相似的密码是否具有相似的哈希值?
我们工作中的计算机系统要求用户每隔几周更改一次密码,并且您不能使用与以前相同的密码。它会记住您最近使用的 20 个密码。我发现大多数人只是在密码末尾添加一个数字,因此“thisismypassword1”变成“thisismypassword2”,然后是 3、4、5 等。
由于所有这些密码都存储在某个地方,我想知道哈希值是否存在任何弱点本身,用于存储密码的标准散列算法,例如 MD5。如果黑客拥有相似密码的哈希值列表,他们是否会增加暴力破解密码的机会?
Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc.
Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(10)
相似的密码是否具有相似的哈希值?
不。
任何相似性,即使是复杂的相关性,都将被视为哈希值的弱点。一旦被加密社区发现,它就会被发布,并且在散列中发现的足够多的弱点最终会建议不要再使用该散列。
当然,无法知道哈希值是否具有未发现的弱点,或者攻击者已知但未公开的弱点,在这种情况下,攻击者很可能是资金雄厚的政府组织。美国国家安全局当然拥有对某些加密组件的非公开理论攻击,但这些攻击是否可用是另一回事。 GCHQ 可能是。我猜其他一些国家也有秘密的加密项目,有足够的数学家来完成原创工作:我的第一个猜测是中国。您所能做的就是根据最佳可用信息采取行动。如果最佳可用信息表明哈希值“对加密有好处”,那么意味着的事情之一就是没有这种可用的相似性。
最后,一些系统使用弱哈希值作为密码——要么是由于实施者的无知,要么是遗留问题。对于哈希方案的属性,所有的赌注都已经结束,要么没有经过公众审查,要么已经经过审查并发现不足,要么已经足够老以至于最终发现了重大缺陷。 MD5 出于某些目的而被破坏(因为存在产生冲突的实用方法),但并非出于所有目的。 AFAIK 这样做是可以的,因为没有实际的原像攻击,并且拥有少量相关明文的哈希值并不比拥有少量不相关明文的哈希值更好。但出于不相关的原因,无论如何,您都不应该真正使用任何哈希的单个应用程序来存储密码,您应该使用多轮。
如果黑客拥有类似密码的哈希值列表,他们会增加暴力破解密码的机会吗?
间接地,是的,因为知道这些是您的旧密码。不是因为哈希值的任何属性,而是假设攻击者设法(非常缓慢地)使用这些旧哈希值暴力破解您的一个或多个旧密码,并看到过去它是“thisismypassword3”和“thisismypassword4” 。
您的密码已更改为“thisismypassword5”。干得好,通过在攻击者破解之前更改它,您已成功确保攻击者无法恢复有价值的密码!胜利!但这对您没有任何好处,因为攻击者无论如何都有办法使用旧密码快速猜出新密码。
即使攻击者只有一个旧密码,因此无法轻易发现趋势,密码破解者也会通过尝试与字典单词和其他值相似的密码来工作。为了稍微简化一点,它会首先尝试字典单词,然后是由添加、删除或更改了一个额外字符的单词组成的字符串,然后是包含两个更改的字符串,依此类推。
通过将旧密码包含在“其他值”中,攻击者可以确保在破解过程的早期检查与其非常相似的字符串。因此,如果您的新密码与旧密码相似,那么拥有旧的哈希值对攻击者来说确实有一定的价值 - 反转其中任何一个都可以为他提供破解您当前密码的良好种子。
因此,定期增加密码并不会增加太多。将您的密码更改为可以从旧密码中猜出的密码,将使攻击者处于与他们一无所知的情况相同的境地,但您的密码却可以从一无所知中猜出。
目前对密码系统的主要实际攻击是窃听(通过键盘记录器和其他恶意软件)和网络钓鱼。尝试反转密码散列并不是一个好的百分比攻击,尽管如果攻击者以某种方式掌握了 /etc/passwd 文件或等效文件,他们将在普通系统上以这种方式破解一些弱密码。
Do similar passwords have similar hashes?
No.
Any similarity, even a complex correlation, would be considered a weakness in the hash. Once discovered by the crypto community it would be published, and enough discovered weaknesses in the hash eventually add up to advice not to use that hash any more.
Of course there's no way to know whether a hash has undiscovered weaknesses, or weaknesses known to an attacker but not published, in which case most likely the attacker is a well-funded government organization. The NSA certainly is in possession of non-public theoretical attacks on some crypto components, but whether those attacks are usable is another matter. GCHQ probably is. I'd guess that a few other countries have secret crypto programs with enough mathematicians to have done original work: China would be my first guess. All you can do is act on the best available information. And if the best available information says that a hash is "good for crypto", then one of the things that means is no usable similarities of this kind.
