我看到哈希和加密算法之间有很多混淆,我想听到一些关于以下方面的专家建议:
什么时候使用哈希和加密 是什么让哈希或加密算法不同(从理论/数学层面) 例如,是什么使得哈希不可逆(没有彩虹树的帮助)
以下是一些类似的SO问题,但没有像我想要的那样详细:
混淆、哈希和加密之间的区别是什么? 加密和哈希的区别
我看到哈希和加密算法之间有很多混淆,我想听到一些关于以下方面的专家建议:
什么时候使用哈希和加密 是什么让哈希或加密算法不同(从理论/数学层面) 例如,是什么使得哈希不可逆(没有彩虹树的帮助)
以下是一些类似的SO问题,但没有像我想要的那样详细:
混淆、哈希和加密之间的区别是什么? 加密和哈希的区别
当前回答
哈希函数将可变大小的文本转换为固定大小的文本。
来源:https://en.wikipedia.org/wiki/Hash_function
PHP中的哈希函数
哈希将字符串转换为哈希字符串。见下文。
散列:
$str = 'My age is 29';
$hash = hash('sha1', $str);
echo $hash; // OUTPUT: 4d675d9fbefc74a38c89e005f9d776c75d92623e
密码通常以散列表示形式存储,而不是以可读文本的形式存储。当终端用户希望访问受密码保护的应用程序时,必须在身份验证过程中提供密码。当用户提交密码时,有效的身份验证系统接收密码并对给定的密码进行散列。将此密码哈希与系统已知的哈希进行比较。在平等的情况下,允许访问。
DEHASH:
SHA1是单向哈希。这意味着你不能去散列。
但是,您可以强制使用散列。请参见:https://hashkiller.co.uk/sha1-decrypter.aspx。
MD5是另一种哈希。MD5散列器可以在这个网站上找到:https://www.md5online.org/。
为了阻止对哈希的蛮力攻击,可以给一个盐。 在php中,您可以使用password_hash()来创建密码散列。 函数password_hash()自动创建一个盐。 使用password_verify()对密码哈希进行验证(使用salt)。
// Invoke this little script 3 times, and it will give you everytime a new hash
$password = '1234';
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;
// OUTPUT
$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu
$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u
$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW
一个密码可以由多个哈希表示。 当使用password_verify()使用不同的密码哈希值验证密码时,该密码将被接受为有效密码。
$password = '1234';
$hash = '$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu';
var_dump( password_verify($password, $hash) );
$hash = '$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u';
var_dump( password_verify($password, $hash) );
$hash = '$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW';
var_dump( password_verify($password, $hash) );
// OUTPUT
boolean true
boolean true
boolean true
加密函数通过使用加密密钥将文本转换为无意义的密文,反之亦然。
来源:https://en.wikipedia.org/wiki/Encryption
PHP加密
让我们深入研究一些处理加密的PHP代码。
- Mcrypt扩展-
加密:
$cipher = MCRYPT_RIJNDAEL_128;
$key = 'A_KEY';
$data = 'My age is 29';
$mode = MCRYPT_MODE_ECB;
$encryptedData = mcrypt_encrypt($cipher, $key , $data , $mode);
var_dump($encryptedData);
//OUTPUT:
string '„Ùòyªq³¿ì¼üÀpå' (length=16)
解密:
$decryptedData = mcrypt_decrypt($cipher, $key , $encryptedData, $mode);
$decryptedData = rtrim($decryptedData, "\0\4"); // Remove the nulls and EOTs at the END
var_dump($decryptedData);
//OUTPUT:
string 'My age is 29' (length=12)
——OpenSSL扩展——
Mcrypt扩展在7.1中被弃用。并在PHP 7.2中删除。 应该在php 7中使用OpenSSL扩展。请看下面的代码片段:
$key = 'A_KEY';
$data = 'My age is 29';
// ENCRYPT
$encryptedData = openssl_encrypt($data , 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($encryptedData);
// DECRYPT
$decryptedData = openssl_decrypt($encryptedData, 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($decryptedData);
//OUTPUT
string '4RJ8+18YkEd7Xk+tAMLz5Q==' (length=24)
string 'My age is 29' (length=12)
其他回答
哈希函数可以看作是烤一条面包。你从输入(面粉、水、酵母等)开始,在应用哈希函数(混合+烘焙)后,你最终会得到一个输出:一条面包。
另一种方法是非常困难的——你不能真正地把面包分成面粉、水和酵母——其中一些在烘焙过程中丢失了,你永远无法确切地说出某条面包使用了多少水、面粉或酵母,因为这些信息被哈希函数(又名烤箱)破坏了。
从理论上讲,许多不同的输入变体将生产相同的面包(例如,2杯水和1茶匙酵母生产的面包与2.1杯水和0.9茶匙酵母生产的面包完全相同),但给定其中一个面包,你无法确切地说出哪种输入组合生产了它。
另一方面,加密可以被看作是一个保险箱。不管你放进去什么,只要你有一开始锁进去的钥匙,它就会出来。这是一个对称运算。给定一个键和一些输入,就会得到一个特定的输出。给定这个输出和相同的键,您将得到原始的输入。这是一个1:1的映射。
当涉及到传输数据的安全性时,即双向通信,你使用加密。所有加密都需要密钥
当涉及到授权时,您使用哈希。哈希中没有键
