Preimage攻击的成本 [英] Cost of Preimage attack

问题描述

我需要知道使用Preimage攻击成功的成本（在加密技术中，对加密哈希的预图像攻击是试图找到具有特定哈希值的消息，维基百科）。

I need to know the cost of succeeding with a Preimage attack ("In cryptography, a preimage attack on a cryptographic hash is an attempt to find a message that has a specific hash value.", Wikipedia).

我想要散列的邮件包含六位数字（出生日期），然后是四个随机数字。这是一个社会安全号码。

The message I want to hash consists of six digits (the date of birth), then four random digits. This is a social security number.

也有可能使用特定的密码哈希。这将引入另一层安全性，因为我们必须知道密码才能为邮件生成相同的哈希值。

Is there also a possibility to hash something using a specific password. This would introduce another layer of security as one would have to know the password in order to produce the same hash values for a message.

我在考虑使用SHA-2 。

I am thinking about using SHA-2.

推荐答案

如果你想知道为你描述的字符串找到一个preimage是多么昂贵，找出有多少可能的字符串。由于前6位数字是出生日期，它们的值比10 ^ 6的天真假设更受限制 - 我们的上限为366 * 100（一年中的每天，加上两位数年份）。

If you want to know how expensive it is to find a preimage for the string you're describing, you need to figure out how many possible strings there are. Since the first 6 digits are a date of birth, their value is even more restricted than the naive assumption of 10^6 - we have an upper bound of 366*100 (every day of the year, plus the two digit year).

剩余的4个'随机'数字允许另外10 ^ 4种可能性，给出366 * 100 * 10 ^ 4 = 366,000,000个散列的不同散列的总数。

The remaining 4 'random' digits permit another 10^4 possibilities, giving a total number of distinct hashes of 366 * 100 * 10^4 = 366,000,000 hashes.

有了这么少的可能性，它应该可以在现代计算机上几分之一秒内找到一个preimage - 或者，为此，构建一个查找表为每个可能的哈希。

With that few possibilities, it ought to be possible to find a preimage in a fraction of a second on a modern computer - or, for that matter, to build a lookup table for every possible hash.

如Tom所说，使用盐将使查找表不切实际，但是由于有限值的有限范围，强力攻击

Using a salt, as Tom suggests, will make a lookup table impractical, but with such a restricted range of valid values, a brute force attack is still eminently practical, so it alone is not sufficient to make the attack impractical.

使事情更加昂贵的一种方法是使用迭代散列 - 即散列散列，并且哈希，反复。你必须做比你的攻击者少很多哈希，所以增加的成本影响他们比他们你。但是，这仍然可能是一个只有一个小缺口给予小的搜索空间。

One way to make things more expensive is to use iterative hashing - that is, hash the hash, and hash that, repeatedly. You have to do a lot less hashing than your attacker does, so increases in cost affect them more than they do you. This is still likely to be only a stopgap given the small search space, however.

至于使用密码，它听起来像你正在寻找 HMAC - 使用散列的结构，但只能在具有密钥的情况下验证。如果你可以保持密钥的秘密 - 没有容易的任务，如果你假设只有当你的系统被破坏在第一位的哈希值，这是一个实用的系统。

As far as "using a password" goes, it sounds like you're looking for an HMAC - a construction that uses a hash, but can only be verified if you have the key. If you can keep the key secret - no easy task if you're assuming the hashes can only be obtained if your system is compromised in the first place - this is a practical system.

编辑：好的，所以一秒钟的分数可能是一个微小的夸张，至少与我微不足道的Python测试。然而，在短时间内在单个计算机上强制执行仍然是很容易的。

Okay, so 'fractions of a second' may have been a slight exaggeration, at least with my trivial Python test. It's still perfectly tractable to bruteforce on a single computer in a short timeframe, however.

这篇关于Preimage攻击的成本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！