哈希函数将可变大小的文本转换为固定大小的文本。

来源:https://en.wikipedia.org/wiki/Hash_function

---

PHP中的哈希函数

哈希将字符串转换为哈希字符串。见下文。

散列:

$str = 'My age is 29';
$hash = hash('sha1', $str);
echo $hash; // OUTPUT: 4d675d9fbefc74a38c89e005f9d776c75d92623e

密码通常以散列表示形式存储，而不是以可读文本的形式存储。当终端用户希望访问受密码保护的应用程序时，必须在身份验证过程中提供密码。当用户提交密码时，有效的身份验证系统接收密码并对给定的密码进行散列。将此密码哈希与系统已知的哈希进行比较。在平等的情况下，允许访问。

DEHASH:

SHA1是单向哈希。这意味着你不能去散列。

但是，您可以强制使用散列。请参见:https://hashkiller.co.uk/sha1-decrypter.aspx。

MD5是另一种哈希。MD5散列器可以在这个网站上找到:https://www.md5online.org/。

为了阻止对哈希的蛮力攻击，可以给一个盐。 在php中，您可以使用password_hash()来创建密码散列。 函数password_hash()自动创建一个盐。 使用password_verify()对密码哈希进行验证(使用salt)。

// Invoke this little script 3 times, and it will give you everytime a new hash
$password = '1234';  
$hash = password_hash($password, PASSWORD_DEFAULT);  

echo $hash; 
// OUTPUT 

$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu 

$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u 

$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW

一个密码可以由多个哈希表示。 当使用password_verify()使用不同的密码哈希值验证密码时，该密码将被接受为有效密码。

$password = '1234';  

$hash = '$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu';  
var_dump( password_verify($password, $hash) );  

$hash = '$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u';  
var_dump( password_verify($password, $hash) );  

$hash = '$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW';  
var_dump( password_verify($password, $hash) );

// OUTPUT 

boolean true 

boolean true 

boolean true

---

---

加密函数通过使用加密密钥将文本转换为无意义的密文，反之亦然。

来源:https://en.wikipedia.org/wiki/Encryption

---

PHP加密

让我们深入研究一些处理加密的PHP代码。

- Mcrypt扩展-

加密:

$cipher = MCRYPT_RIJNDAEL_128;
$key = 'A_KEY';
$data = 'My age is 29';
$mode = MCRYPT_MODE_ECB;

$encryptedData = mcrypt_encrypt($cipher, $key , $data , $mode);
var_dump($encryptedData);

//OUTPUT:
string '„Ùòyªq³¿ì¼üÀpå' (length=16)

解密:

$decryptedData = mcrypt_decrypt($cipher, $key , $encryptedData, $mode);
$decryptedData = rtrim($decryptedData, "\0\4"); // Remove the nulls and EOTs at the END
var_dump($decryptedData);

//OUTPUT:
string 'My age is 29' (length=12)

——OpenSSL扩展——

Mcrypt扩展在7.1中被弃用。并在PHP 7.2中删除。 应该在php 7中使用OpenSSL扩展。请看下面的代码片段:

$key = 'A_KEY';
$data = 'My age is 29';

// ENCRYPT
$encryptedData = openssl_encrypt($data , 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($encryptedData);

// DECRYPT    
$decryptedData = openssl_decrypt($encryptedData, 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($decryptedData);

//OUTPUT
string '4RJ8+18YkEd7Xk+tAMLz5Q==' (length=24)
string 'My age is 29' (length=12)

当你不想返回原始输入时，使用哈希，当你想要返回原始输入时，使用加密。

哈希表获取一些输入并将其转换为一些位(通常被认为是一个数字，如32位整数，64位整数等)。相同的输入总是会产生相同的散列，但是在这个过程中你主要会丢失信息，所以你不能可靠地重现原始输入(但是有一些注意事项)。

加密主要保留了您输入到加密函数中的所有信息，只是使任何人在不拥有特定密钥的情况下很难(理想情况下不可能)逆转到原始输入。

哈希的简单例子

这里有一个简单的例子来帮助您理解为什么哈希(在一般情况下)不能返回原始输入。假设我要创建一个1位哈希。我的哈希函数接受一个比特字符串作为输入，如果输入字符串中设置了偶数位，则将哈希值设置为1，如果输入字符串中设置了奇数位，则设置为0。

例子:

