本文介绍了这个散列对安全性有利吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 是否有任何优势 sha1(sha1(sha1($ password。$ salt))); 基本上有多个sha1节只有一个sha1 sha1($ password。$ salt); 解决方案请不要重复 首先, sha1(sha1(sha1(在每次迭代中,sha1($ input)))仅对副作用增加碰撞机会 。增加碰撞的可能性是一件非常糟糕的事情。 为了不用信任自己动手的密码学,为什么不信任实际专家在该领域制作的图书馆?使用便携式PHP密码哈希框架。 PHPass实际上使用 bcrypt ,这是一种旨在防止彩虹表,字典和暴力攻击的算法。你可以用几轮来初始化它:轮次越高,计算哈希所用的时间就越长。这样,如果处理能力增加,就可以创建更强大的哈希值。 第一次调用to sha1()接受无限输入并创建一个 2 输出。第二次迭代需要 2 输入,并从 x outputs,其中 x 。 为什么每次调用 sha1()都会减少可能的输出量?因为 sha1()后面的算法不是为散列的一对一匹配而设计的。从理论上讲,如果要散列每个可能的散列,你必然会发生冲突。 Is there any advantage to sha1(sha1(sha1($password. $salt)));Basically having multiple sha1 verses just one sha1sha1($password. $salt); 解决方案 Do not, I repeat, DO NOT attempt to make your password hash safer by doing "special" things do your hash.First of all, sha1(sha1(sha1($input))) only has for side effect to increase the chance of collision on each iteration. Increasing the chance of collisions is a very bad thing.Instead of trying your hand at do-it-yourself cryptology, why not trust libraries made by actual experts in the field? Use the Portable PHP password hashing framework.PHPass actually uses bcrypt, which is an algorithm designed to prevent rainbow table, dictionary and brute force attacks. You can initialize it with a number of rounds: the higher the rounds, the longer it takes to compute the hash. That way, you can create stronger hashes if processing power increases. The first call to sha1() takes infinite input and creates one out of 2 outputs. The second iteration takes 2 inputs and creates one out of x outputs, where x <= 2. The third iteration takes x input and creates one out of y outputs, where y <= x <= 2.Why does each call to sha1() reduces the amount of possible outputs? Because the algorithm behind sha1() was not designed for one-to-one matching of the hashes. Theoretically, you are bound to have collisions if you were to hash every possible hash. 这篇关于这个散列对安全性有利吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 10-27 22:36