我正在开发这个 PHP 项目,并且有很多地方使用了 md5。我什至已经使用过它很多次了,但直到今天我仍然不清楚这个功能是做什么的。我意识到它会解密传入的值,但是如何撤消它以使其恢复到原始值。也许我不清楚整个过程,如果有人有有关该过程的信息,我将非常感激
I am working on this PHP project and I have many places that an md5 is being used. I have even used it many times, but still today I am unclear on what the function is doing. I realize it decrypts the value passed in but what about undoing it to get it back to the original. Maybe i am not clear about the whole process and if anyone has information about the process I would highly appreciate it
发布评论
评论(7)
md5 是一种哈希函数
它只能以一种方式工作。
md5 is a hashing function
It only works one way.
MD5 是一种单向加密哈希。
它不会解密任何内容,而是会创建一个哈希码,您可以使用它与其他 MD5 哈希值进行比较。过去,如果两个哈希值匹配,您就可以确信这两个输入是相同的。最终发现了一些冲突,随后找到了故意制造冲突的方法(出于安全目的降低了 MD5 的值)。这是一个相当快的算法,所以它仍然有一些用处(检查大量数据传输过程中的损坏,以及您所在的其他地方可能提供其他形式的保护以防止真正的攻击)。
MD5 is a one way encryption hash.
It doesn't decrypt anything, rather it creates you a hash code that you can use to compare with other MD5 hashes. It used to be that if two hashes matched you could be confident that the two inputs were same. Several collisions were eventually found, followed by ways to create collisions intentionally (reducing the value of MD5 for security purposes). It's a fairly fast algorithm, so there can still be some use to it (checking for corruption during the transmission of large amounts of data, and other other places where you are may be providing other forms of protection against a true attack).
MD5 本身不是一种加密,而是一种生成校验和的算法。无论你传入什么数据,你都会得到一个固定长度的十六进制(只有0-9和AF)字符串。这个想法是,除了您传入的数据之外,任何其他数据都不太可能产生相同的 MD5 字符串。由于结果具有固定长度,而您的数据可以是任意长度,因此显然会有其他数据产生相同的 MD5 字符串,但同样,您不太可能找到它。
因此,没有办法真正“解密”MD5 字符串。您所做的是,从一些数据生成它,然后从其他一些数据生成它,并比较两个 MD5 字符串。如果它们相同,您就可以非常确定(尽管不是 100%)这两个输入数据是相同的。
MD5 is a not encryption per se, but rather an algorithm for generating checksums. Whatever data you pass in, you will get out a hexadecimal (only 0-9 and A-F) string of fixed length. The idea is that it's very unlikely that any other data than the one you passed in will result in the same MD5 string. As the result has a fixed length while your data can be any length there will obviously be other data that results in the same MD5 string, but once again, it's very unlikely that you'd find it.
Thus, there is no way to actually "decrypt" an MD5 string. What you do is, you generate it from some data, then generate it from some other data, and compare the two MD5 strings. If they are the same, you can be quite certain (although not 100%), that the two input data are identical.
MD5 不会解密任何内容。它被认为是一种单向哈希算法。对于给定的输入,它返回一个固定长度的字符串。此外,对于两个非常相似但不相同的给定输入,返回的 md5 值将不可预测。
散列对于很多事情都有好处,例如文件验证。虽然偏离主题,但如果您获取一个文件并计算它的哈希值,然后向某人发送一个文件和哈希值,他们可以通过自己对其进行哈希值然后断言其哈希值与提供的哈希值匹配来轻松验证他们收到的文件是否正确。
另一个例子是网站上的身份验证。对用户进行身份验证后,您启动一个会话,在该会话中存储 md5(用户名+时间),并在用户浏览器上存储 md5(用户名+时间)的 cookie,然后在后续页面请求中,您可以检查您的会话哈希与cookie 哈希来断言用户就是他们所说的人。对于此类情况,Md5 并不是一个好的哈希值,但一般来说,哈希值可以在此类情况下提供帮助。对于此应用程序,sha1 甚至 sha512 都是更好的哈希函数。
MD5 does not decrypt anything. It is considered a one-way hashing algorithm. For a given input it returns a fixed length string. Additionally, for two given inputs that are fairly similar but not identical the md5 value returned will not be predictable.
Hashing is good for a lot of things, for example file verification. Although off topic, if you took a file and computed a hash for it and then sent someone a file along with a hash they could easily verify they received the file correct by hashing it themselves and then asserting their hash matches the supplied hash.
Another example would be something such as authentication on a site. After you authenticate a user, you start a session and in that session you store md5(username+time) and also store a cookie on users browser of md5(username+time) then on subsequent page requests you could check your session hash matches the cookie hash to assert the user is who they say they are. Md5 is not a good hash for this type of thing but hashing in general can help in situations such as these. sha1 would be a better hashing function for this application or even sha512.
MD5 是一种加密哈希函数。加密哈希函数具有特殊的属性,它们根据输入生成结果,但几乎不可能恢复原始输入。这有点像“单向加密”。此外,通过加密哈希函数传递相同的数据,您应该始终得到相同的结果。
虽然它们不是加密的首选,因为它只是单向的,但它们在存储密码时非常有用。这是因为,正如我所说,相同的输入总是会产生相同的结果。这使得无需以纯文本形式存储密码,甚至无需存储可恢复版本的密码(例如加密密码)。相反,您只需根据密码生成哈希值并将其存储在数据库中。每当有人尝试登录时,您都会从数据库中检索哈希值,然后根据用户输入的密码生成新的哈希值并比较两者。
请注意,MD5 不是很安全,您应该尝试使用其他更安全的哈希函数,例如 SHA512:
有用链接:
MD5 is a cryptographic hash function. Cryptographic hash functions has the special property that they generate a result based on input, but it is almost impossible to recover the original input. It's kinda an "one-way encryption". Also, by passing the same data through a cryptographic hash function you should always get the same result.
While they are not preferred for encryption, since it's one-way only, but they are very useful when storing passwords. This is because, as I said, the same input would always have the same result. This makes storing the password in plain-text, or even recoverable version of it (such as encrypted passwords) unnecessary. Instead, you would just generate a hash from the password and store it in a database. Whenever someone would try to log in, you would retrieve the hash from the database, and then generate a new hash from the password entered by the user and compare the two.
Please note that MD5 is not very secure, you should try to use some other more secure hashing function instead, such as SHA512:
Useful links:
请参阅http://en.wikipedia.org/wiki/Hash_function。
哈希函数的强度取决于其反转的难度。
See http://en.wikipedia.org/wiki/Hash_function.
The strength of a hash function is dependent on its difficulty to reverse.
它使用 md5 算法生成输入数据的单向哈希
一些链接:
http://en。 wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Cryptographic_hash_function
It generates a one way hash of the input data, using the md5 algorithm
Some links:
http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Cryptographic_hash_function