Input    Hash
0010     0
0011     1
0110     1
1000     0

注意，有许多输入值的哈希值为0，也有许多输入值的哈希值为1。如果你知道哈希值是0，你就不能确定原始输入是什么。

顺便说一下，这个1位哈希并不是完全人为的…看看奇偶校验位。

加密的简单例子

你可以通过使用简单的字母替换来加密文本，比如如果输入是a，你就写B。如果输入是B，你就写c。一直到字母表的末尾，如果输入是Z，你又写a。

Input   Encrypted
CAT     DBU
ZOO     APP

就像简单的哈希示例一样，这种类型的加密在历史上也被使用过。

当涉及到传输数据的安全性时，即双向通信，你使用加密。所有加密都需要密钥

当涉及到授权时，您使用哈希。哈希中没有键

Hashing takes any amount of data (binary or text) and creates a constant-length hash representing a checksum for the data. For example, the hash might be 16 bytes. Different hashing algorithms produce different size hashes. You obviously cannot re-create the original data from the hash, but you can hash the data again to see if the same hash value is generated. One-way Unix-based passwords work this way. The password is stored as a hash value, and to log onto a system, the password you type is hashed, and the hash value is compared against the hash of the real password. If they match, then you must've typed the correct password

为什么哈希是不可逆的:

哈希是不可逆的，因为输入到哈希的映射不是1对1的。 有两个输入映射到相同的哈希值通常被称为“哈希碰撞”。出于安全考虑，“好的”哈希函数的属性之一是在实际使用中很少发生冲突。

Use hashes when you only need to go one way. For example, for passwords in a system, you use hashing because you will only ever verify that the value a user entered, after hashing, matches the value in your repository. With encryption, you can go two ways. hashing algorithms and encryption algorithms are just mathematical algorithms. So in that respect they are not different -- its all just mathematical formulas. Semantics wise, though, there is the very big distinction between hashing (one-way) and encryption(two-way). Why are hashes irreversible? Because they are designed to be that way, because sometimes you want a one-way operation.

哈希函数将可变大小的文本转换为固定大小的文本。

来源:https://en.wikipedia.org/wiki/Hash_function

---

PHP中的哈希函数

哈希将字符串转换为哈希字符串。见下文。

散列:

$str = 'My age is 29';
$hash = hash('sha1', $str);
echo $hash; // OUTPUT: 4d675d9fbefc74a38c89e005f9d776c75d92623e

密码通常以散列表示形式存储，而不是以可读文本的形式存储。当终端用户希望访问受密码保护的应用程序时，必须在身份验证过程中提供密码。当用户提交密码时，有效的身份验证系统接收密码并对给定的密码进行散列。将此密码哈希与系统已知的哈希进行比较。在平等的情况下，允许访问。

DEHASH:

SHA1是单向哈希。这意味着你不能去散列。

但是，您可以强制使用散列。请参见:https://hashkiller.co.uk/sha1-decrypter.aspx。

MD5是另一种哈希。MD5散列器可以在这个网站上找到:https://www.md5online.org/。

为了阻止对哈希的蛮力攻击，可以给一个盐。 在php中，您可以使用password_hash()来创建密码散列。 函数password_hash()自动创建一个盐。 使用password_verify()对密码哈希进行验证(使用salt)。

// Invoke this little script 3 times, and it will give you everytime a new hash
$password = '1234';  
$hash = password_hash($password, PASSWORD_DEFAULT);  

echo $hash; 
// OUTPUT 

$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu 

$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u 

$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW

一个密码可以由多个哈希表示。 当使用password_verify()使用不同的密码哈希值验证密码时，该密码将被接受为有效密码。

$password = '1234';  

$hash = '$2y$10$ADxKiJW/Jn2DZNwpigWZ1ePwQ4il7V0ZB4iPeKj11n.iaDtLrC8bu';  
var_dump( password_verify($password, $hash) );  

$hash = '$2y$10$H8jRnHDOMsHFMEZdT4Mk4uI4DCW7/YRKjfdcmV3MiA/WdzEvou71u';  
var_dump( password_verify($password, $hash) );  

$hash = '$2y$10$qhyfIT25jpR63vCGvRbEoewACQZXQJ5glttlb01DmR4ota4L25jaW';  
var_dump( password_verify($password, $hash) );

// OUTPUT 

boolean true 

boolean true 

boolean true

---

---

加密函数通过使用加密密钥将文本转换为无意义的密文，反之亦然。

来源:https://en.wikipedia.org/wiki/Encryption

---

PHP加密

让我们深入研究一些处理加密的PHP代码。

- Mcrypt扩展-

加密:

$cipher = MCRYPT_RIJNDAEL_128;
$key = 'A_KEY';
$data = 'My age is 29';
$mode = MCRYPT_MODE_ECB;

$encryptedData = mcrypt_encrypt($cipher, $key , $data , $mode);
var_dump($encryptedData);

//OUTPUT:
string '„Ùòyªq³¿ì¼üÀpå' (length=16)

解密:

$decryptedData = mcrypt_decrypt($cipher, $key , $encryptedData, $mode);
$decryptedData = rtrim($decryptedData, "\0\4"); // Remove the nulls and EOTs at the END
var_dump($decryptedData);

