2

生成的哈希大小和算法的速度并不重要。我真的只对它是最安全的选择感兴趣。我也不想使用任何第三方库。

我使用的 .NET 框架的版本如果 3.5 有什么不同的话。

4

3 回答 3

13

我认为SHA512将是内置哈希算法的最佳选择。它是一种非常安全的算法的最大散列形式。

另外,不要忘记使用盐来帮助保护哈希免受字典攻击

于 2008-10-28T09:33:03.740 回答
11

您说算法的速度并不重要,但实际上它很重要。

很大程度上取决于“安全”的定义,SHA512(几乎)不可能逆转,但实际上蛮力攻击它相当容易

这是因为它很快——您可以将其视为 SHA“家族”的基本设计缺陷,因为它们的设计速度非常快。

这是一个问题 -SHA512实现了非常快的设计目标(它并不比 慢很多SHA1),但如果你是一个尝试暴力破解密码的黑客,那么它更容易破解。10 甚至 5 年前,严重的暴力攻击是不可能的,现在是几个花哨的显卡或一些云时间。

这就是密钥扩展算法的用武之地——它们故意使构建密码哈希的过程变慢。速度足够慢,以至于用户检查单个哈希不会注意到,但蛮力攻击将花费太长时间。

密钥拉伸算法的一个很好的例子是 RFC2898 或PBKDF2 - 它使用长盐并执行 SHA 算法数千次来创建一个复制速度很慢的哈希。

.Net 有一个本机实现:Rfc2898DeriveBytes

他们将其用于System.Web.Crypto.HashPassword,但您可以轻松查看他们的来源以在其他地方使用它。

现在在我的机器上(一台相当垃圾的旧笔记本电脑)一个具有 1000 次迭代(默认)的单个 .NetRfc2898DeriveBytes哈希大约需要 50 毫秒,而我可以在一秒钟内暴力破解大约 250,000 个 SHA512 哈希。

So in .Net right now the most secure option is to use Rfc2898DeriveBytes.

However RFC2898/PBKDF2 does have a weakness - while it is slow parallel computing is getting cheaper and cheaper and it doesn't take much memory to build each hash. Right now it's pretty un-brute-forceable, but in 5 or 10 years?

So the next generation are algorithms like bcrypt/scrypt that are designed to use a lot of memory for each hash, making parallel executions expensive. While there are .Net implementations there isn't a native one (yet) and I'd be wary of using one until there is - using these will affect loads of things like concurrent log-ons (if used for passwords) and so introduce a lot of risk for early adopters.

于 2012-08-06T13:09:03.733 回答
0

User asked what is most secure Hashing algorithm in .NET, PBKDF2 is not a hashing algorithm, it is a method of deriving encryption keys and yes the underlying pseudo random function MAY be a hashing algorithm however in Rfc2898DeriveBytes it is actually HMACSHA1 over x passes with each byte of each hash value from each pass XORed with the next (know as key stretching).

So to answer the question currently HMACSHA512 is the most secure hashing algorithm in .NET currently.

If you wish to "hash" passwords, (And I say hash because it is not a direct hash function output) here is an API that takes PBKDF2 and uses HMACSHA512 to derive bytes rather than the Rfc2898DeriveBytes MS implemented using HMACSHA1: https://sourceforge.net/projects/pwdtknet

于 2012-10-19T05:51:40.400 回答