安全哈希算法
In the past, many cryptographic hash algorithms were proposed and used by software developers. Some of them was broken (like MD5 and SHA1), some are still considered secure (like SHA-2, SHA-3 and BLAKE2). Let's review the most widely used cryptographic hash functions (algorithms).
至今,软件开发人员提出并使用了许多加密哈希算法。其中有些已被认为不安全(例如 MD5 和 SHA1),有些仍被认为是安全的(例如 SHA-2,SHA-3 和 BLAKE2)。让我们回顾一下使用最广泛的加密哈希函数(算法)。
安全哈希函数
Modern cryptographic hash algorithms (like SHA-3 and BLAKE2) are considered secure enough for most applications.
现代加密哈希算法(如 SHA-3 和 BLAKE2)对于大多数应用程序来说足够安全。
SHA-2, SHA-256, SHA-512
SHA-2 is a family of strong cryptographic hash functions: SHA-256 (256 bits hash), SHA-384 (384 bits hash), SHA-512 (512 bits hash), etc. It is based on the cryptographic concept "Merkle–Damgård construction" and is considered highly secure. SHA-2 is published as official crypto standard in the United States.
SHA-2 是一个强加密哈希函数家族:SHA-256(256 位哈希)、SHA-384(384 位哈希)、SHA-512(512 位哈希)等,它基于密码学概念“Merkle–Damgård 构造”,被认为是高度安全的。SHA-2 在美国作为官方密码标准发布。
SHA-2 is widely used by developers and in cryptography and is considered cryptographically strong enough for modern commercial applications.
SHA-2 被开发人员和密码学领域广泛使用,被认为在密码学上有足够的强度,适合现代商业应用。
SHA-256 is widely used in the Bitcoin blockchain, e.g. for identifying the transaction hashes and for the proof-of-work mining performed by the miners.
SHA-256 在比特币区块链中被广泛使用,例如用于识别交易的哈希以及用于由矿工进行的工作量证明挖掘。
Examples of SHA2 hashes:
SHA2 哈希的示例:
更多的哈希位 = 更高的抗碰撞性
By design, more bits at the hash output are expected to achieve stronger security and higher collision resistance (with some exceptions). As general rule, 128-bit hash functions are weaker than 256-bit hash functions, which are weaker than 512-bit hash functions.
根据设计,在哈希输出中使用更多的位可以获得更强的安全性和更高的抗碰撞性(除了某些例外)。一般来说,128 位的哈希函数要比 256 位的哈希函数弱,256 位的哈希函数要比 512 位的哈希函数弱。
Thus, SHA-512 is stronger than SHA-256, so we can expect that for SHA-512 it is more unlikely to practically find a collision than for SHA-256.
因此,SHA-512 比 SHA-256 更强,所以我们可以预期,实际上 SHA-512 比 SHA-256 更不可能找到碰撞。
SHA-3, SHA3-256, SHA3-512, Keccak-256
SHA-3 (and its variants SHA3-224, SHA3-256, SHA3-384, SHA3-512), is considered more secure than SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) for the same hash length. For example, SHA3-256 provides more cryptographic strength than SHA-256 for the same hash length (256 bits).
对于相同的哈希长度,SHA-3(及其变体 SHA3-224、SHA3-256、SHA3-384、SHA3-512)被认为比 SHA-2 (SHA-224、SHA-256、SHA-384、SHA-512)更安全。例如,对于相同的哈希长度(256 位),SHA3-256 比 SHA-256 提供了更大的加密强度。
The SHA-3 family of functions are representatives of the "Keccak" hashes family, which are based on the cryptographic concept "sponge construction". Keccak is the winner of the SHA-3 NIST competition.
SHA-3 函数族是基于密码概念“海绵构造”的“Keccak”哈希家族的代表。Keccak 是 SHA-3 NIST 竞赛的获胜者。
Unlike SHA-2, the SHA-3 family of cryptographic hash functions are not vulnerable to the "length extension attack".
与 SHA-2 不同,SHA-3 系列加密哈希函数不容易受到“长度扩展攻击”的影响。
SHA-3 is considered highly secure and is published as official recommended crypto standard in the United States.
