Unit 3: Cryptography 3.1 Cryptography Hashing

>> Hashing has to do with integrity.

>>哈希与完整性有关。

Integrity that messages that are sent are the messages that are received.

发送的消息就是接收的消息的完整性。

Hashing makes sure no bits have been changed either accidentally or maliciously in transit.

哈希确保在传输过程中没有意外或恶意地更改任何位。

Hashing algorithms have a few characteristics.

哈希算法有几个特点。

Variable let input, fixed let output.

变量输入，固定输出。

You could feed the Declaration of Independence into a hashing algorithm or just your name.

您可以将独立声明输入哈希算法或只输入您的名字。

In each case you'll wind up with the same sized output hash.

在每种情况下，输出散列的大小都是相同的。

Also called a message digest.

也称为消息摘要。

If one bit in the input changes, the resulted hash is completely different.

如果输入中的一位发生了变化，那么产生的散列将完全不同。

You can't go back.

你不能回去。

Let's say you take a banana, some strawberries, milk, vanilla syrup and more.

假设你拿了一根香蕉，一些草莓，牛奶，香草糖浆等等。

And put it in a blender.

把它放进搅拌机。

While enjoying your smoothie, you think to yourself.

当你在享受冰沙的时候，你会对自己说。

I wish I could have that banana back.

我希望我能把香蕉拿回来。

Sorry.

 You can't get the banana back.

你拿不回香蕉。

You might know the process of taking a banana out of a smoothie and reconstructing it.

你可能知道从冰沙中取出香蕉并重新制作它的过程。

But it doesn't mean that could be done.

但这并不意味着可以做到。

Quick think of two number that's multiply together to get 100.

快速想一下两个数相乘得到100。

25 times 4, 50 times 2.

25乘以4 50乘以2。

20 times 5, 10 times 10.

20乘以5 10乘以10。

Well I was actually thinking of 100 times 1.

实际上我想的是100乘以1。

You don't know what two numbers I picked and subsequently through away.

你不知道我选了哪两个数字，然后又拿走了。

Hashing involves doing some calculations and throwing away the inputs.

哈希涉及到做一些计算和丢弃输入。

Doing some more math, throwing away more inputs.

做更多的数学运算，扔掉更多的输入。

In the same process.

同样的过程。

Hashes are called one-way functions because it's not feasible
to try all possible combinations in a realistic amount of time.

散列被称为单向函数，因为在实际的时间内尝试所有可能的组合是不可行的。

To go back the other way.

从另一个方向回去。

While it might be easy to go through all numbers that multiply together to get 100.

虽然把所有的数相乘得到100可能很简单。

When multiple rounds are used and one output is at the end how can you go back?
Triangle all possible combinations.

当多个回合被使用，一个输出在最后，你怎么能回去?

三角形是所有可能的组合。

Let's say I multiplied that 100 by 9.

假设100乘以9。

Now we've got 800.

现在我们有800个。

And now you have two rounds of inputs to get back to the original factors of 100.

现在你有两轮输入来得到100的原始因数。

Besides I'm only using multiplication.

而且我只用乘法。

Hashing algorithms of course are much more mathematically intensive.

哈希算法在数学上更加密集。

If you've ever downloaded a file from the internet.

如果你曾经从网上下载过文件。

You might have seen its hash next to the link you clicked.

您可能在单击的链接旁边看到了它的散列。

If you run your downloaded file through the same hashing algorithm
and get the same message digest.

如果您通过相同的散列算法运行下载的文件并获得相同的消息摘要。

You know that you got the file intact.

你知道文件完好无损。

And that no bits were changed accidentally or maliciously in transit.

而且在传输过程中没有意外或恶意改变比特。

>> Hashing is also used to protect the confidentiality of pass word data bases
from both system administrators with prying eyes and hackers who steal password data bases.

>>哈希还用于保护密码数据库的机密性，防止系统管理员窥探和黑客窃取密码数据库。

Passwords should always be stored in hashed format.

密码应该总是以散列格式存储。

This means someone who looks at or steals a password data base will see the password hashing
instead of the plain text passwords.

这意味着查看或窃取密码数据库的人将看到密码散列，而不是纯文本密码。

>> When you log into a local machine or a remote machine you enter your password.

>>当您登录到本地机器或远程机器时，您输入您的密码。

Which is subsequently hashed.

然后哈希。

And compared to the stored hash on the authenticating system.

并与身份验证系统上存储的散列进行比较。

The same thing happens when you enter your pin at ATM.

当你在ATM机上输入密码时，同样的事情也会发生。

Recent data breeches have brought to light the fact
that some entities were storing passwords and plain text.

最近的数据漏洞暴露了一些实体存储密码和纯文本的事实。

A security 101 no no.

安全101，不，不。

>> Yes storing the hashes provides confidentiality of the passwords.

>> Yes存储散列提供密码的保密性。

Compared to storing the plain text versions.

与存储纯文本版本相比。

Yes, hashes are the out puts of one-way function and can't be reversed
into their original plain text versions.

是的，散列是单向函数的输出，并且不能返回到原始的纯文本版本中。

However, stolen password hashes can be attacked
to derive the plain text passwords by multiple methods.

但是，可以通过多种方法攻击被盗密码散列来获得纯文本密码。

Including a brute force attack.

包括蛮力攻击。

A dictionary attacks.

字典攻击。

And an attack involving a rainbow table.

和彩虹桌的攻击。

We'll explore these methods in a future course.

我们将在以后的课程中探讨这些方法。

We'll also explore assault which defeats attacks using precome posted dictionaries
and rainbow tables.

我们还将探索使用预先发布的字典和彩虹表击败攻击的攻击。

>> The weakness of a hashing algorithm or when a hashing algorithm should be retired
and when it becomes easy to find multiple inputs that produce the same output message digest.

一个哈希算法的弱点，或者当一个哈希算法应该退役时，以及当很容易找到多个产生相同输出消息摘要的输入时。

This has been the case for both md5 and more recently SHA-1.

md5和最近的SHA-1都是如此。

>> Current hashing standards.

>>现行哈希标准。

SHA-2s, SHA-256 and SHA-512 and even SHA-3 variants are not appropriate for passwords
because they're too quick for hackers attempting brute force attacks
with today's graphics processing units.

SHA-2s、SHA-256、SHA-512甚至SHA-3变种都不适合密码，因为它们对于试图使用当今图形处理单元进行强力攻击的黑客来说速度太快了。（这里的太快是黑客用特别定制的集成电路把GPU显卡阵列化（几十张显卡），特别定制电路（比如手机攻击中的猫池，一个电路插了很多的手机卡进来））   MD5和SHA-1应该属于淘汰的东西。

Application specific integrated circuits and field programmable gate arrays.

应用特定的集成电路和现场可编程门阵列。

PBKDF2.
 Bcrypt and Scrypt which use SHA functions as part of their algorithms as well
as new comer Argon2 should be the only functions used for hashing passwords
because this key stretching functions are significantly slower with tens
or hundreds of thousands additional rounds.

PBKDF2。

Bcrypt和Scrypt将SHA函数作为其算法的一部分，以及新的comer Argon2函数应该是唯一用于哈希密码的函数，因为这个键拉伸函数的速度要慢得多，需要额外的数万或数十万次循环。

The longer calculation time wouldn't be noticed by a user logging in but will be great
for reducing the rate of brute force attacks.

计算时间越长，用户登录时就不会注意到，但这对于降低蛮力攻击的速度非常有用。

转载于:https://www.cnblogs.com/sec875/articles/10321320.html