混淆、散列和加密之间有什么区别?

发布于 2024-07-07 11:25:11 字数 156 浏览 10 评论 0原文

混淆、散列和加密之间有什么区别?

我的理解是:

  • 哈希是一种单向算法; 无法逆转
  • 混淆与加密类似,但不需要任何“秘密”即可理解(ROT13 就是一个例子)
  • 加密是可逆的,但需要“秘密”才能做到这一点

What is the difference between Obfuscation, Hashing, and Encryption?

Here is my understanding:

  • Hashing is a one-way algorithm; cannot be reversed
  • Obfuscation is similar to encryption but doesn't require any "secret" to understand (ROT13 is one example)
  • Encryption is reversible but a "secret" is required to do so

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(11

雨巷深深 2024-07-14 11:25:11

散列是一种基于较大数据块创建半唯一密钥的技术。 在给定的哈希中,您最终会发生“冲突”(例如,两个不同的数据计算出相同的哈希值),并且当发生这种情况时,您通常会创建更大的哈希键大小。

混淆通常涉及尝试删除有用的线索(即有意义的变量/函数名称),删除空格以使内容难以阅读,并且通常以令人费解的方式做事以使跟踪正在发生的事情变得困难。 它不像“真正的”加密那样提供严格的安全级别。

加密可以遵循多种模型,其中一种是“秘密”方法,称为私钥加密,其中双方都有一个秘密密钥。 公钥加密使用共享单向密钥进行加密,并使用私有接收者密钥进行解密。 使用公钥,只有接收者需要知道秘密。

Hashing is a technique of creating semi-unique keys based on larger pieces of data. In a given hash you will eventually have "collisions" (e.g. two different pieces of data calculating to the same hash value) and when you do, you typically create a larger hash key size.

obfuscation generally involves trying to remove helpful clues (i.e. meaningful variable/function names), removing whitespace to make things hard to read, and generally doing things in convoluted ways to make following what's going on difficult. It provides no serious level of security like "true" encryption would.

Encryption can follow several models, one of which is the "secret" method, called private key encryption where both parties have a secret key. Public key encryption uses a shared one-way key to encrypt and a private recipient key to decrypt. With public key, only the recipient needs to have the secret.

趁年轻赶紧闹 2024-07-14 11:25:11

这是一个高层次的解释。 我将尝试改进它们:

哈希 - 在完美的世界中,它是一个随机的预言。 对于相同的输入 X,您总是收到相同的输出 Y,即与 X 没有任何关系。这在数学上是不可能的(或至少未经证明是可能的)。 我们得到的最接近的是陷门函数。 H(X) = Y 对于 H-1(Y) = X 来说很难做到,你最好尝试暴力破解 Z 使得 H(Z) = Y

混淆(我认为) - 任何函数 f,这样 f(a) = b 你依赖 f 是秘密的。 F 可能是哈希函数,但“混淆”部分意味着通过模糊性实现安全性。 如果您以前从未见过 ROT13,那么它就是混淆

加密 - Ek(X) = Y,Dl(Y) = X,其中 E 是每个人都知道的。 k和l是密钥,它们可以相同(对称时,它们是相同的)。 Y是密文,X是明文。

That's a high level explanation. I'll try to refine them:

Hashing - in a perfect world, it's a random oracle. For the same input X, you always recieve the same output Y, that is in NO WAY related to X. This is mathematically impossible (or at least unproven to be possible). The closest we get is trapdoor functions. H(X) = Y for with H-1(Y) = X is so difficult to do you're better off trying to brute force a Z such that H(Z) = Y

Obfuscation (my opinion) - Any function f, such that f(a) = b where you rely on f being secret. F may be a hash function, but the "obfuscation" part implies security through obscurity. If you never saw ROT13 before, it'd be obfuscation

Encryption - Ek(X) = Y, Dl(Y) = X where E is known to everyone. k and l are keys, they may be the same (in symmetric, they are the same). Y is the ciphertext, X is the plaintext.