SHA-3 被认为是高度安全的,并在美国作为官方推荐的加密标准发布。
The hash function Keccak-256, which is used in the Ethereum blockchain, is a variant of SHA3-256 with some constants changed in the code.
以太坊区块链中使用的哈希函数 Keccak-256 是 SHA3-256 的变体,代码中一些常量发生了更改。
The hash functions SHAKE128(msg, length) and SHAKE256(msg, length) are variants of the SHA3-256 and SHA3-512 algorithms, where the output message length can vary.
哈希函数 SHAKE128(msg, length) 和 SHAKE256(msg, length) 是 SHA3-256 和 SHA3-512 算法的变体,其中输出信息的长度可以变化。
Examples of SHA3 hashes:
SHA3 哈希的示例:
BLAKE2 / BLAKE2s / BLAKE2b
BLAKE / BLAKE2 / BLAKE2s / BLAKE2b is a family of fast, highly secure cryptographic hash functions, providing calculation of 160-bit, 224-bit, 256-bit, 384-bit and 512-bit digest sizes, widely used in modern cryptography. BLAKE is one of the finalists at the SHA-3 NIST competition.
BLAKE / BLAKE2 / BLAKE2s / BLAKE2b 是一组快速、高度安全的加密散列函数,提供 160 位、224 位、256 位、384 位和512 位摘要大小的计算,在现代密码学中广泛使用。BLAKE 是 SHA-3 NIST 竞赛的决赛选手之一。
The BLAKE2 function is an improved version of BLAKE.
BLAKE2 函数是 BLAKE 的改进版本。
BLAKE2s (typically 256-bit) is BLAKE2 implementation, performance-optimized for 32-bit microprocessors.
BLAKE2s(通常为 256 位)是 BLAKE2 的实现,针对 32 位微处理器进行了性能优化。
BLAKE2b (typically 512-bit) is BLAKE2 implementation, performance-optimized for 64-bit microprocessors.
BLAKE2b(通常为 512 位)是 BLAKE2 的实现,针对 64 位微处理器进行了性能优化。
The BLAKE2 hash function has similar security strength like SHA-3, but is less used by developers than SHA2 and SHA3.
BLAKE2 哈希函数具有与 SHA-3 类似的安全强度,但开发人员使用的频率低于 SHA2 和 SHA3。
Examples of BLAKE hashes:
BLACK 哈希的示例:
RIPEMD-160
RIPEMD-160 is a secure hash function, widely used in cryptography, e.g. in PGP and Bitcoin.
RIPEMD-160 是一种安全的哈希函数,广泛用于密码学中,例如在 PGP 和比特币中。
The 160-bit variant of RIPEMD is widely used in practice, while the other variations like RIPEMD-128, RIPEMD-256 and RIPEMD-320 are not popular and have disputable security strengths.
RIPEMD 的 160 位版本在实践中得到了广泛的应用,而其他变体如 RIPEMD-128、RIPEMD-256 和 RIPEMD-320 则不受欢迎,而且安全性也存在争议。
As recommendation, prefer using SHA-2 and SHA-3 instead of RIPEMD, because they are more stronger than RIPEMD, due to higher bit length and less chance for collisions.
推荐使用 SHA-2 和 SHA-3 而不是 RIPEMD,因为它们比 RIPEMD 强度更高,因为它们的位数更多,碰撞的可能性更小。
Examples of RIPEMD hashes:
RIPEMD 哈希的示例:
All of the above popular secure hash functions (SHA-2, SHA-3, BLAKE2, RIPEMD) are not restricted by commercial patents and are free for public use.
上述所有流行的安全哈希函数(SHA-2、SHA-3、BLAKE2、RIPEMD)都不受商业专利的限制,可以免费供公众使用。
不安全的哈希函数
Old hash algorithms like MD5, SHA-0 and SHA-1 are considered insecure and were withdrawn due to cryptographic weaknesses (collisions found). Don't use MD5, SHA-0 and SHA-1! All these hash functions are proven to be cryptographically insecure.
