In C# how we can use SHA1 automatically?
Is SHA1 better than MD5?(We use hashing for user name and password and need speed for authentication)
在c#中,如何自动使用SHA1 ?SHA1比MD5好吗?(我们对用户名和密码使用散列,验证需要速度)
35
Not sure what you mean by automatically, but you should really use SHA256
and higher. Also always use a Salt (code) with your hashes. A side note, after time has passed, using hardened hashes is far better than using a plain speed-based hashing function. I.e.: hashing over a few hundred iterations, or using already proven hashing functions such as bcrypt
(which is mentioned below I believe). A code sample for using a SHA256 hash function in .NET is as follows:
不知道你所说的自动的意思是什么,但是你应该使用SHA256或者更高的。还要在散列中使用Salt(代码)。在经过一段时间后,使用经过硬化的散列比使用基于速度的普通散列函数要好得多。即。:对数百次迭代进行哈希,或者使用已经经过验证的哈希函数,如bcrypt(我相信下面会提到)。在。net中使用SHA256散列函数的代码示例如下:
byte[] data = new byte[DATA_SIZE];
byte[] result;
using(SHA256 shaM = new SHA256Managed()) {
result = shaM.ComputeHash(data);
}
Will do the trick for you using SHA256 and is found at MSDN.
在MSDN上可以找到使用SHA256的方法。
Sidenote on the "cracking" of SHA1: Putting the cracking of SHA-1 in perspective
SHA1的“裂解”的Sidenote: put the crack of SHA-1 in perspective
29
SHA1 is stronger than MD5 so if you have the choice it would be better to use it. Here's an example:
SHA1比MD5更强大,所以如果你有选择的话,最好使用它。这里有一个例子:
public static string CalculateSHA1(string text, Encoding enc)
{
byte[] buffer = enc.GetBytes(text);
SHA1CryptoServiceProvider cryptoTransformSHA1 = new SHA1CryptoServiceProvider();
return BitConverter.ToString(cryptoTransformSHA1.ComputeHash(buffer)).Replace("-", "");
}
11
Both are too fast to be used, directly at least. Use Key Strengthening to "slow down" the password hashing procedure. Speed is the unfortunately the enemy to password security.
两者都太快了,不能直接使用,至少不能直接使用。使用密钥增强来“减缓”密码哈希过程。不幸的是,速度是密码安全的敌人。
How slow is slow enough? Slowing down a password hash from ~microseconds to ~hundreds of milliseconds will not adversely affect the perceived performance of your application... but will make cracking passwords literally a hundred thousand times slower.
慢到够慢吗?将密码散列从~微秒减慢到~数百毫秒不会对应用程序的性能产生负面影响……但是会使破解密码的速度慢10万倍。
View this article for details: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
查看这篇文章的详细信息:http://chargen.matasano.com/chargen/2007/9/7/enough-_- the- you-need-to-know- what-you-need-to-know- html。
The problem is that MD5 is fast. So are its modern competitors, like SHA1 and SHA256. Speed is a design goal of a modern secure hash, because hashes are a building block of almost every cryptosystem, and usually get demand-executed on a per-packet or per-message basis.
问题是MD5速度很快。它的现代竞争者也是如此,比如SHA1和SHA256。速度是现代安全哈希的设计目标,因为哈希是几乎所有加密系统的构建块,通常在每个包或每个消息的基础上执行需求。
Speed is exactly what you don’t want in a password hash function.
速度正是密码哈希函数中不需要的。
... snip ...
…剪断…
The password attack game is scored in time taken to crack password X. With rainbow tables, that time depends on how big your table needs to be and how fast you can search it. With incremental crackers, the time depends on how fast you can make the password hash function run.
密码攻击游戏在破解密码x的时间里得到了及时的得分。在彩虹表中,这个时间取决于你的桌子需要多大,以及你能多快的搜索它。对于增量破解者,时间取决于密码哈希函数运行的速度。
That said, use BCrypt. SCrypt was recently developed, but I doubt that any stable (or production ready) libraries exist for it yet. Theoretically, SCrypt claims to improve upon BCrypt. "Building your own" is not recommended, but iterating MD5 / SHA1 / SHA256 thousands of times ought to do the trick (ie: Key Strengthening).
也就是说,使用BCrypt。SCrypt是最近开发的,但是我怀疑是否存在任何稳定(或生产就绪)的库。从理论上讲,SCrypt要求改进BCrypt。“构建您自己的”是不推荐的,但是对MD5 / SHA1 / SHA256进行成千上万次的迭代应该可以达到这个目的(即:关键强化)。
And in case you don't know about them, be sure to read up on Rainbow Tables. Basic security stuff.
如果你不知道它们,一定要在彩虹表格上阅读。基本安全的东西。
10
From MSDN
从MSDN
byte[] data = new byte[DATA_SIZE];
byte[] result;
SHA1 sha = new SHA1CryptoServiceProvider();
// This is one implementation of the abstract class SHA1.
result = sha.ComputeHash(data);
1
use SHA1 or SHA2 The MD5 algorithm is problematic.
使用SHA1或SHA2, MD5算法有问题。
http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html http://msdn.microsoft.com/en-us/library/system.security.cryptography.md5%28v=vs.85%29.aspx
http://userpages.umbc.edu/ mabzug1 / cs / md5 / md5.html http://msdn.microsoft.com/en-us/library/system.security.cryptography.md5%28v=vs.85%29.aspx
1
I'd like use these things.
我想用这些东西。
MD5, SHA1/256/384/512 with an optional Encoding parameter.
MD5, SHA1/256/384/512,可选编码参数。
Othere HashAlgorithms.Thanks to Darin Dimitrov.
HashAlgorithms发难的场合。感谢季米特洛夫达林。
public static string MD5Of(string text)
{
return MD5Of(text, Encoding.Default);
}
public static string MD5Of(string text, Encoding enc)
{
return HashOf<MD5CryptoServiceProvider>(text, enc);
}
public static string SHA1Of(string text)
{
return SHA1Of(text, Encoding.Default);
}
public static string SHA1Of(string text, Encoding enc)
{
return HashOf<SHA1CryptoServiceProvider>(text, enc);
}
public static string SHA384Of(string text)
{
return SHA384Of(text, Encoding.Default);
}
public static string SHA384Of(string text, Encoding enc)
{
return HashOf<SHA384CryptoServiceProvider>(text, enc);
}
public static string SHA512Of(string text)
{
return SHA512Of(text, Encoding.Default);
}
public static string SHA512Of(string text, Encoding enc)
{
return HashOf<SHA512CryptoServiceProvider>(text, enc);
}
public static string SHA256Of(string text)
{
return SHA256Of(text, Encoding.Default);
}
public static string SHA256Of(string text, Encoding enc)
{
return HashOf<SHA256CryptoServiceProvider>(text, enc);
}
public static string HashOf<TP>(string text, Encoding enc)
where TP: HashAlgorithm, new()
{
var buffer = enc.GetBytes(text);
var provider = new TP();
return BitConverter.ToString(provider.ComputeHash(buffer)).Replace("-", "");
}
本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:http://www.silva-art.net/blog/2009/11/18/7df48cdcf49bc946910a263052c43ebe.html。