//OUTPUT:
string 'My age is 29' (length=12)

——OpenSSL扩展——

Mcrypt扩展在7.1中被弃用。并在PHP 7.2中删除。 应该在php 7中使用OpenSSL扩展。请看下面的代码片段:

$key = 'A_KEY';
$data = 'My age is 29';

// ENCRYPT
$encryptedData = openssl_encrypt($data , 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($encryptedData);

// DECRYPT    
$decryptedData = openssl_decrypt($encryptedData, 'AES-128-CBC', $key, 0, 'IV_init_vector01');
var_dump($decryptedData);

//OUTPUT
string '4RJ8+18YkEd7Xk+tAMLz5Q==' (length=24)
string 'My age is 29' (length=12)

Cryptography deals with numbers and strings. Basically every digital thing in the entire universe are numbers. When I say numbers, its 0 & 1. You know what they are, binary. The images you see on screen, the music that you listen through your earphone, everything are binaries. But our ears and eyes will not understand binaries right? Only brain could understand that, and even if it could understand binaries, it can’t enjoy binaries. So we convert the binaries to human understandable formats such as mp3,jpg,etc. Let’s term the process as Encoding. It’s two way process and can be easily decoded back to its original form.

哈希

哈希是另一种加密技术，数据一旦转换为其他形式就永远无法恢复。用门外汉的话说，没有所谓去哈希的过程。有许多哈希函数来完成这项工作，如sha-512, md5等。

如果原始值不能恢复，那么我们在哪里使用它?密码!当你为你的手机或电脑设置密码时，你的密码哈希会被创建并存储在一个安全的地方。当您下次尝试登录时，输入的字符串再次使用相同的算法(哈希函数)进行散列，输出与存储的值匹配。如果相同，则登录。否则你就会被赶出去。

Credits: wikimedia By applying hash to the password, we can ensure that an attacker will never get our password even if he steal the stored password file. The attacker will have the hash of the password. He can probably find a list of most commonly used passwords and apply sha-512 to each of it and compare it with the value in his hand. It is called the dictionary attack. But how long would he do this? If your password is random enough, do you think this method of cracking would work? All the passwords in the databases of Facebook, Google and Amazon are hashed, or at least they are supposed to be hashed.

然后是加密

加密介于哈希和编码之间。编码是一个双向过程，不应该用来提供安全性。加密也是一个双向过程，但是当且仅当知道加密密钥时才能检索原始数据。如果您不知道加密是如何工作的，不要担心，我们将在这里讨论基础知识。这就足以理解SSL的基础知识了。因此，有两种类型的加密，即对称加密和非对称加密。

对称密钥加密

I am trying to keep things as simple as I could. So, let’s understand the symmetric encryption by means of a shift algorithm. This algorithm is used to encrypt alphabets by shifting the letters to either left or right. Let’s take a string CRYPTO and consider a number +3. Then, the encrypted format of CRYPTO will be FUBSWR. That means each letter is shifted to right by 3 places. Here, the word CRYPTO is called Plaintext, the output FUBSWR is called the Ciphertext, the value +3 is called the Encryption key (symmetric key) and the whole process is a cipher. This is one of the oldest and basic symmetric key encryption algorithm and its first usage was reported during the time of Julius Caesar. So, it was named after him and it is the famous Caesar Cipher. Anyone who knows the encryption key and can apply the reverse of Caesar’s algorithm and retrieve the original Plaintext. Hence it is called a Symmetric Encryption.

非对称密钥加密

We know that, in Symmetric encryption same key is used for both encryption and decryption. Once that key is stolen, all the data is gone. That’s a huge risk and we need more complex technique. In 1976, Whitfield Diffie and Martin Hellman first published the concept of Asymmetric encryption and the algorithm was known as Diffie–Hellman key exchange. Then in 1978, Ron Rivest, Adi Shamir and Leonard Adleman of MIT published the RSA algorithm. These can be considered as the foundation of Asymmetric cryptography.

As compared to Symmetric encryption, in Asymmetric encryption, there will be two keys instead of one. One is called the Public key, and the other one is the Private key. Theoretically, during initiation we can generate the Public-Private key pair to our machine. Private key should be kept in a safe place and it should never be shared with anyone. Public key, as the name indicates, can be shared with anyone who wish to send encrypted text to you. Now, those who have your public key can encrypt the secret data with it. If the key pair were generated using RSA algorithm, then they should use the same algorithm while encrypting the data. Usually the algorithm will be specified in the public key. The encrypted data can only be decrypted with the private key which is owned by you.

来源:SSL/TLS for dummies第1部分:加密套件，哈希，加密| WST (https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/)