SHA1是否仍然安全地用作PBKDF2中的散列函数？ [英] Is SHA1 still secure for use as hash function in PBKDF2?

问题描述

由于SHA1的密码分析有重大进展，因此应该逐步淘汰SHA2（ wikipedia a>）。

As there have been significant advances in the cryptoanalysis of SHA1 it's supposed to be phased out in favor of SHA2 (wikipedia).

但是，作为PBKDF2中的底层哈希函数，它基本上用作PRNG。因此，应该仍然安全使用SHA1作为PBKDF2的散列，对吗？

For use as underlying hash function in PBKDF2, however, it's basically used as a PRNG. As such it should be still secure to use SHA1 as hash for PBKDF2, right?

推荐答案

没有SHA当前已知的弱点-1当在HMAC中使用时对其安全性有任何影响，当在PBKDF2中使用时， a fortiori 。对于这个问题，MD5也很好（但不是MD4）。

None of the currently known weaknesses on SHA-1 has any impact on its security when used in HMAC, a fortiori when used in PBKDF2. For that matter, MD5 would be fine too (but not MD4).

然而，SHA-1不利于公共关系：如果在2011年， -1，那么你必须准备自己必须证明这个选择。另一方面，SHA-256是一个很好的默认功能，没有人会质疑它。

However, SHA-1 is not good for public relations: if, in 2011, you use SHA-1, then you must prepare yourself to have to justify that choice. On the other hand, SHA-256 is a fine "default function" and nobody will question it.

PBKDF2没有性能问题（PBKDF2包括一个 意味着使它完全与所需要的慢），所以没有什么理由喜欢SHA-1超过SHA-256这里。但是，如果您有一个现有的已部署的系统，它使用PBKDF2-with-SHA-1，则不需要立即修复。

There is no performance issue in PBKDF2 (PBKDF2 includes an "iteration count" meant to make it exactly as slow as needed) so there is very little reason to prefer SHA-1 over SHA-256 here. However, if you have an existing, deployed system which uses PBKDF2-with-SHA-1, then there is no immediate need to "fix" it.

这篇关于SHA1是否仍然安全地用作PBKDF2中的散列函数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！