关于密码散列函数的要点是什么? [英] What are the important points about cryptographic hash functions?
问题描述
我正在阅读关于 MD5 哈希值的 这个问题接受的答案让我感到困惑.据我了解,加密哈希函数的主要属性之一是不可能找到两个具有相同哈希值的不同消息(输入).
I was reading this question on MD5 hash values and the accepted answer confuses me. One of the main properties, as I understand it, of a cryptopgraphic hash function is that it is infeasible to find two different messages (inputs) with the same hash value.
然而,对于为什么 MD5 哈希值不可逆?这个问题的共识答案是 因为无限数量的输入字符串会产生相同的输出. 这似乎完全和我矛盾.
Yet the consensus answer to the question Why aren't MD5 hash values reversible? is Because an infinite number of input strings will generate the same output. This seems completely contradictory to me.
另外,让我有些困惑的是算法是公开的,但哈希值仍然是不可逆的.这是因为哈希函数中总是存在数据丢失,因此无法判断哪些数据被丢弃了吗?
Also, what perplexes me somewhat is the fact that the algorithms are public, yet the hash values are still irreversible. Is this because there is always data loss in a hash function so there's no way to tell which data was thrown away?
当输入数据大小小于固定输出数据大小时会发生什么(例如,散列密码abc")?
What happens when the input data size is smaller than the fixed output data size (e.g., hashing a password "abc")?
好的,让我看看我是不是直截了当:
- 从哈希中推断输入真的非常困难因为有无限数量的输入字符串会产生相同的输出(不可逆属性).
- 但是,找到即使是多个输入字符串的单个实例生成相同的输出也非常非常困难(防碰撞属性).
推荐答案
你可能会感到困惑,因为 您引用的问题 令人困惑.加密散列函数的要求之一是它应该是抗原像的.也就是说,如果你知道 MD5(x) 但不知道消息 x,那么很难找到任何 x'(等于 x 或不同于 x)使得 MD5(x') = MD5(x).
You may be confused, because the answer to the question you cite is confusing. One of the requirements for a cryptographic hash function is that it should be preimage resistant. That is, if you know MD5(x) but not the message x, then it is difficult to find any x' (either equal x or different from x) such that MD5(x') = MD5(x).
抗原像性与可逆性不同.如果给定 y = f(x),则函数是可逆的,恰好有一个 x 适合(无论这是否容易).例如定义 f(x) = x mod 10.那么 f 是不可逆的.从 f(x) = 7 您无法确定 x 是 17、27 还是其他值.但是 f 不是抗原像性的,因为 f(x) = 7 的值 x' 很容易找到.x' = 17, 27, 12341237 等都可以.
Being preimage resistant is a different property than being reversible. A function is reversible if given y = f(x) there is exactly one x which fits (whether this is easy or not). For example define f(x) = x mod 10. Then f is not reversible. From f(x) = 7 you can't determine whether x was 17, 27 or something else. But f is not preimage resistant, since values x' such that f(x) = 7 are easy to find. x' = 17, 27, 12341237 etc all work.
在进行加密时,您通常需要抗原像(以及其他属性,例如抗碰撞)的函数,而不仅仅是不可逆的函数.
When doing crypto you usually need functions that are preimage resistant (and other properties such as collision resistance), not just something that is not reversible.
这篇关于关于密码散列函数的要点是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