Hashing takes any amount of data (binary or text) and creates a constant-length hash representing a checksum for the data. For example, the hash might be 16 bytes. Different hashing algorithms produce different size hashes. You obviously cannot re-create the original data from the hash, but you can hash the data again to see if the same hash value is generated. One-way Unix-based passwords work this way. The password is stored as a hash value, and to log onto a system, the password you type is hashed, and the hash value is compared against the hash of the real password. If they match, then you must've typed the correct password
为什么哈希是不可逆的:
哈希是不可逆的,因为输入到哈希的映射不是1对1的。 有两个输入映射到相同的哈希值通常被称为“哈希碰撞”。出于安全考虑,“好的”哈希函数的属性之一是在实际使用中很少发生冲突。
我的两句台词……面试官一般想要以下答案。
哈希是一种方法。您不能将数据/字符串从哈希代码转换。
加密是两种方式-如果你有密钥,你可以再次解密加密的字符串。
哈希和加密/解密技术的基本概述如下。
散列:
如果你再次哈希任何纯文本,你不能得到相同的纯文本 散列文本中的文本。简单地说,这是一个单向的过程。
加密和解密:
如果你加密任何纯文本与密钥再次你可以 通过使用相同(对称)/不同(不对称)密钥对加密文本进行解密来获得相同的纯文本。
更新: 解决编辑问题中提到的问题。
1. When to use hashes vs encryptions Hashing is useful if you want to send someone a file. But you are afraid that someone else might intercept the file and change it. So a way that the recipient can make sure that it is the right file is if you post the hash value publicly. That way the recipient can compute the hash value of the file received and check that it matches the hash value. Encryption is good if you say have a message to send to someone. You encrypt the message with a key and the recipient decrypts with the same (or maybe even a different) key to get back the original message. credits
2. 是什么使哈希或加密算法不同(从理论/数学层面),即什么使哈希不可逆 (没有彩虹树的帮助)
Basically hashing is an operation that loses information but not encryption. Let's look at the difference in simple mathematical way for our easy understanding, of course both have much more complicated mathematical operations with repetitions involved in it Encryption/Decryption (Reversible): Addition: 4 + 3 = 7 This can be reversed by taking the sum and subtracting one of the addends 7 - 3 = 4 Multiplication: 4 * 5 = 20 This can be reversed by taking the product and dividing by one of the factors 20 / 4 = 5 So, here we could assume one of the addends/factors is a decryption key and result(7,20) is an encrypted text. Hashing (Not Reversible): Modulo division: 22 % 7 = 1 This can not be reversed because there is no operation that you can do to the quotient and the dividend to reconstitute the divisor (or vice versa). Can you find an operation to fill in where the '?' is? 1 ? 7 = 22 1 ? 22 = 7 So hash functions have the same mathematical quality as modulo division and lose the information.
学分
EncryptionThe Purpose of encryption is to transform data in order to keep it secret E.g (Sending someone a secret text that they only should able to read,sending passwords through Internet). Instead of focusing the usability the goal is to ensure the data send can be sent secretly and it can only seen by the user whom you sent. It Encrypts the data into another format of transforming it into unique pattern it can be encrypt with the secret key and those users who having the secret key can able to see the message by reversible the process. E.g(AES,BLOWFISH,RSA) The encryption may simply look like this FhQp6U4N28GITVGjdt37hZN Hashing In technically we can say it as takes a arbitary input and produced a fixed length string. Most important thing in these is you can't go from the output to the input.It produces the strong output that the given information has not been modified. The process is to take a input and hash it and then send with the sender's private key once the receiver received they can validate it with sender's public key. If the hash is wrong and did't match with hash we can't see any of the information. E.g(MD5,SHA.....)