这种散列技术有多强? [英] How strong is this hashing technique?
问题描述
-
使用AES / Rijndael或任何对称加密。
Use AES/Rijndael or any symmetric encryption.
使用自身作为键加密隐藏值,随机IV。
Encrypt the hidden value using itself as the key and a random IV.
存储密文+ IV。
要检查散列:尝试使用提供的纯文本进行解密。
To check the hash: try to decrypt using provided plaintext. If provided == decrypted, then it's OK.
忽略密文长度问题。
b
$ b
这是安全的吗?
Is this secure?
推荐答案
如上所述,关于正在被散列的数据的长度的信息。这本身就是一种弱点。
As described, it has a problem in that it reveals information about the length of the data being hashed. That in itself would be some kind of weakness.
其次...不清楚你能够检查哈希。这是必要的随机生成IV与哈希存储。
Secondly ... it is not clear that you would be able to check the hash. It would be necessary to store the randomly generated IV with the hash.
我在骑自行车回家时思考这个问题,还有一个可能的问题。使用典型的哈希方案来存储密码,最好在一串迭代(例如,PBKDF2)中运行哈希。这使得运行暴力攻击更昂贵。将该想法引入到您的方案中的一种可能性是可以重复地循环加密数据(例如,将加密块反馈回其自身)。
I was thinking about this while bicycling home, and one other possible issue came to mind. With a typical hashing scheme to store a password, it is best to run the hash a bunch of iterations (e.g., PBKDF2). This makes it much more expensive to run a brute force attack. One possibility to introduce that idea into your scheme might be to repeatedly loop over the encrypted data (e.g., feed back the encrypted block back into itself).
这篇关于这种散列技术有多强?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
