这种方法会使sha256难以破解吗?
[英]Will this method make sha256 harder to crack?
问题描述
Will this method make sha256 harder to crack? 
这种方法会使sha256难以破解吗?
public byte[] hash(String password) throws NoSuchAlgorithmException {
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] passBytes = password.getBytes();
byte[] passHash = sha256.digest(passBytes);
for (int i = 0; i < 10; i++) {
passHash = sha256.digest(passHash);
}
return passHash;
}
2 个解决方案
解决方案1
2 已采纳 2015-02-03 17:11:17
What you have there is called key stretching and it will make the SHA harder to crack. 你有什么称为键拉伸,它将使SHA更难破解。 The basic process is to slightly increase the work that the server does in order to massively increase the work that any attacker must do. 基本过程是略微增加服务器所做的工作,以便大规模增加任何攻击者必须完成的工作。
This is effective because the server is deriving the hash from a known plaintext input, while the attacker is making many many guesses at what the plaintext must be. 这是有效的,因为服务器从已知的明文输入中导出散列,而攻击者正在对明文必须进行许多猜测。 This means that the server stretches the key once while the attacker must do it many times. 这意味着服务器会将密钥拉伸一次,而攻击者必须多次执行此操作。
You can read more about this technique here . 您可以在此处阅读有关此技术的更多信息 Some hashing algorithms, such as bcrypt, are always assumed to involve multiple rounds like this. 一些哈希算法,例如bcrypt,总是被假定涉及这样的多轮。
解决方案2
1 2015-02-03 17:12:45
SHA-256 is an irreversible one-way cryptographic hash function. SHA-256是一种不可逆的单向加密哈希函数。 Applying that hash 10 times does not create any additional security, although it does make a typical rainbow attack more difficult (but using a Salt would have the same advantage). 应用该哈希10次不会产生任何额外的安全性,尽管它确实使得典型的彩虹攻击更加困难(但使用Salt将具有相同的优势)。 Your hashing mechanism has a fairly substantial disadvantage in that it takes 10 times as long to run. 您的散列机制具有相当大的缺点,因为它需要10倍的运行时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.