最美的太阳 2024-07-14 11:25:11

哈希是一种单向算法,用于将输入与引用进行比较,而不会影响引用。

它通常在登录中用于比较密码如果您使用信用卡购物,您还可以在收据上找到它。 在那里,您会发现您的信用卡号码,其中隐藏了一些号码,这​​样您就可以以很高的概率证明您的卡被用来购买这些东西,而其他人在您的垃圾中搜索则无法证明找到您的卡号。

一个非常简单的哈希值是“字符串的前 3 个字母”。
这意味着“abcdefg”的哈希值将是“abc”。 这个函数显然不能逆转,这就是哈希的全部目的。 但是,请注意“abcxyz”将具有完全相同的哈希值,这称为冲突。 再说一次:哈希仅以一定的概率证明两个比较值相同

另一个非常幼稚和简单的散列是数字的 5 模,在这里您将看到 6,11,16 等都将具有相同的散列: 1.

现代散列算法旨在将冲突次数保持为尽可能低,但永远无法完全避免。 经验法则是:哈希值越长,冲突就越少。

A hash is a one way algorithm used to compare an input with a reference without compromising the reference.

It is commonly used in logins to compare passwords and you can also find it on your reciepe if you shop using credit-card. There you will find your credit-card-number with some numbers hidden, this way you can prove with high propability that your card was used to buy the stuff while someone searching through your garbage won't be able to find the number of your card.

A very naive and simple hash is "The first 3 letters of a string".
That means the hash of "abcdefg" will be "abc". This function can obviously not be reversed which is the entire purpose of a hash. However, note that "abcxyz" will have exactly the same hash, this is called a collision. So again: a hash only proves with a certain propability that the two compared values are the same.

Another very naive and simple hash is the 5-modulus of a number, here you will see that 6,11,16 etc.. will all have the same hash: 1.

Modern hash-algorithms are designed to keep the number of collisions as low as possible but they can never be completly avoided. A rule of thumb is: the longer your hash is, the less collisions it has.

过潦 2024-07-14 11:25:11

密码学中的混淆是指在对输入数据进行散列或加密之前对输入数据进行编码。

这使得暴力攻击变得不太可行,因为确定正确的明文变得更加困难。

Obfuscation in cryptography is encoding the input data before it is hashed or encrypted.

This makes brute force attacks less feasible, as it gets harder to determine the correct cleartext.

蓝眼泪 2024-07-14 11:25:11

这是一个不错的高级描述。 以下是一些额外的注意事项:

散列通常会将大量数据减少到更小的大小。 例如,这对于验证文件的内容非常有用,而无需比较两个副本。

加密涉及存储一些秘密数据,而秘密数据的安全性取决于保持单独的“密钥”免受坏人的侵害。

混淆是在没有单独密钥(或使用固定密钥)的情况下隐藏一些信息。 在这种情况下,对方法保密就是保证数据安全的方法。

由此,您可以了解哈希算法如何用于数字签名和内容验证、如何使用加密来保护文件和网络连接,以及为什么将混淆用于数字版权管理。

That's not a bad high-level description. Here are some additional considerations:

Hashing typically reduces a large amount of data to a much smaller size. This is useful for verifying the contents of a file without having to have two copies to compare, for example.

Encryption involves storing some secret data, and the security of the secret data depends on keeping a separate "key" safe from the bad guys.

Obfuscation is hiding some information without a separate key (or with a fixed key). In this case, keeping the method a secret is how you keep the data safe.

From this, you can see how a hash algorithm might be useful for digital signatures and content validation, how encryption is used to secure your files and network connections, and why obfuscation is used for Digital Rights Management.

小鸟爱天空丶 2024-07-14 11:25:11

我一直都是这么看的。

  • 哈希值是从
    另一种是使用一套算法。 根据所使用的算法,这可能是一种方式,也可能不是。

  • 混淆就是创造一些东西
    通过符号更难阅读
    替换。

  • 加密类似于散列,只不过该值取决于您为算法提供的另一个值。

This is how I've always looked at it.

  • Hashing is deriving a value from
    another, using a set algorithm. Depending on the algo used, this may be one way, may not be.

  • Obfuscating is making something
    harder to read by symbol
    replacement.

  • Encryption is like hashing, except the value is dependent on another value you provide the algorithm.

