什么时候应该使用 SHA-1,什么时候应该使用 SHA-2?
在我的 C# 应用程序中,我使用 RSA 对文件进行签名,然后由上传者将其上传到我公司的数据库中,在这里我必须选择 SHA-1 或 SHA-2 来计算哈希值。
与编程中的任何其他组件一样,我知道它们两个必须有“在这里使用这个”和“在那里使用那个”。
那么,什么时候呢?那是什么时候?
编辑:
我的问题是:性能方面有什么区别?与安全无关,因为我已经知道 SHA-2 比 SHA-1 更安全。
在此 链接不同类型 SHA-2 之间的比较,注明何时使用 SHA-512 以及何时不使用。我需要关于 SHA-1 和 SHA-2 的类似论证。
In my c# application, I'm using RSA to sign files before being uploaded on the database of my company by the person who is uploading and here I have to choose SHA-1 or SHA-2 for computing the hash.
As any other component in programming, I know that there must be a "use this here" and "use that there" for the two of them.
So, When this? and when that?
EDIT:
My question is: What is the difference regarding performance? and not regarding security, as I already know that SHA-2 is more solid secure than SHA-1.
In this Link a comparison between different types of SHA-2 noting when to use SHA-512 and when not in the end. I need a similar argument about SHA-1 and SHA-2.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
使用 SHA-2。总是。 SHA-1 应保留用于由于与遗留代码的互操作性问题而无法使用 SHA-2 的情况。
在执行实际措施之前不存在性能问题。哈希函数速度很快。在大多数情况下,哈希函数性能的影响可以忽略不计;即使检测到它也可能很困难。安全第一。由于 SHA-1 中已发现弱点,因此使用它仍然需要一些强有力的理由。使用SHA-256不会受到质疑;这是“默认选择”。但如果你使用 SHA-1,就要准备好受到批评。
请注意,有四种函数称为“SHA-2”:SHA-224、SHA-256、SHA-384 和 SHA-512。 SHA-224 和 SHA-256 的功能相同,除了内部参数(“初始值”)和输出大小(SHA-224 输出大小为 28 字节,而 SHA-256 提供 32 字节);它们具有相同的性能特征。同样,SHA-384 和 SHA-512 在功能性能方面是相同的。 SHA-512 使用 64 位算术运算,在提供 64 位操作码的平台上比 SHA-256 更快;在 32 位平台上,SHA-256 会更快(注意:在具有本机代码的 32 位 x86 上,可以使用 SSE2 操作码及其 64 位计算能力,因此一些本机在 32 位模式下,SHA-512 的代码实现将比 SHA-256 更快;但是,据我所知,.NET 中的 SHA-512 实现是“托管代码”)。此外,所有 SHA-* 函数都具有一些基本粒度,因为它们按块处理数据:对于 SHA-256,块为 64 字节长,而 SHA-512 使用 128 字节块;当散列非常短的数据元素时,较高的 SHA-512 粒度相应地降低了其性能。最后,SHA-256(在 32 位平台上)可能会产生更小的代码(即在 CPU 上使用更少的 L1 缓存)。
因此,如有疑问,请使用 SHA-256。如果您计划使用 SHA-1 那么您应该怀疑。
如果您想将哈希函数用于非加密用途(即弱点对您来说不是问题),那么请考虑 MD4。
Use SHA-2. Always. SHA-1 shall be reserved to situations where SHA-2 cannot be used due to interoperability issues with legacy code.
There is no performance issue until actual measures have been performed. Hash functions are fast. In most situations, hash function performance has only negligible impact; even detecting it could prove difficult. Security comes first. Since weaknesses have been found in SHA-1, using it nonetheless requires some robust justification. Using SHA-256 will not be questioned; this is the "default choice". But if you use SHA-1, prepare to be criticized.
Note that there are four functions known as "SHA-2": SHA-224, SHA-256, SHA-384 and SHA-512. SHA-224 and SHA-256 are the same function, save for an internal parameter (the "initial value") and the output size (SHA-224 output size is 28 bytes, whereas SHA-256 offers 32 bytes); they have the same performance characteristics. Similarly, SHA-384 and SHA-512 are the same function performance-wise. SHA-512 uses 64-bit arithmetic operations and is faster than SHA-256 on platforms which offer 64-bit opcodes; on 32-bit platforms, SHA-256 will be faster (note: on 32-bit x86 with native code, it is possible to use the SSE2 opcodes and their 64-bit computing abilities, hence some native code implementations of SHA-512 will be faster than SHA-256 in 32-bit mode; the OpenSSL code does that; but, as far as I know, the SHA-512 implementation in .NET is "managed code"). Also, all the SHA-* functions have some basic granularity, because they process data by chunks: for SHA-256, chunks are 64-byte long, whereas SHA-512 uses 128-byte chunks; when hashing very short data elements, the higher SHA-512 granularity correspondingly lowers its performance. Finally, SHA-256 (on a 32-bit platform) is likely to yield smaller code (i.e. use less L1 cache on the CPU).
So, when in doubt, use SHA-256. If you plan on using SHA-1 then you should doubt.
If you want to use a hash function for a non-cryptographic usage (i.e. the weaknesses are not a problem for you) then, instead of SHA-1, consider MD4.
SHA-2 更强大,更适合数字签名等安全敏感应用程序。
当您需要更短的哈希值并且安全性不是问题(例如文件校验和)时,SHA-1 非常有用。
编辑:SHA-1 算法更快(比 256 位的 SHA-2 快 10 倍,比 512 位的 SHA-2 快 20 倍 - 至少在 .NET 实现中)。
然而,两者实际上都没有那么慢:从长远来看,您可以期望在现代计算机上用 SHA-2(256 位)在几毫秒内对 100KB 文件进行哈希处理(或者在几十毫秒内对 1MB 文件进行哈希处理) 。
SHA-2 is stronger and better suited to security-sensitive applications such as digital signing.
SHA-1 is good when you need a shorter hash and security is not an issue (e.g., file checksums).
Edit: SHA-1 algorithm is faster (up to 10 times faster than SHA-2 with 256 bits, and 20 times faster than SHA-2 with 512 bits - at least in the .NET implementation).
However, neither are really that slow: to put it in perspective, you can expect to hash a 100KB file with SHA-2 (256 bit) in a few milliseconds on a modern computer (or a 1MB file in a few tens of milliseconds).
实际上并不存在,这取决于所需的安全级别和/或偏执程度。我会为任何新应用程序使用 SHA256,但这需要足够大的 RSA 密钥来处理整个 SHA256 指纹作为有效负载。
There isn't really, it depends on the level of security and/or paranoia desired. I'd use SHA256 for any new application, however this comes with the requirement of sufficiently large RSA keys that can handle an entire SHA256 fingerprint as payload.
SHA2 是更新且更强的哈希算法。主要问题是接收者是否有能力处理 SHA2。如果收件人可以处理它,- 毫无疑问地使用 SHA2。
SHA2 is newer and stronger hashing algorithm. The main question is whether the recipient is capable of handling SHA2. If the recipient can handle it, - go with SHA2 without doubt.