python-hashlib&hmac

Others 2019-12-29 21:33:02 views: null

hashlib&hmac

Hash

Hash, generally translated to do a "hash", also has a direct transliteration of "hash", that is, the arbitrary length input (also called pre-mapping, pre-image), through a hash algorithm, to output the converted fixed length, the output is the hash value. This conversion is a compression map, i.e., the space hash value is typically much smaller than the input space, different inputs may hash to the same output, and is impossible to uniquely determine the value of the input from the hash value.

Simply means that the message of any length A to the compression function of the message digest of a fixed length.

HASH is mainly used in the field of information security encryption algorithm, he put some of the information is converted into different lengths of 128-bit encoding messy's called HASH value can also be said, hash is to find a data content and data stored between addresses Mapping relations

What is the MD5 algorithm

MD5 message digest algorithm (English: MD5 Message-Digest Algorithm), a widely heteroaryl password hash function used, can produce a 128-bit hash value (hash value), information transmission to ensure complete and consistent. MD5's predecessor had MD2, MD3 and MD4.

MD5 function

The input information of any length, after processing, the output 128 of the information (digital fingerprints);

Different results (Uniqueness) different input obtained;

Features MD5 algorithm

  1. Compressibility: arbitrary data length, the length of the MD5 value is calculated are fixed
  2. Easily calculated: MD5 value is calculated from the original data easily
  3. Anti modifications: the original data to make any changes, modify the value of the difference between a byte MD5 generation will be great
  4. Strong anti-collision: the original data and the known MD5, want to find data (ie, falsified data) is very difficult with the same MD5 values.

MD5 algorithm whether reversible?

MD5 is an irreversible reason which is a hash function, using a hash algorithm, part of the original information is lost during the calculation of the.

MD5 uses

  1. Prevent tampering:
  2. Such as sending an electronic document, before sending, let me get the MD5 output a. Then, after the electronic document received by the other, the other side has also been an MD5 of the output b. If a and b are the same on behalf of the middle not been tampered with.
  3. For example, I offer file downloads, in order to prevent criminals add Trojans in the installer, I can announce MD5 output results from the installation files on the site.
  4. SVN whether the modified file is detected after the CheckOut, also uses MD5.
    1. Expressly to prevent direct see:
  5. Now many websites when user passwords stored in the database of MD5 values ​​are stored in the user's password. So even if the criminals get the user's password MD5 value of the database and you can not know the user's password. (For example, in UNIX systems to the user's password is the MD5 (or other similar algorithms) by the stored encrypted. When the user logs in, the system calculates the user-entered password MD5 value to the file system, and then go and save MD5 values ​​in the file system are compared, and then determine whether the correct password is entered. With this step, the system does not know the codes in case the user's password can determine the legitimacy of the user logged into the system. this not only saves users the password is a user with system administrator privileges to know, but also increase the difficulty of your password being compromised also to some extent.)
    1. Non-repudiation (digital signatures):
  6. This requires a third-party certification body. A written document such as a certification body to produce this document summary information using the MD5 algorithm and make a record. If the A later say that this document is not written by him, authorities need this file to re-generate the summary information and records to compare with the information in the summary booklet are the same, then it proved to be a written A. This is the so-called "digital signature."

SHA-1

Secure Hash Algorithm (Secure Hash Algorithm) is mainly applied to Digital Signature Standard (Digital Signature Standard DSS) which defines the Digital Signature Algorithm (Digital Signature Algorithm DSA). For the message length is less than 2 ^ 64-bit, SHA1 produces a 160-bit message digest. When receiving the message, the message digest can be used to verify data integrity.

SHA is designed for the US National Security Agency, published by the US National Institute of Standards and Technology series of cryptographic hash functions.

As the MD5 and SHA-1 in 2005 to crack the Shandong University professor Wang Xiaoyun, scientists have launched a SHA224, SHA256, SHA384, SHA512, of course, the longer the median, much harder to break, but at the same time generating an encrypted message digest time spent longer. The most popular is the encryption algorithm is SHA-256.