南城旧梦 2024-07-14 11:25:11

简短的回答:

散列 - 在某些数据上创建检查字段(以检测数据何时被修改)。 这是一种单向函数,无法从哈希中推导出原始数据。 典型的标准是 SHA-1、SHA256 等。

混淆 - 修改您的数据/代码以迷惑其他人(没有真正的保护)。 这可能会也可能不会丢失一些原始数据。 这方面没有真正的标准。

加密 - 使用密钥来转换数据,以便只有拥有正确密钥的人才能理解它。 加密后的数据可以被解密得到原始数据。 典型的标准有 DES、TDES、AES、RSA 等。

A brief answer:

Hashing - creating a check field on some data (to detect when data is modified). This is a one way function and the original data cannot be derived from the hash. Typical standards for this are SHA-1, SHA256 etc.

Obfuscation - modify your data/code to confuse anyone else (no real protection). This may or may not loose some of the original data. There are no real standards for this.

Encryption - using a key to transform data so that only those with the correct key can understand it. The encrypted data can be decrypted to obtain the original data. Typical standards are DES, TDES, AES, RSA etc.

吻泪 2024-07-14 11:25:11

一切都很好,除了混淆与加密并不真正相似——有时它甚至不涉及像 ROT13 这样简单的密码。

All fine, except obfuscation is not really similar to encryption - sometimes it doesn't even involve ciphers as simple as ROT13.

暖伴 2024-07-14 11:25:11
  • 哈希是一种从另一个值创建一个值的单向任务。 该算法应尝试创建一个尽可能短且尽可能唯一的值。

  • 混淆是指在不改变语义的情况下使某些内容变得不可读。 它涉及值转换、删除空格等。某些形式的混淆也可以是单向的,因此不可能获得起始值

  • 加密是双向的,并且总是有一些解密以相反的方式进行。

所以,是的,你基本上是正确的。

  • Hashing is one-way task of creating one value from another. The algorithm should try to create a value that is as short and as unique as possible.

  • obfuscation is making something unreadable without changing semantics. It involves value transformation, removing whitespace, etc. Some forms of obfuscation can also be one-way,so it's impossible to get the starting value

  • encryption is two-way, and there's always some decryption working the other way around.

So, yes, you are mostly correct.

欲拥i 2024-07-14 11:25:11

混淆是隐藏或使某些内容更难以理解。

散列获取输入,通过函数运行它,并生成可以作为输入引用的输出。 它不一定是唯一的,函数可以为不同的输入生成相同的输出。

加密以独特的方式将输入转换为输出。 存在一对一的相关性,因此不会出现潜在的数据丢失或混乱 - 输出始终可以毫无歧义地转换回输入。

Obfuscation is hiding or making something harder to understand.

Hashing takes an input, runs it through a function, and generates an output that can be a reference to the input. It is not necessarily unique, a function can generate the same output for different inputs.

Encryption transforms the input into an output in a unique manner. There is a one-to-one correlation so there is no potential loss of data or confusion - the output can always be transformed back to the input with no ambiguity.

皇甫轩 2024-07-14 11:25:11

混淆只是通过引入技术来迷惑某人,使某些事情变得更难理解。 代码混淆器通常通过重命名事物来删除变量或方法名称中任何有意义的内容来实现此目的。 它与加密不同,无需解密即可使用任何内容。

通常,散列和加密之间的区别在于,散列通常仅采用公式将数据转换为另一种形式,而加密则使用需要密钥来加密/解密的公式。 例如,base 64 编码是一种哈希算法,其中 md5 是一种加密算法。 任何人都可以解散 Base64 编码的数据,但如果没有密钥则无法解加密 md5 加密的数据。

Obfuscation is merely making something harder to understand by intruducing techniques to confuse someone. Code obfuscators usually do this by renaming things to remove anything meaningful from variable or method names. It's not similar to encryption in that nothing has to be decrypted to be used.

Typically, the difference between hashing and encryption is that hashing generally just employs a formula to translate the data into another form where encryption uses a formula requiring key(s) to encrypt/decrypt. Examples would be base 64 encoding being a hash algorithm where md5 being an encryption algorithm. Anyone can unhash base64 encoded data, but you can't unencrypt md5 encrypted data without a key.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文