cryptographic-hash-function

问题 Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1? 回答1: The security implications of HMAC are described in detail in the security section of the RFC. In a nutshell, a very strong attack indeed is required before the security of the HMAC is threatened; the existing collision attacks on SHA-1 certainly don't constitute such. HMAC is specifically designed to make attacks difficult, and ordinary collision attacks won't generally suffice: The security of the

问题 Why can't you just reverse the algorithm like you could reverse a math function? How is it possible to make an algorithm that isn't reversible? And if you use a rainbow table, what makes using a salt impossible to crack it? If you are making a rainbow table with brute force to generate it, then it invents each plaintext value possible (to a length), which would end up including the salt for each possible password and each possible salt (the salt and password/text would just come together as a

问题 The .NET framework ships with 6 different hashing algorithms: MD5: 16 bytes (Time to hash 500MB: 1462 ms) SHA-1: 20 bytes (1644 ms) SHA256: 32 bytes (5618 ms) SHA384: 48 bytes (3839 ms) SHA512: 64 bytes (3820 ms) RIPEMD: 20 bytes (7066 ms) Each of these functions performs differently; MD5 being the fastest and RIPEMD being the slowest. MD5 has the advantage that it fits in the built-in Guid type; and it is the basis of the type 3 UUID. SHA-1 hash is the basis of type 5 UUID. Which makes them

问题 The .NET framework ships with 6 different hashing algorithms: MD5: 16 bytes (Time to hash 500MB: 1462 ms) SHA-1: 20 bytes (1644 ms) SHA256: 32 bytes (5618 ms) SHA384: 48 bytes (3839 ms) SHA512: 64 bytes (3820 ms) RIPEMD: 20 bytes (7066 ms) Each of these functions performs differently; MD5 being the fastest and RIPEMD being the slowest. MD5 has the advantage that it fits in the built-in Guid type; and it is the basis of the type 3 UUID. SHA-1 hash is the basis of type 5 UUID. Which makes them

问题 How to hash some string with sha256 in Java ? Does anybody know any free library for this ? 回答1: SHA-256 isn't an "encoding" - it's a one-way hash. You'd basically convert the string into bytes (e.g. using text.getBytes(StandardCharsets.UTF_8) ) and then hash the bytes. Note that the result of the hash would also be arbitrary binary data, and if you want to represent that in a string, you should use base64 or hex... don't try to use the String(byte[], String) constructor. e.g. MessageDigest

问题 Just now I'm working in a financial project. Here, the team is thinking to use MD5 for password hashing . But, today is easy copy a SHA1 or MD5 password to decrypt, inclusive if they are complex password like: My$uper$ecur3PAS$word+448 , you might use a online page to decrypt it and there is it. Small and mid-range developers (including me) uses those hashing methods , but I think is not enough to provide security over the database. (Excluding firewalls , network security , iptables , etc.).

问题 I am trying to replace a openssl code to CNG winapi code. Below is the barebone openssl code which i have. const char *generator = ""; // 256 character hex string const char *prime = ""; // 256 character hex string dh = DH_new(); // Initialize dh's generator and prime BN_hex2bn(&(dh->g), generator); BN_hex2bn(&(dh->p), prime); // Generate public and private keys DH_generate_key(dh); // Extract server's public key from init_msg's 'key' BIGNUM *server_pub_key = BN_new(); BN_hex2bn(&server_pub

问题 I'm trying to run the md5 source code on my linux machine. I got the code from here: https://tools.ietf.org/html/rfc1321. At the bottom of the link, it claims that the output of the MD5 test suite should be the following: MD5 test suite: MD5 ("") = d41d8cd98f00b204e9800998ecf8427e MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661 MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72 MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0 MD5 ("abcdefghijklmnopqrstuvwxyz") =

问题 (I am not a native speaker and might not be correct in terms of terminology. Sorry about that.) I am transmitting data via radio between AVR microcontrollers for personal use and would like for clients to demonstrate the authenticity of transmitted data in that it originates from one of the authorized clients. This means I am not requiring non-repudiation and would be able to pre-define a shared key. I have done some research on different approaches and found that I need some assistance on

问题 I keep on reading on SO that MD5 is broken, bust, obsolete and never to be used. That angers me. The fact is that collision attacks on MD5 are now fairly easy. Some people have collision attacks down to an art and can even us use them to predict elections. I find most of the examples MD5 "brokeness" less interesting. Even the famous CA certificate hack was a collision attack meaning that its provable that the party generated the GOOD and EVIL certificates at same time. This means that if the