我应该选择哪个加密哈希函数? [英] Which cryptographic hash function should I choose?
问题描述
.NET框架附带6种不同的散列算法:
The .NET framework ships with 6 different hashing algorithms:
- MD5:16字节(散列时间500MB:1462 ms) / li>
- SHA1:20字节(1644毫秒)
- SHA256:32字节(5618毫秒) 48 bytes(3839 ms)
- SHA512:64字节(3820 ms)
- RIPEMD:20个字节$ b
- MD5: 16 bytes (Time to hash 500MB: 1462 ms)
- SHA1: 20 bytes (1644 ms)
- SHA256: 32 bytes (5618 ms)
- SHA384: 48 bytes (3839 ms)
- SHA512: 64 bytes (3820 ms)
- RIPEMD: 20 bytes (7066 ms)
每个函数的表现都不同; MD5是最快的,RIPEMD是最慢的。
Each of these functions performs differently; MD5 being the fastest and RIPEMD being the slowest.
MD5的优点是它适合内置的Guid类型。
MD5 has the advantage that it fits in the built-in Guid type. Which makes it really easy to use for identification.
MD5容易受到碰撞攻击,SHA1也很脆弱,但程度较轻。
MD5 however is vulnerable to collision attacks, SHA1 is also vulnerable but to a lesser degree.
特别的问题我真的很好奇地回答:
Particular questions I'm really curious to see answered are:
-
MD5不受信任吗?在正常情况下,当你使用MD5算法没有恶意,没有第三方有任何恶意的意图,你会期望任何冲突(意味着两个任意字节[]产生相同的散列)
Is MD5 not to be trusted? Under normal situations when you use the MD5 algorithm with no malicious intent and no third party has any malicious intent would you expect ANY collisions (meaning two arbitrary byte[] producing the same hash)
RIPEMD比SHA1好多少? (如果它任何更好)它的5倍慢计算,但散列大小与SHA1相同。
How much better is RIPEMD than SHA1? (if its any better) its 5 times slower to compute but the hash size is the same as SHA1.
散列文件名(或其他短字符串)时,获得非恶意冲突的可能性是什么? (例如,具有相同MD5散列的2个随机文件名)(具有MD5 / SHA1 / SHA2xx)通常,非恶意冲突的可能性是什么?
What are the odds of getting non-malicious collisions when hashing file-names (or other short strings)? (Eg. 2 random file-names with same MD5 hash) (with MD5 / SHA1 / SHA2xx) In general what are the odds for non-malicious collisions?
这是我使用的基准:
static void TimeAction(string description, int iterations, Action func) {
var watch = new Stopwatch();
watch.Start();
for (int i = 0; i < iterations; i++) {
func();
}
watch.Stop();
Console.Write(description);
Console.WriteLine(" Time Elapsed {0} ms", watch.ElapsedMilliseconds);
}
static byte[] GetRandomBytes(int count) {
var bytes = new byte[count];
(new Random()).NextBytes(bytes);
return bytes;
}
static void Main(string[] args) {
var md5 = new MD5CryptoServiceProvider();
var sha1 = new SHA1CryptoServiceProvider();
var sha256 = new SHA256CryptoServiceProvider();
var sha384 = new SHA384CryptoServiceProvider();
var sha512 = new SHA512CryptoServiceProvider();
var ripemd160 = new RIPEMD160Managed();
var source = GetRandomBytes(1000 * 1024);
var algorithms = new Dictionary<string,HashAlgorithm>();
algorithms["md5"] = md5;
algorithms["sha1"] = sha1;
algorithms["sha256"] = sha256;
algorithms["sha384"] = sha384;
algorithms["sha512"] = sha512;
algorithms["ripemd160"] = ripemd160;
foreach (var pair in algorithms) {
Console.WriteLine("Hash Length for {0} is {1}",
pair.Key,
pair.Value.ComputeHash(source).Length);
}
foreach (var pair in algorithms) {
TimeAction(pair.Key + " calculation", 500, () =>
{
pair.Value.ComputeHash(source);
});
}
Console.ReadKey();
}
推荐答案
三个独立的功能。
- 抗冲突:有人难以找到两封邮件(任何 :给定一个哈希值,找到另一个哈希值相同的消息有多难?也称为单向散列函数。
- 第二个前兆电阻:给定消息,找到另一个散列相同的消息。
- Collision resistance: How hard is it for someone to find two messages (any two messages) that hash the same.
- Preimage Resistance: Given a hash, how hard is it to find another message that hashes the same? Also known as a one way hash function.
- Second preimage resistance: Given a message, find another message that hashes the same.
这些属性是相关的,但是是独立的。例如,碰撞阻力意味着第二原像抗性,但不是相反。对于任何给定的应用程序,您将有不同的要求,需要一个或多个这些属性。用于在服务器上保护密码的哈希函数通常仅需要前景图像抵抗,而消息摘要需要所有三个。
These properties are related but independent. For example, collision resistance implies second preimage resistance, but not the other way around. For any given application, you will have different requirements, needing one or more of these properties. A hash function for securing passwords on a server will usually only require preimage resistance, while message digests require all three.
然而,已经表明MD5不是冲突抵抗,但不排除其在不需要抗冲突的应用中的使用。事实上,MD5通常仍然用于其中较小的密钥大小和速度是有益的应用中。也就是说,由于其缺陷,研究人员建议在新的场景中使用其他哈希函数。
It has been shown that MD5 is not collision resistant, however, that does not preclude its use in applications that do not require collision resistance. Indeed, MD5 is often still used in applications where the smaller key size and speed are beneficial. That said, due to its flaws, researchers recommend the use of other hash functions in new scenarios.
SHA1有一个缺陷,允许碰撞在理论上远远小于2 ^ 80步长的安全散列函数其长度将需要。攻击不断被修订,目前可以在〜2 ^ 63步骤 - 只是在当前的可计算性范围内。因此,NIST正在逐步停止使用SHA1,说明SHA2系列应该在2010年之后使用。
SHA1 has a flaw that allows collisions to be found in theoretically far less than the 2^80 steps a secure hash function of its length would require. The attack is continually being revised and currently can be done in ~2^63 steps - just barely within the current realm of computability. For this reason NIST is phasing out the use of SHA1, stating that the SHA2 family should be used after 2010.
SHA2是一个新的SHA1系列。目前还没有针对SHA2功能的已知攻击。 SHA256,384和512都是SHA2系列的一部分,只是使用不同的密钥长度。
SHA2 is a new family of hash functions created following SHA1. Currently there are no known attacks against SHA2 functions. SHA256, 384 and 512 are all part of the SHA2 family, just using different key lengths.
RIPEMD我不能评论太多,除了注意它不像SHA系列常用的那样,所以没有仔细审查密码学研究者。因为这个原因,我会建议使用SHA函数。在实现你使用它似乎也很慢,这使它不太有用。
RIPEMD I can't comment too much on, except to note that it isn't as commonly used as the SHA families, and so has not been scrutinized as closely by cryptographic researchers. For that reason alone I would recommend the use of SHA functions over it. In the implementation you are using it seems quite slow as well, which makes it less useful.
总之,没有一个最好的功能 - 这一切取决于你需要它。注意每个方面的缺陷,您将最好地为方案选择正确的哈希函数。
In conclusion, there is no one best function - it all depends on what you need it for. Be mindful of the flaws with each and you will be best able to choose the right hash function for your scenario.
这篇关于我应该选择哪个加密哈希函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
