Skip to main content

Hashing

  • Broken - MD4, MD5, SHA-0, SHA-1
    • 但是作为校验码还是可以使用
    • md5,sha1 有硬件加速, 非常快
      • SIMD Intel SSE, Intel SHA Extensions
Hash used by various tools/services
  • sha256 通常指 sha2-256
  • git
  • docker - sha256
  • npm - sha512, multihash
  • alpine - md5, sha1
  • S3 Content-MD5
  • ⚠️注意
    • 避免使用 md5, sha1 这种已经被破解的算法作为 unique hash - 存在碰撞攻击
# https://git-scm.com/docs/git-hash-object
git hash-object ~/.bashrc

# coreutils
# ==========
sha1sum ~/.bashrc
sha224sum ~/.bashrc
sha256sum ~/.bashrc
sha384sum ~/.bashrc
sha512sum ~/.bashrc
md5sum ~/.bashrc
# 32 bit CRC
# -a DIGEST - sysv, bsd, crc, md5, sha1, sha224, sha256, sha384, sha512, blake2b, sm3
cksum ~/.bashrc
cksum -a sha1 ~/.bashrc # 等同于 sha1sum
b2sum ~/.bashrc # BLAKE2b (512-bit)
# BSD (16-bit) checksums
sum -s ~/.bashrc # sysv
sum -r ~/.bashrc # bsd

# openssl
# ==========
# -gost-mac, -streebog512, -streebog256, -md_gost94
# -md4, -md5, -md5-sha1, -ripemd160
# -sha{1,224,256,384,512}
# -whirlpool
openssl dgst -sha256 ~/.bashrc

# perl shasum
# ==========
# -a 1 , 224, 256, 384, 512, 512224, 512256
# SHA-512/256
shasum -a 512224 ~/.bashrc

参考

密码

  • pbkdf2 - 主流 - 专用于密码
  • aragon2 - 但采用没有 pbkdf 多
  • bcrypt
    • $2<a/b/x/y>$[cost]$[22 character salt][31 character hash]
  • scrypt
  • sha2 - 特殊场景
  • salted - 传统 md5 方式+salt

# -i - argon2i - 默认
# -d - argon2d
# -id - argon2id
# -t=3 - iterations
# -m=12 - memory usage - 2^N
# -p=1 - parallelism
# -l=32 - 输出长度
# -e - 只输出 hash
# -r - raw bytes
# -v=13 - 版本 10,13
echo -n "secret" | argon2 "saltsalt" -e
  • NodeJS
    • crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)

git hash

Hash/Digest

  • adler32
  • crc - Cyclic redundancy check
    • 16,32,64
  • fnv - Fowler–Noll–Vo
    • 32,64,128,256,512,1024
    • xor
  • MurmurHash
    • 32,64,128
  • maphash
  • tdigest

Cryptographic hash algorithms

hashvariantbitsinternal bitesblock bitsroundshexb64
MD5128128=4×325126432
SHA-0160160=5×325128040
SHA-1160160=5×325128040
SHA-2224224256=8×325126456
^^256256^^^^^^64
^^384384512=8×6410248096
^^512512^^^^^^128
^^512/224224^^^^^^
^^512/256256^^^^^^
SHA-32242241600=5×5×6411522456
^^256256^^1088^^
^^384384^^832^^
^^512512^^576^^
^^SHAKE128any^^1344^^
^^SHAKE256any^^1088^^
  • x86
    • SHA3-256 - MMX,AVX-512VL, AVX2 - OpenSSL
    • SHA3 - SSE2 - Crypto++
  • Apple A13 ARMv8
    • SHA-3/SHA-512 EOR3, RAX1, XAR, BCAX - ARMv8.2-SHA
  • ARM
    • SVE, SVE2

SHA

  • SHA - Secure Hash Algorithm
  • SHA-2 - 2001
    • 224, 256, 384, 512
  • SHA-3 - 2015
    • 224, 256, 384, 512

Reverse

SHA2 vs SHA3

  • 安全性 - 两者区别不大 - 没有结构性问题,例如 sha1
  • 性能 - SHA2 广泛,软实现性能更好,硬件支持更多

性能

xxHash vs MurmurHash

  • xxHash3
  • MurmurHash3

Well Known

echo -n "" | openssl dgst -sha256
php -r 'echo hash("sha256", "");'

空字符串

hashvalue
sha256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855