Finally, some systems use weak hashes for passwords -- either due to ignorance by the implementer or legacy. All bets are off for the properties of a hashing scheme that either hasn't had public review, or else has been reviewed and found wanting, or else is old enough that significant weaknesses have eventually been found. MD5 is broken for some purposes (since there exist practical means to generate collisions) but not for all purposes. AFAIK it's OK for this, in the sense that there is no practical pre-image attack, and having a handful of hashes of related plaintexts is no better than having a handful of hashes of unrelated plaintexts. But for unrelated reasons you shouldn't really use a single application of any hash for password storage anyway, you should use multiple rounds.
Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?
Indirectly, yes, knowing that those are your old passwords. Not because of any property of the hash, but suppose the attacker manages to (very slowly) brute-force one or more of your old passwords using those old hashes, and sees that in the past it has been "thisismypassword3" and "thisismypassword4".
Your password has since changed, to "thisismypassword5". Well done, by changing it before the attacker cracked it, you have successfully ensured that the attacker did not recover a valuable password! Victory! Except it does you no good, since the attacker has the means to guess the new one quickly anyway using the old password(s).
Even if the attacker only has one old password, and therefore cannot easily spot a trend, password crackers work by trying passwords which are similar to dictionary words and other values. To over-simplify a bit, it will try the dictionary words first, then strings consisting of a word with one extra character added, removed or changed, then strings with two changes, and so on.
By including your old password in the "other values", the attacker can ensure that strings very similar to it are checked early in the cracking process. So if your new password is similar to old ones, then having the old hashes does have some value to the attacker - reversing any one of them gives him a good seed to crack your current password.
So, incrementing your password regularly doesn't add much. Changing your password to something that's guessable from the old password puts your attacker in the same position as they'd be in if they knew nothing at all, but your password was guessable from nothing at all.
The main practical attacks on password systems these days are eavesdropping (via keyloggers and other malware) and phishing. Trying to reverse password hashes isn't a good percentage attack, although if an attacker has somehow got hold of an /etc/passwd file or equivalent, they will break some weak passwords that way on the average system.
通过良好的哈希算法,相似的密码将分布在哈希中。因此相似的密码会有非常不同的哈希值。
您可以使用 MD5 和不同的字符串尝试此操作。
With a good hash algorithm, similar passwords will get distributed across the hashes. So similar passwords will have very different hashes.
You can try this with MD5 and different strings.
这取决于哈希算法。如果有什么好处的话,相似的密码不应该有相似的哈希值。
It depends on the hashing algorithm. If it is any good, similar passwords should not have similar hashes.
加密哈希的全部要点是相似的密码绝对不会创建相似的哈希。
更重要的是,您很可能会对密码加盐,这样即使相同的密码也不会产生相同的哈希值。
The whole point of a cryptographic hash is that similar passwords would absolutely not create similar hashes.
More importantly, you would most likely salt the password so that even the same passwords do not produce the same hash.
这取决于所使用的哈希算法。好的模型会将相似的输入分配给不同的输出。
It depends on the hash algorithm used. A good one will distribute similiar inputs to disparate outputs.
不同的输入可能会产生相同的哈希值,这就是所谓的哈希冲突。
检查此处:
http://en.wikipedia.org/wiki/Collision_%28computer_science%29
哈希冲突可用于增加暴力攻击成功的机会,请参阅:
http:// /en.wikipedia.org/wiki/Birthday_attack
Different Inputs may result in the same Hash this is what is called a hash collision.
Check here:
http://en.wikipedia.org/wiki/Collision_%28computer_science%29
Hash colisions may be used to increase chances of a successfull brute force attack, see:
http://en.wikipedia.org/wiki/Birthday_attack
为了扩展其他人所说的内容,快速测试表明,只要对输入进行微小的更改,您就会得到截然不同的哈希值。
我使用以下代码运行快速测试:
并得到以下结果:
To expand on what others have said, a quick test shows that you get vastly different hashes with small changes made to the input.
I used the following code to run a quick test:
and I got the following results:
简短的回答,不!
即使增加一个字符,哈希函数的输出也会有很大变化。
但这仅适用于您想破坏哈希函数本身的情况。
当然,这是不好的做法,因为它使暴力破解变得更容易。
Short answer, no!
The output of a hash function varies greatly even if one character is increased.
But this is only if you want to break the hashfunction itself.
Of course, it is bad practice since it makes bruteforcing easier.
不,如果你稍微检查一下密码,它就会产生全新的哈希值。
No, if you check the password even slightly it produces completely new hash.
作为一般规则,“好的哈希”不会将两个相似(但不相等)的字符串哈希为相似的哈希。 MD5 足够好,这不是问题。然而,对于相当多的常见密码(对于某些密码哈希,例如传统的基于 DES 的 unix 密码),存在完整的彩虹表。
As a general rule, a "good hash" will not hash two similar (but unequal) strings to similar hashes. MD5 is good enough that this isn't a problem. However, there are "rainbow tables" (essentially password:hash pairs) for quite a few common passwords (and for some password hashes, the traditional DES-based unix passwords, for example) full rainbow tables exist.