这个问题在这里已有答案:
md5的冲突率是多少? [关闭] 2个答案这个问题不需要任何代码,它只是关于MD5哈希的一个概念性的事情。
我的应用管理用户社区。
我使用MD5哈希将任意长度的用户昵称减少为哈希值。 我希望每个缺口的MD5 都不同,因为这个MD5(nick)将成为每个用户的用户ID。
这总是如此吗? 我确定我错过了一些东西,从长远来看可能会发生碰撞(数百万用户=数百万不同长度的不同缺口)
This question already has an answer here:
What is the clash rate for md5? [closed] 2 answersThis question does not need any code, it's just a conceptual thing about MD5 hashing.
My app manages a community of users.
I use MD5 hashing to reduce a user nickname of arbitrary length to a hash. I expect the MD5 of every nick to be different, because this MD5(nick) will be kind of my user ID for every user.
Is this always true? I'm sure I'm missing something and there can be collisions in the long term (millions of users === millions of different nicks with different lengths)
最满意答案
随机数据(例如用户名)的MD5冲突非常罕见,您可能永远不会看到它们。 问题是MD5在抗冲突性方面已被打破,因此攻击者可以轻松生成一对具有相同哈希值的用户名,无论您的设计具有何种安全和/或功能含义。
在您的情况下生成短标识符的常用方法是简单地将每个用户名与帐户数据库中按顺序生成的数字相关联。 应用程序在内部使用该数字,仅在需要向用户显示内容时引用用户名。
MD5 collisions for random data (eg. usernames) are rare enough that you'd probably never see them. The problem is that MD5 has been broken with respect to collision resistance, so an attacker could easily generate a pair of usernames that have the same hash, with whatever security and/or functionality implications that would have for your design.
The usual way to generate a short identifier in your situation is to simply associate each username with a sequentially-generated number in the account database. The application uses the number internally, and only references the username when it needs to display something to a user.
更多推荐
发布评论