鸡/鸡蛋问题:文件内部散列(包括散列)!可能? [英] Chicken/Egg problem: Hash of file (including hash) inside file! Possible?
问题描述
我完全理解,使用单向加密散列方法md5 / sha。
我也知道将验证数据存储为zip和zip的容器的可能性。我也知道可以单独计算哈希值并将其与文件一起发送,或者将其附加到文件末尾或客户端,在计算散列时忽略它。
这不是我想要的。
我想知道是否有一种算法,它可以从包含散列本身结果的数据中获得结果散列。
它不需要加密或填充很多标准。它也可以基于一些启发式的方法,在一段实际的时间之后提供期望的结果。
我对数学并不那么喜欢,但是不可能有一些真正先进的指数模数多项式循环反向引用devision的东西,使这成为可能?
如果不是,什么(如果有的话)证明它?
我之所以需要这个tis是因为我想(最终)存储一个散列以及MP4文件。它的复杂,但其他解决方案并不容易实现,因为该文件通过一个糟糕的desigend生产管道... ...
某种程度上可以用CRC来做到这一点。我过去所做的是在文件中留出4个字节作为CRC32的占位符,并填充零。然后我计算文件的CRC。
然后可以通过计算CRC多项式的伽罗瓦域中的数字来填充占位符字节,以使文件的CRC等于任意的固定常量。
(更多细节可能但不是正确的,你需要计算(CRC_desired - CRC_initial)* 2 -8 * byte_offset Galois字段,其中byte_offset是占位符字节和文件结尾之间的字节数。)
注:根据@ KeithS的评论,这个解决方案不是为了防止有意篡改。我们在一个项目中使用它作为将嵌入式系统中的元数据与用于编程的可执行文件绑定在一起的手段 - 嵌入式系统本身并不直接了解用于对其进行编程的文件,因此无法计算出CRC或哈希本身 - 来检测嵌入式系统和用于编程的文件之间的意外不匹配。 (在后来的系统中,我刚刚使用UUID。)
Thing is I have a file that has room for metadata. I want to store a hash for integrity verification in it. Problem is, once I store the hash, the file and the hash along with it changes.
I perfectly understand that this is by definition impossible with one way cryptographic hash methods like md5/sha.
I am also aware of the possibility of containers that store verification data separated from the content as zip & co do.
I am also aware of the possibility to calculate the hash separately and send it along with the file or to append it at the end or somewhere where the client, when calculating the hash, ignores it.
This is not what I want.
I want to know whether there is an algorithm where its possible to get the resulting hash from data where the very result of the hash itself is included.
It doesn't need to be cryptographic or fullfill a lot of criterias. It can also be based on some heuristics that after a realistic amount of time deliver the desired result.
I am really not so into mathematics, but couldn't there be some really advanced exponential modulo polynom cyclic back-reference devision stuff that makes this possible?
And if not, whats (if there is) the proof against it?
The reason why i need tis is because i want (ultimately) to store a hash along with MP4 files. Its complicated, but other solutions are not easy to implement as the file walks through a badly desigend production pipeline...
It's possible to do this with a CRC, in a way. What I've done in the past is to set aside 4 bytes in a file as a placeholder for a CRC32, filling them with zeros. Then I calculate the CRC of the file.
It is then possible to fill the placeholder bytes to make the CRC of the file equal to an arbitrary fixed constant, by computing numbers in the Galois field of the CRC polynomial.
(Further details possible but not right at this moment. You basically need to compute (CRC_desired - CRC_initial) * 2-8*byte_offset in the Galois field, where byte_offset is the number of bytes between the placeholder bytes and the end of the file.)
Note: as per @KeithS's comments this solution is not to prevent against intentional tampering. We used it on one project as a means to tie metadata within an embedded system to the executable used to program it -- the embedded system itself does not have direct knowledge of the file(s) used to program it, and therefore cannot calculate a CRC or hash itself -- to detect inadvertent mismatch between an embedded system and the file used to program it. (In later systems I've just used UUIDs.)
这篇关于鸡/鸡蛋问题:文件内部散列(包括散列)!可能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
