C 语言中 crypt() 的作用是什么?

发布于 2024-07-29 01:59:59 字数 99 浏览 8 评论 0原文

crypt(text,"k7")

我查了一下,显然“k7”是盐,但我不知道这意味着什么,也不知道它会产生什么类型的输出,有人知道吗?

crypt(text,"k7")

I looked it up and apparently 'k7' is the salt, but I have no idea what that means nor what type of output will come from that, anyone know?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

只是偏爱你 2024-08-05 01:59:59

来自 crypt 手册页

描述

crypt()是密码加密
功能。 它是基于数据
加密标准算法
预期的变化(除其他外)
物)阻止使用硬件
关键搜索的实现。

key 是用户输入的密码。

salt 是选择的两个字符的字符串
来自集合 [a-zA-Z0-9./]。 这
字符串用于以 4096 种不同方式之一扰乱算法。

From the crypt Man page.

Description

crypt() is the password encryption
function. It is based on the Data
Encryption Standard algorithm with
variations intended (among other
things) to discourage use of hardware
implementations of a key search.

key is a user's typed password.

salt is a two-character string chosen
from the set [a-zA-Z0-9./]. This
string is used to perturb the algorithm in one of 4096 different ways.

深海夜未眠 2024-08-05 01:59:59

所有其他答案都是正确的,但到目前为止没有人解释为什么有盐。

维基百科有一个关于 彩虹表,这是我们有盐的主要原因。

如果没有 salt,crypt 基本上只是一个单向哈希函数。 它将接受密码并返回该密码的哈希版本。 Rainbow 表提供了一种优化方法来克服此哈希的“单向”性质,并撤销原始密码。

如果您设法获得散列密码(通过某些数据库利用,或访问 /etc/passwd/etc/shadow 文件),理论上您可以了解很多人们的密码。

盐为混合物添加了额外的“随机”因素。 您需要创建一个随机盐并将其存储在某个地方(使用密码可以,但分开更好)。 现在一组彩虹表还不够,你突然需要 65,536 组这样的表(在两字节 salt 的情况下)。 盐也可以与密码分开保存,从而增加了额外的障碍。

Salt 还有助于防止具有相同密码的用户看起来具有相同的密码; 盐通常是随机选择的,如果盐不同,则散列密码将显着不同。

我还将指出此博客条目解释了一些 密码基础知识,我发现它非常有用。

All the other answers are correct, but so far no one has explained why the salt is there.

Wikipedia has a good page on salts and Rainbow Tables, which are the main reason why we have salts.

Without salt, crypt is basically just a one-way hashing function. It would take in a password and return a hashed version of that password. Rainbow tables provide an optimized method for defeating the "one-way" nature of this hash, and backing out the original password.

If you manage to get the hashed passwords ( via some database exploit, or access to the /etc/passwd or /etc/shadow file ), you could theoretically know a lot of people's passwords.

A salt adds an extra "random" factor to the mix. You need to create a random salt and store that somewhere ( with the password is OK, but separate is better ). Now one set of rainbow tables isn't enough, you suddenly need 65,536 sets of such tables ( in the case of a two-byte salt ). The salt could also be kept separate from the password, adding an extra hurdle.

Salt also help prevent users with the same passwords looks like have the same password; the salt is usually randomly selected, and if the salts are different then the hashed passwords will be dramatically different.

I'll also point out this blog entry explaining some password basics, which I found very informative.

缱绻入梦 2024-08-05 01:59:59

正如 Randolpho 指出的那样,这是一种文本的单向哈希过程。

crypt() 的标准用途是存储密码。 显然,将密码存储为明文是非常不明智的。 相反,crypt() 用于生成密码的哈希值。 当您输入密码时,将应用 crypt(),然后比较两个哈希值。

本质上, crypt() 的功能是将文本翻译成一些新的文本,从这些新文本中永远无法恢复原始文本,但为两个不同的密钥生成相同哈希的概率很低。

As Randolpho points out, it's a one-way hashing process for text.

The standard use for crypt() is in storing passwords. Obviously, storing the password as plaintext would be very ill advised. Instead, crypt() is used to generate a hash of the password. When you type in your password, crypt() is applied to that, and then the two hashes are compared.

Essentially, the function of crypt() is to translate the text into some new text, from which the original can never be recovered, but which has a low probability of generating the same hash for two different keys.

爱格式化 2024-08-05 01:59:59

C 手册 - Crypt

crypt 函数采用字符串形式的密码、密钥和盐字符数组(如下所述),并返回一个以另一个盐开头的可打印 ASCII 字符串。 人们相信,给定函数的输出,找到将产生该输出的密钥的最佳方法是猜测密钥的值,直到找到密钥的原始值。

C Manual - Crypt

The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.

你是我的挚爱i 2024-08-05 01:59:59

Wikipedia FTW

底线:它是单向哈希 text< /代码>

Wikipedia FTW

Bottom line: it one-way hashes text

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文