“咸化”时,SHA512哈希提供不正确的(?)结果
[英]SHA512 hashing gives incorrect (?) results when “salted”
问题描述
I want to implement SHA512 hashing using a salt. 
我想使用盐实现SHA512哈希。 I started here , leading to this mcve: 我从这里开始,导致此mcve:
import java.security.MessageDigest;
import org.junit.Test;
public class Sha512Mcve {
private final String ENCODING = "ISO-8859-1";
@Test
public void test() {
System.out.println(computeHashFor("whatever"));
}
private String computeHashFor(String toHash) {
String salt = "salt";
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-512");
// md.update(salt.getBytes(ENCODING));
byte[] bytes = md.digest(toHash.getBytes(ENCODING));
return toUnixRepresentation(salt, bytes);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private String toUnixRepresentation(String salt, byte[] bytes) {
StringBuilder sb = new StringBuilder();
sb.append("$6$");
sb.append(salt);
sb.append("$");
for (int i = 0; i < bytes.length; i++) {
int c = bytes[i] & 0xFF;
if (c < 16) sb.append("0");
sb.append(Integer.toHexString(c));
}
return sb.toString();
}
}
Thing is: when I leave the line md.update() commented out, this code gives me the exact same results as some online hash generators (like this one ). 事情是:当我离开的线md.update()注释掉,这个代码给了我同样的结果如一些在线哈希生成器 (像这样的一个 )。
For example, hashing the word "whatever" gives a hash value ae3d....63a. 例如,对单词“ whatever”进行哈希处理将得出哈希值ae3d .... 63a。
But when I run my code with that salt operation; 但是,当我使用该salt操作运行代码时; I get different results (again compared against that online tool, which allows to set a salt string, too). 我得到了不同的结果(再次与该在线工具相比,该工具也可以设置盐串)。
My implementation results in 413...623; 我的执行结果为413 ... 623; the online tool says F25...686. 在线工具显示F25 ... 686。
Any explanation in which way "salting" leads to "implementation specific" results? 有什么解释以何种方式“盐化”导致“特定于实现”的结果?
Is there something I should do differently in my code? 我的代码中应该做些不同的事情吗?
1 个解决方案
解决方案1
3 已采纳 2017-01-19 15:01:53
Salt before or after? 盐之前或之后?
What the calculator does when you set the salt option 设置盐选项时计算器的作用
whateversalt
What you are doing in your code 您在代码中正在做什么
saltwhatever
resutls from the calculator 来自计算器的结果
whateversalt whateversalt
F2527142C752B05467EE53B44735397F5B4C870DF0F154A0CF3AC23B31CF42EE7E1002D326B57DF60ED4B7449CF101290BDC0BECCB677AAAD846CFBE140DF686
saltwhatever saltwhatever
41333B9BAFC14CB3D1106D72A5D461F348B9EA1304A82989E00E5FC2D3239339492FCA12ED5EBF5F6802955C95B5F7ADA4CA035A911C2F29ABE905C3923CF623
Therefore to match the calculation you just have to reverse the order and add the salt last 因此,为了匹配计算,您只需要颠倒顺序并最后添加盐
md.update(toHash.getBytes(ENCODING));
byte[] bytes = md.digest(salt.getBytes(ENCODING));
Or even 甚至
md.update(toHash.getBytes(ENCODING));
md.update(salt.getBytes(ENCODING));
byte[] bytes = md.digest();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.