最好的通用摘要函数?

发布于 2024-07-14 00:53:23 字数 657 浏览 9 评论 0原文

在 2009 年编写一个普通的新应用程序时,就安全性和性能而言,最合理的摘要函数是什么? (随着条件的变化,我如何在将来确定这一点?)

类似 问题< /a> 之前询问,答案包括 SHA1、SHA2、SHA-256、SHA-512、MD5、bCrypt 和 Blowfish。

我意识到,在很大程度上,如果明智地使用,其中任何一种都可以发挥作用,但我不想掷骰子随机选择一个。 谢谢。

When writing an average new app in 2009, what's the most reasonable digest function to use, in terms of security and performance? (And how can I determine this in the future, as conditions change?)

When similar questions were asked previously, answers have included SHA1, SHA2, SHA-256, SHA-512, MD5, bCrypt, and Blowfish.

I realize that to a great extent, any one of these could work, if used intelligently, but I'd rather not roll a dice and pick one randomly. Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

煮茶煮酒煮时光 2024-07-21 00:53:23

我会遵循 NIST/FIPS 指南

2006 年 3 月 15 日:SHA-2 系列
哈希函数(即 SHA-224、
SHA-256、SHA-384 和 SHA-512)可能是
联邦机构用于所有
使用安全哈希的应用程序
算法。 联邦机构应
停止使用 SHA-1 进行数字化
签名、数字时间戳和
其他需要的应用程序
抗碰撞性尽快
实用,并且必须使用SHA-2
这些的哈希函数族
2010年之后的申请。2010年之后,
联邦机构只能使用 SHA-1
适用于以下应用:
基于哈希的消息认证
代码(HMAC); 密钥派生
函数(KDF); 和随机数
发生器(RNG)。 无论用途如何,
NIST 鼓励申请并
协议设计者使用 SHA-2
所有新的哈希函数系列
应用程序和协议。

I'd follow NIST/FIPS guidelines:

March 15, 2006: The SHA-2 family of
hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be
used by Federal agencies for all
applications using secure hash
algorithms. Federal agencies should
stop using SHA-1 for digital
signatures, digital time stamping and
other applications that require
collision resistance as soon as
practical, and must use the SHA-2
family of hash functions for these
applications after 2010. After 2010,
Federal agencies may use SHA-1 only
for the following applications:
hash-based message authentication
codes (HMACs); key derivation
functions (KDFs); and random number
generators (RNGs). Regardless of use,
NIST encourages application and
protocol designers to use the SHA-2
family of hash functions for all new
applications and protocols.

画骨成沙 2024-07-21 00:53:23

你说“摘要功能”; 据推测,这意味着您想用它来计算“长”消息的摘要(而不仅仅是散列“短”“消息”,如密码)。 这意味着 bCrypt 和类似的选择已经被淘汰; 它们的设计速度很慢,可以抑制对密码数据库的暴力攻击。 MD5 已完全失效,而 SHA-0 和 SHA-1 则过于弱化,不是好的选择。 Blowfish 是一种流密码(尽管您可以在生成摘要的模式下运行它),因此它也不是一个好的选择。

这就留下了几个哈希函数系列,包括 SHA-2、HAVAL、RIPEMD、WHIRLPOOL 等。 其中,SHA-2 系列是密码分析最彻底的,因此我建议一般使用它。 对于典型应用,我建议使用 SHA2-256 或 SHA2-512,因为这两种大小是最常见的,并且将来可能会受到 SHA-3 的支持。

You say "digest function"; presumably that means you want to use it to compute digests of "long" messages (not just hashing "short" "messages" like passwords). That means bCrypt and similar choices are out; they're designed to be slow to inhibit brute-force attacks on password databases. MD5 is completely broken, and SHA-0 and SHA-1 are too weakened to be good choices. Blowfish is a stream cipher (though you can run it in a mode that produces digests), so it's not such a good choice either.

That leaves several families of hash functions, including SHA-2, HAVAL, RIPEMD, WHIRLPOOL, and others. Of these, the SHA-2 family is the most thoroughly cryptanalyzed, and so it would be my recommendation for general use. I would recommend either SHA2-256 or SHA2-512 for typical applications, since those two sizes are the most common and likely to be supported in the future by SHA-3.

我纯我任性 2024-07-21 00:53:23

这实际上取决于你需要它做什么。

如果您需要实际的安全性,而轻松发现冲突的能力会损害您的系统,我会使用 SHA-256 或 SHA-512 之类的东西,因为它们受到各个机构的大力推荐。

如果您需要快速的东西,并且可以用来唯一地标识某些东西,但没有实际的安全要求(即,如果攻击者发现碰撞,他们将无法做任何令人讨厌的事情),那么我会使用MD5之类的东西。

从通过生日攻击方法发现碰撞的意义上来说,MD4、MD5 和 SHA-1 已被证明比预期更容易被破解。 RIPEMD-160 很受好评,但只有 160 位,生日攻击只需要 2^80 次操作,因此它不会永远持续下去。 Whirlpool 具有出色的特性,并且看起来是同类产品中最强的,尽管它没有 SHA-256 或 SHA-512 那样的支持 - 从某种意义上说,如果 SHA-256 或 SHA-512 出现问题,您就可以更有可能通过适当的渠道了解此事。

It really depends on what you need it for.

If you are in need of actual security, where the ability to find a collision easily would compromise your system, I would use something like SHA-256 or SHA-512 as they come heavily recommended by various agencies.

If you are in need of something that is fast, and can be used to uniquely identify something, but there are no actual security requirements (ie, an attacker wouldn't be able to do anything nasty if they found a collision) then I would use something like MD5.

MD4, MD5, and SHA-1 have been shown to be more easily breakable, in the sense of finding a collision via a birthday attack method, than expected. RIPEMD-160 is well regarded, but at only 160 bits a birthday attack needs only 2^80 operations, so it won't last forever. Whirlpool has excellent characteristics and appears the strongest of the lot, though it doesn't have the same backing as SHA-256 or SHA-512 does - in the sense that if there was a problem with SHA-256 or SHA-512 you'd be more likely to find out about it via proper channels.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文