我应该选择哪种加密哈希函数? [英] Which cryptographic hash function should I choose?
问题描述
.NET 框架附带 6 种不同的散列算法:
The .NET framework ships with 6 different hashing algorithms:
- MD5:16 字节(散列时间 500MB:1462 毫秒)
- SHA-1:20 字节(1644 毫秒)
- SHA256:32 字节(5618 毫秒)
- SHA384:48 字节(3839 毫秒)
- SHA512:64 字节(3820 毫秒)
- RIPEMD:20 字节(7066 毫秒)
这些功能中的每一个都有不同的表现;MD5 最快,RIPEMD 最慢.
Each of these functions performs differently; MD5 being the fastest and RIPEMD being the slowest.
MD5 的优点是适合内置的 Guid 类型;它是类型 3 UUID 的基础.SHA-1 哈希是类型 5 UUID 的基础.它们真的很容易用于识别.
MD5 has the advantage that it fits in the built-in Guid type; and it is the basis of the type 3 UUID. SHA-1 hash is the basis of type 5 UUID. Which makes them really easy to use for identification.
MD5 然而容易受到碰撞攻击,SHA-1 也容易受到程度较低.
MD5 however is vulnerable to collision attacks, SHA-1 is also vulnerable but to a lesser degree.
我真的很想知道答案的具体问题是:
Particular questions I'm really curious to see answered are:
MD5 不可信吗?在正常情况下,当您无恶意地使用 MD5 算法并且没有第三方有任何恶意时,您是否会期望任何冲突(意味着两个任意字节 [] 产生相同的哈希)
Is MD5 not to be trusted? Under normal situations when you use the MD5 algorithm with no malicious intent and no third party has any malicious intent would you expect ANY collisions (meaning two arbitrary byte[] producing the same hash)
RIPEMD 比 SHA1 好多少?(如果它更好)它的计算速度慢了 5 倍,但哈希大小与 SHA1 相同.
How much better is RIPEMD than SHA1? (if its any better) its 5 times slower to compute but the hash size is the same as SHA1.
在对文件名(或其他短字符串)进行哈希处理时,发生非恶意冲突的几率有多大?(例如,具有相同 MD5 哈希值的 2 个随机文件名)(具有 MD5/SHA1/SHA2xx)一般来说,非恶意冲突的几率是多少?
What are the odds of getting non-malicious collisions when hashing file-names (or other short strings)? (Eg. 2 random file-names with same MD5 hash) (with MD5 / SHA1 / SHA2xx) In general what are the odds for non-malicious collisions?
这是我使用的基准:
static void TimeAction(string description, int iterations, Action func) {
var watch = new Stopwatch();
watch.Start();
for (int i = 0; i < iterations; i++) {
func();
}
watch.Stop();
Console.Write(description);
Console.WriteLine(" Time Elapsed {0} ms", watch.ElapsedMilliseconds);
}
static byte[] GetRandomBytes(int count) {
var bytes = new byte[count];
(new Random()).NextBytes(bytes);
return bytes;
}
static void Main(string[] args) {
var md5 = new MD5CryptoServiceProvider();
var sha1 = new SHA1CryptoServiceProvider();
var sha256 = new SHA256CryptoServiceProvider();
var sha384 = new SHA384CryptoServiceProvider();
var sha512 = new SHA512CryptoServiceProvider();
var ripemd160 = new RIPEMD160Managed();
var source = GetRandomBytes(1000 * 1024);
var algorithms = new Dictionary<string,HashAlgorithm>();
algorithms["md5"] = md5;
algorithms["sha1"] = sha1;
algorithms["sha256"] = sha256;
algorithms["sha384"] = sha384;
algorithms["sha512"] = sha512;
algorithms["ripemd160"] = ripemd160;
foreach (var pair in algorithms) {
Console.WriteLine("Hash Length for {0} is {1}",
pair.Key,
pair.Value.ComputeHash(source).Length);
}
foreach (var pair in algorithms) {
TimeAction(pair.Key + " calculation", 500, () =>
{
pair.Value.ComputeHash(source);
});
}
Console.ReadKey();
}
推荐答案
在密码学中,散列函数提供三个独立的函数.
