各种散列算法的特点？ [英] characteristics of various hash algorithms?

问题描述

MD5，MD6？所有的SHA-出头，CRC多岁的年轻人。我以前用过他们，看到他们在不同的地方使用，但我不知道为什么你会使用一个比另一个。

MD5, MD6?, all the SHA-somethings, CRC-somethings. I've used them before and seen them used in various places, but I have no idea why you would use one over another.

在一个非常高的水平，什么是所有这些3/4字母的缩写之间的差异在性能，碰撞概率和一般难以crackness条款？是否有那些依靠什么样还是什么的数据量，我哈希？

On a very high level, what is the difference between all these 3/4 letter acronyms In terms of performance, collision probability and general hard-to-crackness? Does any of those depend on what kind or what amount of data I am hashing?

什么取舍是我做的时候我选择一个比另一个？我读过的CRC不适合使用的安全性，但对于一般的哈希表防撞？

What trade-offs am I making when i choose one over another? I've read that the CRC is not suitable to use for security, but what about for general hash-table collision avoidance?

推荐答案

CRC-无论是主要用于（应该是唯一的）用于防止的偶然的变化数据。他们这样做的检测噪音，这样相当不错的工作，但不可用于加密的目的 - 寻找第二preimage（产生相同的哈希第二输入）是（通过密码标准）微不足道。

CRC-whatever is used primarily (should be exclusively) for protection against accidental changes in data. They do quite a good job of detecting noise and such, but are not intended for cryptographic purposes -- finding a second preimage (a second input that produces the same hash) is (by cryptographic standards) trivial.

MD-5。原本打算用于加密使用，但相当老和现在被认为是相当薄弱。虽然没有第二preimage攻击是已知的，一个碰撞攻击是已知的（即，一个方式生产两个选定的输入产生相同的结果，但不是第二输入以产生相同的结果作为1个真实指定）。关于使用这个更多的唯一的一次是作为CRC的更详细的版本。

MD-5. Originally intended for cryptographic use, but fairly old and now considered fairly weak. Although no second preimage attack is known, a collision attack is known (i.e., a way to produce two selected inputs that produce the same result, but not a second input to produce the same result as one that's specified). About the only time to use this any more is as a more elaborate version of a CRC.

很久很久以前，根本就SHA。在其历史很早，缺陷被发现，并有轻微的修改，是为了产生SHA-1。 SHA是在使用很短的足够的时间，它的实际意义很少。

Once upon a time, there was simply "SHA". Very early in its history, a defect was found, and a slight modification was made to produce SHA-1. SHA was in use for a short enough time that it's rarely of practical interest.

SHA-1一般的更多的较安全的MD-5的但的仍然是相同的一般范围内 - 一个碰撞攻击是已知的，但它是一个的很多的 ¹ 比MD-5更贵。没有第二个preimage进攻而闻名，但碰撞攻击是不够的说远离。

SHA-1 is generally more secure than MD-5, but still in the same general range -- a collision attack is known, though it's a lot¹ more expensive than for MD-5. No second preimage attack is known, but the collision attack is enough to say "stay away".

SHA-256，SHA-384，SHA-512：这些是基于排序上的SHA-1，但稍微复杂一些内部。至少据我所知，没有一个二线preimage攻击的和的碰撞攻击是已知的任何一种在present时间。

SHA-256, SHA-384, SHA-512: These are sort of based on SHA-1, but are somewhat more complex internally. At least as far as I'm aware, neither a second-preimage attack nor a collision attack is known on any of these at the present time.

SHA-3：美国国家标准与技术研究所（NIST）目前持有的竞争规范替换当前SHA-2系列哈希算法，这将明显被称为SHA-3。我写这篇文章（2011年9月）的竞争目前已进入第三轮，有五名候选人（布雷克，Grøstl，JH，Kaccek和绞纱 ² ）留在运行。第3轮计划将超过2012年1月，在它的算法时间的公众意见将不再是（至少官方）认可。 2012年3月，（三）SHA-3会议将（在华盛顿特区）举行。在一些未指定的日期在2012年之后，最终选择将另行通知。

SHA-3: US National Institute of Standards and Technology (NIST) is currently holding a competition to standardize a replacement for the current SHA-2 series hash algorithm, which will apparent be called SHA-3. As I write this (September 2011) the competition is currently in its third round, with five candidates (Blake, Grøstl, JH, Kaccek and Skein²) left in the running. Round 3 is scheduled to be over in January 2012, at which time public comments on the algorithms will no longer be (at least officially) accepted. In March 2012, a (third) SHA-3 conference will be held (in Washington DC). At some unspecified date later in 2012, the final selection will be announced.

¹ 对于任何人谁在乎它是如何昂贵得多的攻击SHA-1比MD-5，我会尽力提供一些具体的数字。对于MD-5，我〜5岁可生产约40-45分钟的碰撞。对于SHA-1，我只有一个估计，但我的估计是，集群产生碰撞在一个每一周的速度的将花费超过100万美元（可能接近$ 10个亿）。即使给定的现有的机器，操作机器足够长的时间，以找到一个碰撞的成本是可观的。

¹ For anybody who cares about how much more expensive it is to attack SHA-1 than MD-5, I'll try to give some concrete numbers. For MD-5, my ~5 year-old machine can produce a collision in about 40-45 minutes. For SHA-1, I only have an estimate, but my estimate is that a cluster to produce collisions at a rate of one per week would cost well over a million US dollars (and probably closer to $10 million). Even given an existing machine, the cost of operating the machine long enough to find a collision is substantial.

² 由于它几乎是不可避免的有人会至少有奇迹，我会指出，布鲁斯曾在条目是绞纱。

² Since it's almost inevitable that somebody will at least wonder, I'll point out that the entry Bruce Schneier worked on is Skein.

这篇关于各种散列算法的特点？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！