诸如 MD5,SHA-0 和 SHA-1 之类的旧哈希算法被认为是不安全的,并由于存在加密漏洞(发现冲突)而被撤回。 不要使用 MD5,SHA-0 和 SHA-1! 事实证明,所有这些哈希函数在加密中都是不安全的。
You can find in Internet that SHA1 collisions can be practically generated and this results in algorithms for creating fake digital signatures, demonstrated by two different signed PDF documents which hold different content, but have the same hash value and the same digital signature. See https://shattered.io.
你可以在互联网上找到,SHA1 碰撞可以实际生成,导致存在创建假数字签名的算法,例如两个不同的PDF文档,它们包含不同的内容,但具有相同的哈希值和相同的数字签名。参见 https://shattered.io。
Avoid using of the following hash algorithms, which are considered insecure or have disputable security: MD2, MD4, MD5, SHA-0, SHA-1, Panama, HAVAL (disputable security, collisions found for HAVAL-128), Tiger (disputable, weaknesses found), SipHash (it is not a cryptographic hash function).
避免使用下列哈希算法,它们被认为是不安全的或安全性具有争议:MD2、MD4、MD5、SHA-0、SHA-1、Panama、HAVAL(安全性具有争议,HAVAL-128 找到了冲突)、Tiger(安全性具有争议,找到了弱点)、SipHash(它不是一个加密哈希函数)。
其他安全哈希函数
The below functions are popular strong cryptographic hash functions, alternatives to SHA-2, SHA-3 and BLAKE2:
以下函数是流行的强加密哈希函数,可替代 SHA-2,SHA-3 和 BLAKE2:
Whirlpool is secure cryptographic hash function, which produces 512-bit hashes.
Whirlpool 是安全的加密哈希函数,可产生 512 位哈希值。
SM3 is the crypto hash function, officialy standartized by the Chinese government. It is similar to SHA-256 (based on the Merkle–Damgård construction) and produces 256-bit hashes.
SM3 是加密哈希函数,由中国政府正式制定。它类似于 SHA-256(基于 Merkle-Damgård 构造)并产生 256 位哈希。
The below functions are less popular alternatives to SHA-2, SHA-3 and BLAKE, finalists at the SHA-3 NIST competition:
以下函数是 SHA-2、SHA-3 和 BLAKE 的不太受欢迎的替代品,它们是 SHA-3 NIST 竞赛的决赛选手:
Skein is secure cryptographic hash function, capable to derive 128, 160, 224, 256, 384, 512 and 1024-bit hashes.
Skein 是一个安全的加密哈希函数,可以生成 128、160、224、256、384、512 和 1024 位的哈希值。
Grøstl is secure cryptographic hash function, capable to derive 224, 256, 384 and 512-bit hashes.
Grøstl 是一个安全的加密哈希函数,可以生成 224、256、384 和 512 位的哈希值。
JH is secure cryptographic hash function, capable to derive 224, 256, 384 and 512-bit hashes.
JH 是一个安全的加密哈希函数,可以生成 224、256、384 和 512 位的哈希值。
SHA-256,SHA3-256,BLAKE2 和 RIPEMD-160 没有已知的碰撞
As of Oct 2018, no collisions are known for: SHA256, SHA3-256, Keccak-256, BLAKE2s, RIPEMD160 and few others.
截至 2018 年 10 月,以下哈希函数尚无已知的碰撞发生:SHA256、SHA3-256、Keccak-256、BLAKE2s、RIPEMD160 等。
Brute forcing to find hash function collision as general costs: 2128 for SHA256 / SHA3-256 and 280 for RIPEMD160.
穷举查找哈希函数碰撞的一般开销:SHA256 / SHA3-256 需要 2128, RIPEMD160 是 2160。
Respectively, on a powerful enough quantum computer, it will cost less time: 2256/3 and 2160/3 respectively. Still (as of September 2018) so powerful quantum computers are not known to exist.
另外,在一台足够强大的量子计算机上,它将花费更少的时间:分别为2256/3和2160/3。尽管如此(截至 2018 年 9 月),如此强大的量子计算机尚不存在。
Learn more about cryptographic hash functions, their strength and attack resistance at: https://z.cash/technology/history-of-hash-function-attacks.html
要了解有关加密哈希函数及其强度和抗攻击性的更多信息,请访问:https://z.cash/technology/history-of-hash-function-attacks.html
Last updated