Comparison of MD5 and SHA-1

As the MD5 and SHA-1 are developed from MD4, their structure and properties of strength have many similarities, the maximum difference between the MD5 and SHA-1 digest in that it is longer than 32 bits of the MD5 digest. For a brute force attack, any packet so that a given message digest is equal to the difficulty digest: MD5 is the magnitude of the operation 2128, SHA-1 is the order of 2160 operations. The difficulty of generating two packets having the same digest: MD5 is of the order of operation 264, SHA-1 is the order of 280 operations. Thus, greater SHA-1 provides a pair of force attack. However, since the cache SHA-1 loop of steps than 80:64 and MD5 to process multiple large 160 bits: 128-bit, SHA-1 operation speed slower than MD5.

Python provides relevant module

  • hashlib: Related operations for encryption, py3.x was replaced with hashlib md5 sha modules and modules: SHA1, SHA224, SHA256, SHA384, SHA512, MD5 algorithm

  • hmac: Encryption module

hashlib three encryption step

# demo1
import hashlib
#step1:使用方法
m = hashlib.md5()
#step2:放入需要加密的材料
m.update("tom123".encode("utf-8"))  # 必须是字节
#step3:输出加密值
print(m.digest())       # 二进制加密
print(m.hexdigest())    # 16进制加密
#demo2
import hashlib
m2 = hashlib.md5(b"tom")
m2.update(b"123")       # 此处可以 加盐
print(m.hexdigest())    # 与demo1 m.hexdigest()一致

# SHA1, SHA224, SHA256, SHA384, SHA512 用法与md5完全一样

hmac module

By hashing algorithm, we can verify that the valid period of the data, is to compare the hash value of the data, e.g., the user determines the password is correct, we use stored in the database password_md5comparison calculation md5(password)results, if they are consistent, the user input password It is correct.

Salt : To prevent hackers rainbow hash value table based on the original password thrust reversers, when computing the hash, can not be calculated only for the original input, a need to add salt to the same input such that a different hash can be obtained, so , greatly increased the difficulty by hackers.

If salt is our own randomly generated, usually we use when calculating MD5 md5(message + salt). But in fact, the salt seen as a "password", plus salt hash is this: When calculating the hash for a message, based on the calculated barrier passwords different hash. To verify the hash value, it must provide the correct password.

This is in fact Hmac algorithm: Keyed-Hashing for Message Authentication. According to a standard algorithm, the hash calculation process, the mixed key calculation process.

Add salt and our custom algorithm different, Hmac algorithms are common for all hash algorithms are MD5 or SHA-1. Using our own salt Hmac alternative algorithm, the algorithm can make the program more standardized, more secure.

Python comes with hmac module implements the standard of Hmac algorithm. Let's look at how to achieve hmac hash with the key.

First, we need to prepare the original message Message to be calculated, a random key, hash algorithm, the MD5 used here, use hmac code as follows:

>>> import hmac
>>> message = b'Hello, world!'
>>> key = b'secret'
>>> h = hmac.new(key, message, digestmod='MD5')
>>> # 如果消息很长,可以多次调用h.update(msg)
>>> h.hexdigest()
'fa4ee7d173f2d97ee79022d1a7355bcf'

Use hmac visible and common hash algorithm is very similar. original length and consistent hashing algorithm hmac output. Note that the incoming message is key and bytestype, strthe type of coding is required first bytes.

hmac a convenient way to use

# demo3
m3 = hmac.new(b"top")
m3.update(b"123")
print(m3.digest())
print(m3.hexdigest())

# demo4
m4 = hmac.new(b"top123")       # 与demo3的m3.hexdigest()不一样,初始值很关键。这点与hashlib不一样
print(m4.hexdigest())

Guess you like

Origin www.cnblogs.com/liuxu2019/p/12116407.html
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com