从我的密码哈希函数中可以提取什么信息? 它是可逆的吗?
[英]What info can be extracted from my password hashing function? Is it reversible?
问题描述
With the following switch case method 
使用以下switch case方法
switch ($crypt_type) {
case "MD5": $crypted_pass = md5($password); break;
case "SHA1": $crypted_pass = sha1($password); break;
case "DESMD5":
//jpap
// $salt = substr($crypt_type, 0, 11);
$salt = substr($p_password, 0, 11);
//jpap
$crypted_pass = crypt($password, $salt);
break;
case "CRYPT":
//jpap
// $salt = substr($crypt_type, 0, 2);
$salt = substr($p_password, 0, 2);
//jpap
$crypted_pass = crypt($password, $salt);
break;
default:
$crypted_pass = sha1($password); break;
}
this is the hashed password it was produced 这是产生的哈希密码
$1$lwnY.pgz$rm4Bwn0XmK7k4QawHi8Cz0
What info can be extracted by this? 可以从中提取什么信息? Is it safe? 安全吗?
2 个解决方案
解决方案1
1 已采纳 2011-09-13 11:58:38
Hash function cannot be reversed which is why they are ideal for storing password. 哈希函数不能反转,这就是为什么它们非常适合存储密码。 For explanation why is that so, check out this SO Question how-come-md5-hash-values-are-not-reversible and see the accepted answer 为了解释为什么会这样,请查看此SO问题how-come-md5-hash-values-not-reversible并查看接受的答案
解决方案2
0 2011-09-13 11:59:32
The original password cannot be extracted from this, that's by definition. 原始密码无法从中提取出来,这是根据定义。 From the provided string, I can deduct that $CRYPT_TYPE is crypt and the used algorithm is md5 with salt 1wnY.pgz . 从提供的字符串中,我可以$CRYPT_TYPE出$CRYPT_TYPE是crypt,使用的算法是md5,盐为1wnY.pgz 。 You should not use a part of the password as salt for crypt as this is visible in the result. 你不应该使用密码作为盐的一部分crypt ,因为这是在结果可见。
It is safe in the sense that the original value cannot be calculated from the hash. 从某种意义上说,无法从哈希值计算出原始值是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.