请帮帮我;我无法描述哪种算法更好? 我尝试了什么: i已读过这篇文章: Salted Password Hashing - 正确行事 [ ^ ] 我理解最好asp webforms的哈希算法是 PBKDF2-HMAC-SHA512 然后得到这个实现: GitHub - defuse / password-hashing:密码哈希码。 [ ^ ] 此实现基于 PBKDF2- HMAC-SHA1 i搜索可以帮我制作的东西一个哈希基于 PBKDF2-HMAC-SHA512 我在github上找到了这个库: GitHub - therealmagicmike / PBKDF2.NET:提供基于密码的自适应密钥派生(PBKDF2)功能。 .NET Framework允许使用任何基于System.Security.Cryptography.HMAC的哈希实现,无论是内置类型还是自己的实现。 [ ^ ] 此库中的我可以将我的哈希算法定义为< b> HMACSHA1< / b>,< b> HMACSHA256< / b>,< b> HMACSHA384< / b>或者< b> HMACSHA512< / b> 如您所知 HMACSHA1 比 HMACSHA512 更快。出于安全考虑,它并不好。 但是我发现了一些我不知道的事情是不是真的!我已在同一页面中实现了这两种算法,并了解adriancs的算法比迈克的算法需要更长的时间。 adriancs的文章不合逻辑。 所以,我想知道哪种算法最慢,哪种更好? 任何帮助将不胜感激。 谢谢你,Masoud。
Please help me; I can't describe which algorithm is better? What I have tried: Hi, i have read this article: Salted Password Hashing - Doing it Right[^] and i understand that the best hash algorithm for asp webforms is PBKDF2-HMAC-SHA512 and then get this implementation: GitHub - defuse/password-hashing: Password hashing code.[^] this implementation is based on PBKDF2-HMAC-SHA1 i googled to find something that help me to make a hash based on PBKDF2-HMAC-SHA512 and i've found this library on github: GitHub - therealmagicmike/PBKDF2.NET: Provides adaptive password-based key derivation (PBKDF2) functionality for the .NET Framework allowing the use of any System.Security.Cryptography.HMAC-based hashing implementation, whether it's a built-in type, or an implementation of your own.[^] in this library i can define my hash algorithm as <b>HMACSHA1</b>, <b>HMACSHA256</b>, <b>HMACSHA384</b> or <b>HMACSHA512</b> and as you know HMACSHA1 is faster than HMACSHA512. and it's not good in security reasons. But i've found something that i don't know it's true or not! i've implemented both algorithms in same page and understand that adriancs's algorithm takes longer time than the mike's. and it's not logical as for adriancs's article. So, i want to know which algorithm is slowest and also wich is better? any help will be appreciated. Thank you, Masoud.
推荐答案实际上,SHA是散列密码的最佳算法,主要是因为MD5正式破坏,不推荐用于新应用程序。这并不意味着MD5实际上是坏的,只是在某些情况下您可以反转哈希以产生可输入密码,该密码将产生与原始密码相同的MD5哈希值。然而,新密码可能无法识别为原始密码。 SHA-1目前已损坏但未破解,SHA256部分损坏但仍被认为是安全的时刻。 SHA512目前很稳定,所以我将它用于新项目。 SHA-3是下一代哈希,但目前还没有经过验证的.NET实现我是意识到。 Pretty much, SHA is the "Best" algorithm for hashing passwords, mostly because MD5 is officially "broken" and is not recommended for new applications. That doesn't mean MD5 is actually bad, just that there are circumstances where you can "reverse" the hash to produce an "enterable" password that will produce the same MD5 hash value as the original. The "new" password will probably not be recognisable as the "original" however. SHA-1 is currently "broken" but not cracked, and SHA256 is "partly broken" but still considered secure for the moment. SHA512 is solid at present, so I'd use that for new projects. SHA-3 is the "next generation" hash, but at present there is no verified implementation for .NET that I'm aware of.
更多推荐
哪种算法最慢?
发布评论