sha1-哈希算法
什么是哈希函数? (What's a hash function?)
A hash function takes an input value (for instance, a string) and returns a fixed-length value. An ideal hash function has the following properties:
哈希函数采用输入值(例如字符串)并返回固定长度的值。 理想的哈希函数具有以下属性:
it is very fast
- it can return an enormous range of hash values 它可以返回范围广泛的哈希值
- it generates a unique hash for every unique input (no collisions) 它为每个唯一输入生成唯一哈希(无冲突)
- it generates dissimilar hash values for similar input values 它为相似的输入值生成不同的哈希值
generated hash values have no discernable pattern in their distribution
生成的哈希值在其分布中没有可辨别的模式
No ideal hash function exists, of course, but each aims to operate as close to the ideal as possible. Given that (most) hash functions return fixed-length values and the range of values is therefore constrained, that constraint can practically be ignored. The number of possible values that can be returned by a a 256-bit hash function, for instance, is roughly the same as the number of atoms in the universe.
当然,不存在理想的哈希函数,但是每个哈希函数都旨在尽可能接近理想值。 鉴于(大多数)哈希函数返回固定长度的值,因此值的范围受到限制,该约束实际上可以忽略。 例如,一个256位哈希函数可以返回的可能值的数量与Universe中的原子数量大致相同。
Ideally, a hash function returns practically no collisions – that is to say, no two different inputs generate the same hash value. This is particularly import for cryptographic hash functions: hash collisions are considered a vulnerability.
理想情况下,哈希函数实际上不返回任何冲突-也就是说,没有两个不同的输入会生成相同的哈希值。 这对于加密散列函数尤其重要:散列冲突被视为漏洞 。
Finally, a hash function should generate unpredictably different hash values for any input value. For example, take the following two very similar sentences:
最后,哈希函数应为任何输入值生成意外的不同哈希值。 例如,采用以下两个非常相似的句子:
1. "The quick brown fox."
2. "The quick brown fax."We can compare the MD5 hash values generated from each of the two sentences:
1. 2e87284d245c2aae1c74fa4c50a74c77
2. c17b6e9b160cda0cf583e89ec7b7fc22Two very dissimilar hashes were generated for two similar sentences, which is a property useful both for validation and cryptography. This is a corollary of distribution: the hash values of all inputs should be spread evenly and unpredictably across the whole range of possible hash values.
为两个相似的句子生成了两个非常不同的散列,这是一个对于验证和加密都有用的属性。 这是分布的必然结果:所有输入的哈希值应在可能的哈希值的整个范围内均匀且不可预测地分布。
常用哈希函数 (Common hash functions)
There are several hash functions that are widely used. All were designed by mathematicians and computer scientists. Over the course of further research, some have been shown to have weaknesses, though all are considered good enough for noncryptographic applications.
有几种哈希函数被广泛使用。 所有这些都是由数学家和计算机科学家设计的。 在进一步的研究过程中,已显示出一些缺点,尽管对非加密应用程序来说,所有缺点都足够好。
MD5 (MD5)
The MD5 hash function produces a 128-bit hash value. It was designed for use in cryptography, but vulnerabilities were discovered over the course of time, so it is no longer recommended for that purpose. However, it is still used for database partitioning and computing checksums to validate files transfers.
MD5哈希函数产生一个128位哈希值。 它被设计用于密码学,但是随着时间的推移发现了漏洞,因此不再建议为此目的使用它。 但是,它仍用于数据库分区和计算校验和以验证文件传输。
SHA-1 (SHA-1)
SHA stands for Secure Hash Algorithm. The first version of the algorithm was SHA-1, and was later followed by SHA-2 (see below).
SHA代表安全哈希算法。 该算法的第一个版本是SHA-1,随后是SHA-2(请参见下文)。
Whereas MD5 produces a 128-bit hash, SHA1 generates 160-bit hash (20 bytes). In hexadecimal format, it is an integer 40 digits long. Like MD5, it was designed for cryptology applications, but was soon found to have vulnerabilities also. As of today, it is no longer considered to be any less resistant to attack than MD5.
