可确定性散列函数可以很容易地解密？ [英] Can a deterministic hashing function be easily decrypted?

问题描述

可能显示的文件：
  是否可以解密MD5哈希？
  是否有可能扭转SHA1？

Possible Duplicates:
Is it possible to decrypt md5 hashes?
Is it possible to reverse a sha1?

我问这个问题： <一href="http://stackoverflow.com/questions/3143693/working-with-huge-s$p$padsheet">http://stackoverflow.com/questions/3143693/working-with-huge-s$p$padsheet

和有一个伟大的答案，我也跟着意见。我用这个： http://splinter.com.au/blog/?p=86

and got a great answer and i followed the advice. i used this: http://splinter.com.au/blog/?p=86

和我在一个excel US preadsheet散列列中的约30万不同的元素

and i hashed about 300,000 different elements in a column in an excel spreadsheet

因为你可以这样做：

=SHA1HASH('The quick brown fox jumps over the lazy dog')

和你得到的：

2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

想不出你往后走呢？

couldnt you go backwards as well?

即时消息说，如果加密相同的文字以同样的方式，每一次，有什么意义呢？

im saying if it encrypts the same text the same way every single time, what is the point?

如果你知道散列算法，是有可能倒退？

if you do know the hash algorithm, is it possible to go backwards?

你能请向我解释很干脆如何散列的工作？你怎么能转换成一个20GB的为40个字符的哈希？它需要很长的时间来凑一个20GB的hardrive？

can you please explain to me very simply how does hashing work? how can you convert a 20gb to a 40 character hash? does it take a long time to hash a 20gb hardrive?

推荐答案

我看到你的观点基于这样的事实，你试图掩盖社会安全号码。如果有人使用的是SHA1HASH的SSN创建一个唯一的标识符，那么可以只生成所有SSN号码的快速列表，SHA1HASH它们，然后比较，自动拥有人在记录的SSN知道。更糟的是，他们可以在一个哈希查找表pregenerate所有这些，以及具有1散列为每SSN一个键。这被称为散列查找表，和更复杂的形式被称为彩虹表

I see your point based on the fact that you are trying to hide Social security numbers. If someone knows you are using an SHA1HASH on the SSN to create a unique identifier, then can just generate a quick list of all SSN numbers, SHA1HASH them, then compare to automatically have the SSN of the person in the record. Even worse, they can pregenerate all these in a hash lookup table, and have a key of 1 hash for every SSN. This is called a hash lookup table, and more complex forms are called rainbow tables.

这是为什么散列的第二个特征被发明。这就是所谓的盐析。腌制基本上是这样;您创建的盐，然后用食盐修改数据。 例如，假设你有SSN 123-45-6789。你可以盐用字符串月光。你对哈希新的字符串为123-45-6789MOONBEAM

This is why a second feature of hashing was invented. It is called salting. Salting is basically this; you create a salt, then modify your data using the salt. For instance, say you had the SSN 123-45-6789 . You could salt it with the string "MOONBEAM". Your new string for hashing is "123-45-6789MOONBEAM"

现在，即使有人知道你在散列SSN来生成唯一的ID，他们仍然不知道你将要使用的盐，所以不能用pre-散​​列推导出原来的SSN所有核潜艇和列表进行比较，以你的ID。你然而，可以始终以用户的SSN中，使用的盐，并重排该SSN +盐，查看是否用户SSN匹配与它们的ID

Now, even if someone knows that you are hashing the SSN to generate your unique ID, they still don't know the salt you will be using, and so are unable to derive the original SSN by pre-hashing a list of all SSNs and comparing to your ID. You however, can always take the user's SSN, use the salt, and rehash the SSN+SALT to see if the user SSN matches up with their ID.

最后，如果你只使用1盐的一切，并保持它的秘密，而不是能够看到盐，并生成相应的SSN运行SSN增量+盐了100万次，并挑选了比赛，他们必须做了很多工作来检索SSN。这是因为，100​​万美元的SSN号码具有相对低的熵的量。 （10 ^ 9的组合）。通过添加盐和保持它的秘密，而不是仅仅运行

Finally, if you use just 1 salt for everything, and keep it secret, instead of being able to see the salt, and generate the corresponding SSN by running SSN increments + salt 100 million times and picking the match, they have to do a lot more work to retrieve SSN. This is because the 100 million SSN numbers have a relatively low amount of entropy. (10^9 combinations). By adding your salt and keeping it secret, instead of just running

SHA1HASH(111-11-1111) -> check hash match
SHA1HASH(111-11-1112) -> check hash match
SHA1HASH(111-11-1113) -> check hash match

，他们将不得不执行

They would have to run

SHA1HASH(111-11-1111a) -> check hash match
SHA1HASH(111-11-1111b) -> check hash match
SHA1HASH(111-11-1111c) -> check hash match
...
SHA1HASH(111-11-1111azdfg) -> check hash match
SHA1HASH(111-11-1111azdfh) -> check hash match
....
SHA1HASH(111-11-1111zzzzzzzzzzzzzzzz) -> check hash match
SHA1HASH(111-11-1112a) -> check hash match
SHA1HASH(111-11-1112b) -> check hash match

..等，直到他们终于如愿

.. and so on until they finally get to

SHA1HASH(123-45-6789MOONBEAM) -> check hash match

在这一点上，他们最终还是设法破解SSN +盐

at which point they finally did manage to crack the SSN + SALT

他们甚至不知道有多少个字符，你的盐 所以这是倍以上的工作10 ^（盐分的字符数）为他们做只是为了获得1 SSN，更不用说得到整个表。

They don't even know how many characters long your salt is So that is 10^(number of characters of your salt) times more work for them to do just to get 1 SSN, let alone get the whole table.

这篇关于可确定性散列函数可以很容易地解密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！