如何不可能“解密”一个MD5哈希? [英] How can it be impossible to "decrypt" an MD5 hash?
问题描述
可能重复:
MD5哈希值如何不可逆?
我正在阅读有关MD5的问题,这让我记得让我感到困扰的一些东西。很简单的问题,对不起,如果不是一个好的话。我只是不明白如何使用一些算法将某些东西转换成一个东西,并且没有办法使用逆算法将其转换回来。
那么如何另外,由于多个字符串可以创建相同的MD5哈希值,因为它比输入的字符串更少的数据,所以其他哈希系统会有什么更好的?
基本上这是因为MD5的输出包含的信息少于输入。这基本上是哈希算法与加密算法的区别。
这里有一个简单的例子:想象一个计算10位数字的散列的算法。算法是返回最后2位数。如果我使用8023798734的哈希值,我得到34,但是如果你所有的是34,你将无法告诉原来的号码是因为哈希算法丢弃了8位数字的信息。它与MD5类似,除了散列是通过复杂的过程计算,而不是仅仅切断部分数据。
那么一个哈希如何比另一个更好?一方面,不同的散列算法可能或多或少地抵抗碰撞(当两个输入产生相同的输出时)。碰撞的概率与可能的散列输出的数量成反比。碰撞是散列的不良特征,因为如果您的数据发生变化,您希望散列也改变,所以获得更好的散列算法的一种方法是使用具有更多可能输出的散列。在上面的数字示例中,取最后4位而不是最后2位减少了与给定散列(技术上称为 preimage )的冲突概率在10000而不是1的100,所以更有可能的是,您拥有的所有10位数字将具有不同的散列值。
还有加密安全性的问题。当您想要使用散列来确保某些数据没有被篡改时,无论谁做篡改都无法预测什么输入将产生给定的输出是可取的。如果可以,他们将能够以输出(散列)保持不变的方式改变输入数据。再回到数字示例,假设我要给您发送电子邮件号码1879483129,这是非常重要的,这个数字不会改变。我可以打电话给你,告诉你这个数字的哈希值,这将是29,但是由于最后两位数的算法并不是加密安全的,一个恶意的黑客可能会改变路由的数量,比如5555555529,你会不知道差异。
已经显示 MD5不是加密安全的(和 SHA- 1也受到影响)。这意味着可以找到对应于任何给定输出的不同输入。它仍然是一个很好的算法来防止随机的位翻转等,但是如果有机会有意图破坏您的数据,那么您应该真正使用更安全的东西,如SHA-256或更高版本,可能是HMAC方案的一部分。
Possible Duplicate:
How come MD5 hash values are not reversible?
I was reading a question about MD5, and it made me remember something that boggles me. Very simple question, and I'm sorry if it's not a good one. I just can't understand how you convert something to one thing using some algorithm, and there being no way to convert it back using the algorithm in reverse.
So how is this possible?
Also, since multiple strings can create the same MD5 hash, due to it being less data than the input string, how would any other hashing system be any better?
Basically it's because the output of MD5 contains less information than the input. This is basically what distinguishes a hash algorithm from an encryption algorithm.
Here's a simple example: imagine an algorithm to compute the hash of a 10-digit number. The algorithm is "return the last 2 digits." If I take the hash of 8023798734, I get 34, but if all you had is the 34, you would have no way to tell what the original number is because the hashing algorithm discarded 8 digits worth of information. It's similar with MD5, except that the hash is computed via a complex procedure instead of just chopping off part of the data.
So then how can one hash be better than another? For one thing, different hash algorithms can be more or less resistant to collisions (when two inputs produce the same output). The probability of a collision is inversely related to the number of possible hash outputs. Collisions are an undesirable feature of hashes because if your data changes, you want the hash to change too, so one way to get a better hash algorithm is to use a hash with more possible outputs. In the digits example above, taking the last 4 digits instead of the last 2 digits reduces the probability of a collision with a given hash (technically called a preimage) to 1 in 10000 instead of 1 in 100, so it's more likely that all the 10-digit numbers in whatever set you have will have different hash values.
There's also the issue of cryptographic security. When you want to use a hash to make sure that some data is not tampered with, it's desirable that whoever's doing the tampering can't predict what inputs will produce a given output. If they could, they would be able to alter the input data in such a way that the output (the hash) remains the same. Going back to the digits example again, let's say I'm going to email you the number 1879483129 and it is critically important that this number gets to you unaltered. I might call you up and tell you the hash of the number, which would be 29, but since the "last 2 digits" algorithm is not cryptographically secure, a nefarious hacker could change the number en route to, say, 5555555529 and you wouldn't know the difference.
It's been shown that MD5 is not cryptographically secure (and SHA-1 is also compromised). That means that it is possible to find different inputs which correspond to any given output. It's still a fine algorithm for protecting against random bit flips and the like, but if there's a chance someone might want to intentionally corrupt your data, you should really use something more secure, like SHA-256 or greater, probably as part of an HMAC scheme.
这篇关于如何不可能“解密”一个MD5哈希?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