MD5生成128位哈希,而SHA1生成160位哈希(20字节)。 十六进制格式为40位整数。 与MD5一样,它是为密码学应用程序设计的,但很快也发现它也存在漏洞。 到今天为止,它不再被认为比MD5具有更低的抵抗攻击能力。
SHA-2 (SHA-2)
The second version of SHA, called SHA-2, has many variants. Probably the one most commonly used is SHA-256, which the National Institute of Standards and Technology (NIST) recommends using instead of MD5 or SHA-1.
SHA的第二个版本称为SHA-2,具有许多变体。 可能最常用的一种是SHA-256,美国国家标准技术研究院(NIST)建议使用它代替MD5或SHA-1。
The SHA-256 algorithm returns hash value of 256-bits, or 64 hexadecimal digits. While not quite perfect, current research indicates it is considerably more secure than either MD5 or SHA-1.
SHA-256算法返回256位或64个十六进制数字的哈希值。 尽管还不够完善,但目前的研究表明,它比MD5或SHA-1安全得多。
Performance-wise, a SHA-256 hash is about 20-30% slower to calculate than either MD5 or SHA-1 hashes.
在性能方面,SHA-256哈希比MD5或SHA-1哈希的计算速度慢20-30%。
SHA-3 (SHA-3)
This hash method was developed in late 2015, and has not seen widespread use yet. Its algorithm is unrelated to the one used by its predecessor, SHA-2.
该哈希方法于2015年末开发,至今尚未得到广泛使用。 它的算法与其前身SHA-2使用的算法无关。
The SHA3-256 algorithm is a variant with equivalent applicability to that of the earlier SHA-256, with the former taking slightly longer to calculate than the later.
SHA3-256算法是一种变体,具有与较早版本的SHA-256等效的适用性,前者的计算时间比后者稍长。
使用哈希值进行验证 (Using Hash Values for Validation)
A typical use of hash functions is to perform validation checks. One frequent usage is the validation of compressed collections of files, such as .zip or .tar archive files.
哈希函数的典型用法是执行验证检查。 一种常见用法是验证文件压缩集合,例如.zip或.tar存档文件。
Given an archive and its expected hash value (commonly referred to as a checksum), you can perform your own hash calculation to validate that the archive you received is complete and uncorrupted.
给定一个存档及其预期的哈希值(通常称为校验和 ),您可以执行自己的哈希计算以验证您收到的存档是否完整且未损坏。
For instance, I can generate an MD5 checksum for a tar file in Unix using the following piped commands:
例如,我可以使用以下管道命令为Unix中的tar文件生成MD5校验和:
tar cf - files | tee tarfile.tar | md5sum -To get the MD5 hash for a file in Windows, use the Get-FileHash PowerShell command:
要在Windows中获取文件的MD5哈希,请使用Get-FileHash PowerShell命令:
Get-FileHash tarfile.tar -Algorithm MD5The generated checksum can be posted on the download site, next to the archive download link. The receiver, once they have downloaded the archive, can validate that it came across correctly by running the following command:
可以将生成的校验和发布在存档下载链接旁边的下载站点上。 接收者一旦下载了档案,就可以通过运行以下命令来验证档案是否正确传输:
echo '2e87284d245c2aae1c74fa4c50a74c77 tarfile.tar' | md5sum -cwhere 2e87284d245c2aae1c74fa4c50a74c77 is the generated checksum that was posted. Successful execution of the above command will generate an OK status like this:
其中2e87284d245c2aae1c74fa4c50a74c77是过帐的生成的校验和。 成功执行以上命令将生成一个OK状态,如下所示:
echo '2e87284d245c2aae1c74fa4c50a74c77 tarfile.tar' | md5sum -ctarfile.tar: OKsha1-哈希算法
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
