哈希和盐碰撞 [英] Hash and salt collision
问题描述
我记得一个人告诉我,如果我让他改变4个字节,他可以让一个文件有任何他想要的校验和( CRC-32 )。
我听说过提到哈希。我想知道是否有人有他的文件匹配我的文件会叮the MD5或SHA-1 hash改变结果,所以两个文件不再碰撞?或者只是改变了结束散列值?
您正在混合使用两种不同的散列值:
-
Checksumming防止随机(非恶意)错误。
>计算密码消息摘要以存储密码,签名消息,证书...... Checksumming for guarding against random (non-malicious) errors.
Computing cryptographical message digests for storing passwords, signing messages, certificates ...
CRC是一个很好的选择第一个应用程序,但完全不适合第二个应用程序,因为计算碰撞很容易(在数学上说:CRC是线性的)。这就是你的朋友实质上告诉你的。
MD5和SHA1是用于第二种应用程序的加密哈希。然而,MD5已经被破解,而SHA1被认为是最近的弱点。尽管MD5可以被破解,但是需要很长时间才能找到MD5冲突(从几天到几周)。
至于salt,它会计算加密哈希当地通过混合一些随机的非秘密价值,这个值被称为盐。这可以防止计算全局表,这使得从散列值计算可能的值(例如密码)变得容易。表的计算是非常昂贵的,但没有盐,成本将分摊在许多破解密码。
I remember a guy telling me that if I let him change 4 bytes he can make a file have any checksum he wants (CRC-32).
I heard mention of salting a hash. I am wondering if someone had his file match my file would salting the MD5 or SHA-1 hash change the result so both files no longer collide? Or does it change the end hash value only?
You are mixing up two different uses of hash values:
CRCs are a good choice for the first application, but totally unsuited for the second, because it is easy to compute a collision (in math-speak: CRCs are linear). This is what your friend is essentially telling you.
MD5 and SHA1 are cryptographic hashes intended for the second kind of application. However, MD5 has been cracked and SHA1 is considered weak these days. Still, even though MD5 can be cracked it takes a long time to find MD5 collisions (days to weeks).
As for salt, it makes the computation of the cryptographic hash local by mixing in some random non-secret value, this value is called the salt. This prevents computing global tables which make it easy to compute possible values (e.g. passwords) from the hash value. The computation of the tables is extremely expensive, but without salt the cost would be amortized over many cracked passwords.
这篇关于哈希和盐碰撞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!