使用 MD5、SHA1 和 MD5 over SHA1 散列密码
Hashing passwords with MD5, SHA1 and MD5 over SHA1
这些密码散列方法中的哪种最安全且最难发现散列冲突?
- 仅 MD5
- 仅限 SHA1
- MD5 优于 SHA1
这些都不应该用于密码散列,它们已被证明是不安全的:
来自维基百科的 MD5:
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
来自维基百科的 SHA1:
SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[3] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[4][5][6] Microsoft,[7] Google[8] and Mozilla[9][10][11] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
存在更安全的散列算法,例如 SHA-2 或 3,应予以考虑。
这些密码散列方法中的哪种最安全且最难发现散列冲突?
- 仅 MD5
- 仅限 SHA1
- MD5 优于 SHA1
这些都不应该用于密码散列,它们已被证明是不安全的:
来自维基百科的 MD5:
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
来自维基百科的 SHA1:
SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[3] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[4][5][6] Microsoft,[7] Google[8] and Mozilla[9][10][11] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
存在更安全的散列算法,例如 SHA-2 或 3,应予以考虑。