关于加密散列函数有什么重点? [英] What are the important points about cryptographic hash functions?
问题描述
我正在阅读关于MD5哈希值的此问题接受的答案使我困惑。根据我的理解,一个密码散列函数的主要属性之一是找不到具有相同散列值的两个不同消息(输入)是不可行的。
但是问题的共识答案为什么MD5哈希值不可逆?是因为无限数量的输入字符串生成相同的输出。
这似乎与我完全矛盾。另外,令我困惑的是算法是公开的,仍然是不可逆的。这是因为在哈希函数中总是有数据丢失,所以没有办法告诉哪些数据被丢弃了?
当输入数据大小小于固定输出数据大小时会发生什么情况(例如,散列密码abc)?
编辑:
好的,让我看看我是否直接: p>
- 真的很难从散列推断输入,因为有无限数量的输入字符串会生成相同的输出(不可逆属性)。
- 但是, 查找 即使单个实例的多个输入字符串生成相同的输出也是真的,属性)。
您可能会感到困惑,因为您引用的问题 是混乱。
加密哈希函数的要求之一是它应该是preimage抵抗。也就是说,如果知道MD5(x)而不知道消息x,则很难找到任何x'(等于x或不同于x),使得MD5(x')= MD5(x)。 >
抗前影像是一种与可逆性不同的性质。一个函数是可逆的,如果给定y = f(x)只有一个x拟合(这是否容易)。例如define f(x)= x mod 10.
然后f是不可逆的。从f(x)= 7,你不能确定x是17,27还是别的东西。但是f不是前景抗性的,因为容易找到使得f(x)= 7的值x'。 x'= 17,27,12341237等都工作。
进行加密时,通常需要具有preimage抗性的功能不可逆的东西。
I was reading this question on MD5 hash values and the accepted answer confuses me. One of the main properties, as I understand it, of a cryptopgraphic hash function is that it is infeasible to find two different messages (inputs) with the same hash value.
Yet the consensus answer to the question Why aren't MD5 hash values reversible? is Because an infinite number of input strings will generate the same output. This seems completely contradictory to me.
Also, what perplexes me somewhat is the fact that the algorithms are public, yet the hash values are still irreversible. Is this because there is always data loss in a hash function so there's no way to tell which data was thrown away?
What happens when the input data size is smaller than the fixed output data size (e.g., hashing a password "abc")?
EDIT:
OK, let me see if I have this straight:
- It is really, really hard to infer the input from the hash because there are an infinite amount of input strings that will generate the same output (irreversible property).
- However, finding even a single instance of multiple input strings that generate the same output is also really, really hard (collision resistant property).
You may be confused, because the answer to the question you cite is confusing. One of the requirements for a cryptographic hash function is that it should be preimage resistant. That is, if you know MD5(x) but not the message x, then it is difficult to find any x' (either equal x or different from x) such that MD5(x') = MD5(x).
Being preimage resistant is a different property than being reversible. A function is reversible if given y = f(x) there is exactly one x which fits (whether this is easy or not). For example define f(x) = x mod 10. Then f is not reversible. From f(x) = 7 you can't determine whether x was 17, 27 or something else. But f is not preimage resistant, since values x' such that f(x) = 7 are easy to find. x' = 17, 27, 12341237 etc all work.
When doing crypto you usually need functions that are preimage resistant (and other properties such as collision resistance), not just something that is not reversible.
这篇关于关于加密散列函数有什么重点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
