C 语言中 crypt() 的作用是什么?
crypt(text,"k7")
我查了一下,显然“k7”是盐,但我不知道这意味着什么,也不知道它会产生什么类型的输出,有人知道吗?
crypt(text,"k7")
I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
来自 crypt 手册页。
From the crypt Man page.
所有其他答案都是正确的,但到目前为止没有人解释为什么有盐。
维基百科有一个关于 盐 和 彩虹表,这是我们有盐的主要原因。
如果没有 salt,crypt 基本上只是一个单向哈希函数。 它将接受密码并返回该密码的哈希版本。 Rainbow 表提供了一种优化方法来克服此哈希的“单向”性质,并撤销原始密码。
如果您设法获得散列密码(通过某些数据库利用,或访问
/etc/passwd
或/etc/shadow
文件),理论上您可以了解很多人们的密码。盐为混合物添加了额外的“随机”因素。 您需要创建一个随机盐并将其存储在某个地方(使用密码可以,但分开更好)。 现在一组彩虹表还不够,你突然需要 65,536 组这样的表(在两字节 salt 的情况下)。 盐也可以与密码分开保存,从而增加了额外的障碍。
Salt 还有助于防止具有相同密码的用户看起来具有相同的密码; 盐通常是随机选择的,如果盐不同,则散列密码将显着不同。
我还将指出此博客条目解释了一些 密码基础知识,我发现它非常有用。
All the other answers are correct, but so far no one has explained why the salt is there.
Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.
Without salt, crypt is basically just a one-way hashing function. It would take in a password and return a hashed version of that password.
Rainbow
tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.If you manage to get the hashed passwords ( via some database exploit, or access to the
/etc/passwd
or/etc/shadow
file ), you could theoretically know a lot of people's passwords.A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is OK, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.
Salt also help prevent users with the same passwords looks like have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.
I'll also point out this blog entry explaining some password basics, which I found very informative.
正如 Randolpho 指出的那样,这是一种文本的单向哈希过程。
crypt() 的标准用途是存储密码。 显然,将密码存储为明文是非常不明智的。 相反,crypt() 用于生成密码的哈希值。 当您输入密码时,将应用 crypt(),然后比较两个哈希值。
本质上, crypt() 的功能是将文本翻译成一些新的文本,从这些新文本中永远无法恢复原始文本,但为两个不同的密钥生成相同哈希的概率很低。
As Randolpho points out, it's a one-way hashing process for text.
The standard use for crypt() is in storing passwords. Obviously, storing the password as plaintext would be very ill advised. Instead, crypt() is used to generate a hash of the password. When you type in your password, crypt() is applied to that, and then the two hashes are compared.
Essentially, the function of crypt() is to translate the text into some new text, from which the original can never be recovered, but which has a low probability of generating the same hash for two different keys.
C 手册 - Crypt
C Manual - Crypt
Wikipedia FTW
底线:它是单向哈希
text< /代码>
Wikipedia FTW
Bottom line: it one-way hashes
text