In cryptography, hash functions provide three separate functions.
- 抗冲突性:找到散列相同的两条消息(任意两条消息)有多难.
- 原像抵抗:给定一个哈希值,找到另一个哈希值相同的消息有多难?也称为单向哈希函数.
- 第二个原像阻力:给定一条消息,找到散列相同的另一条消息.
- Collision resistance: How hard is it for someone to find two messages (any two messages) that hash the same.
- Preimage Resistance: Given a hash, how hard is it to find another message that hashes the same? Also known as a one way hash function.
- Second preimage resistance: Given a message, find another message that hashes the same.
这些属性是相关但独立的.例如,抗碰撞性意味着第二个原像抗性,但反之则不然.对于任何给定的应用程序,您将有不同的要求,需要这些属性中的一个或多个.用于保护服务器密码的哈希函数通常只需要抗原像,而消息摘要则需要三者.
These properties are related but independent. For example, collision resistance implies second preimage resistance, but not the other way around. For any given application, you will have different requirements, needing one or more of these properties. A hash function for securing passwords on a server will usually only require preimage resistance, while message digests require all three.
已经证明 MD5 不抗碰撞,但是,这并不排除它在不需要抗碰撞的应用中的使用.事实上,MD5 仍然经常用于较小的密钥大小和速度有好处的应用程序中.也就是说,由于其存在缺陷,研究人员建议在新场景中使用其他哈希函数.
It has been shown that MD5 is not collision resistant, however, that does not preclude its use in applications that do not require collision resistance. Indeed, MD5 is often still used in applications where the smaller key size and speed are beneficial. That said, due to its flaws, researchers recommend the use of other hash functions in new scenarios.
SHA1 有一个缺陷,它允许在理论上远远少于其长度的安全散列函数所需的 2^80 步中发现冲突.攻击不断被修改,目前可以在大约 2^63 个步骤中完成 - 仅在当前的可计算范围内.出于这个原因,NIST 正在逐步淘汰 SHA1 的使用,并指出 SHA2 系列应在 2010 年之后使用.
SHA1 has a flaw that allows collisions to be found in theoretically far less than the 2^80 steps a secure hash function of its length would require. The attack is continually being revised and currently can be done in ~2^63 steps - just barely within the current realm of computability. For this reason NIST is phasing out the use of SHA1, stating that the SHA2 family should be used after 2010.
SHA2 是在 SHA1 之后创建的一个新的哈希函数系列.目前没有针对 SHA2 函数的已知攻击.SHA256、384 和 512 都是 SHA2 系列的一部分,只是使用了不同的密钥长度.
SHA2 is a new family of hash functions created following SHA1. Currently there are no known attacks against SHA2 functions. SHA256, 384 and 512 are all part of the SHA2 family, just using different key lengths.
RIPEMD 我不能过多评论,只是要注意它不像 SHA 系列那样常用,因此没有受到密码研究人员的仔细审查.仅出于这个原因,我建议在它上面使用 SHA 函数.在您使用的实现中,它似乎也很慢,这使得它不太有用.
RIPEMD I can't comment too much on, except to note that it isn't as commonly used as the SHA families, and so has not been scrutinized as closely by cryptographic researchers. For that reason alone I would recommend the use of SHA functions over it. In the implementation you are using it seems quite slow as well, which makes it less useful.
总而言之,没有最好的功能 - 这完全取决于您的需求.请注意每种方法的缺陷,您将能够最好地为您的场景选择正确的哈希函数.
In conclusion, there is no one best function - it all depends on what you need it for. Be mindful of the flaws with each and you will be best able to choose the right hash function for your scenario.
这篇关于我应该选择哪种加密哈希函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
