert something to one thing using some algorithm, and there being no way to convert it back using the algorithm in reverse.
这怎么可能?
另外,由于多个字符串可以创建相同的 MD5 哈希,由于它的数据比输入字符串少,那么其他哈希系统如何更好?
Also, since multiple strings can create the same MD5 hash, due to it being less data than the input string, how would any other hashing system be any better?
推荐答案
基本上是因为 MD5 的输出包含的信息少于输入.这基本上是散列算法与加密算法的区别.
Basically it's because the output of MD5 contains less information than the input. This is basically what distinguishes a hash algorithm from an encryption algorithm.
这是一个简单的例子:想象一个算法来计算一个 10 位数字的哈希.算法是返回最后2位数字".如果我取 8023798734 的散列,我得到 34,但如果你只有 34,你将无法知道原始数字是什么,因为散列算法丢弃了 8 位数字的信息.它与 MD5 类似,不同之处在于哈希是通过复杂的过程计算的,而不是仅仅截断部分数据.
Here's a simple example: imagine an algorithm to compute the hash of a 10-digit number. The algorithm is "return the last 2 digits." If I take the hash of 8023798734, I get 34, but if all you had is the 34, you would have no way to tell what the original number is because the hashing algorithm discarded 8 digits worth of information. It's similar with MD5, except that the hash is computed via a complex procedure instead of just chopping off part of the data.
那么,一个散列如何比另一个更好呢?一方面,不同的哈希算法可以或多或少地抵抗冲突(当两个输入产生相同的输出时).冲突的概率与可能的散列输出数量成反比.冲突是散列的一个不受欢迎的特征,因为如果您的数据发生变化,您希望散列也发生变化,因此获得更好的散列算法的一种方法是使用具有更多可能输出的散列.在上面的数字示例中,取最后 4 位数字而不是最后 2 位数字将与给定哈希(技术上称为 preimage)发生冲突的概率降低到 10000 分之一而不是 100 分之一,因此更有可能的是,无论您拥有的任何集合中的所有 10 位数字都具有不同的哈希值.
So then how can one hash be better than another? For one thing, different hash algorithms can be more or less resistant to collisions (when two inputs produce the same output). The probability of a collision is inversely related to the number of possible hash outputs. Collisions are an undesirable feature of hashes because if your data changes, you want the hash to change too, so one way to get a better hash algorithm is to use a hash with more possible outputs. In the digits example above, taking the last 4 digits instead of the last 2 digits reduces the probability of a collision with a given hash (technically called a preimage) to 1 in 10000 instead of 1 in 100, so it's more likely that all the 10-digit numbers in whatever set you have will have different hash values.
还有加密安全问题.当您想使用散列来确保某些数据不被篡改时,希望进行篡改的人无法预测哪些输入会产生给定的输出.如果可以,他们将能够以输出(散列)保持不变的方式更改输入数据.再次回到数字示例,假设我将通过电子邮件将号码 1879483129 发送给您,并且至关重要让您收到此号码而不会改变.我可能会打电话给你并告诉你这个数字的哈希值,即 29,但由于最后 2 位数字"算法在密码学上并不安全,恶意黑客可能会在途中将数字更改为 5555555529,而你不会不知道有什么区别.
There's also the issue of cryptographic security. When you want to use a hash to make sure that some data is not tampered with, it's desirable that whoever's doing the tampering can't predict what inputs will produce a given output. If they could, they would be able to alter the input data in such a way that the output (the hash) remains the same. Going back to the digits example again, let's say I'm going to email you the number 1879483129 and it is critically important that this number gets to you unaltered. I might call you up and tell you the hash of the number, which would be 29, but since the "last 2 digits" algorithm is not cryptographically secure, a nefarious hacker could change the number en route to, say, 5555555529 and you wouldn't know the difference.
事实证明,MD5 在加密方面并不安全(并且SHA-1 也受到威胁).这意味着可以找到对应于任何给定输出的不同输入.它仍然是防止随机位翻转等的一种很好的算法,但是如果有人可能想要故意破坏您的数据,您真的应该使用更安全的东西,例如 SHA-256 或更高版本,可能 作为 HMAC 方案的一部分.
It's been shown that MD5 is not cryptographically secure (and SHA-1 is also compromised). That means that it is possible to find different inputs which correspond to any given output. It's still a fine algorithm for protecting against random bit flips and the like, but if there's a chance someone might want to intentionally corrupt your data, you should really use something more secure, like SHA-256 or greater, probably as part of an HMAC scheme.
这篇关于怎么可能“解密"MD5 哈希?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
