Hashing (hash) and encryption (ENCRYPT) related content

1. The difference between hashing (hash) and encryption (Encrypt)

A hash is the conversion of the target text into an irreversible hash string (or message digest) of the same length, whereas encryption (Encrypt) converts the target text into a reversible cipher with different lengths.

I. Hashing algorithms are often designed to generate text with the same length, whereas the length of text generated by the cryptographic algorithm is related to the length of the plaintext itself.

Example: Set we have two paragraphs of text: "Microsoft" and "Google". The results obtained by using a hashing algorithm are: "140864078aeca1c7c35b4beb33c53c34" and "8b36e9207c24c76e6719268e49201d94", and the results of using some encryption algorithm are respectively " Njdsptpgu "and" HPPHMF ". As you can see, the result of the hash has the same length, and the result of the encryption is different in length. In fact, if you use the same hashing algorithm, no matter how long your input is, the resulting length is a constant, and the encryption algorithm is often proportional to the length of the plaintext.

Ii. The hashing algorithm is irreversible, and the encryption algorithm is reversible.

The irreversibility here has two meanings, one is "given a hash result R, there is no way to convert E to the original target text S", and the second is "given a hash result R, even if the hash result of a text S is R, can not assert that the original target text is S". Encryption is different, given the encrypted cipher R, there is a way to convert R determined to the plaintext before encryption S.

2, hashing (hash) and the choice of encryption (Encrypt)

If the protected data is used for comparison verification only, then the hash is used, and if the protected data needs to be reverted to clear text later, it needs to be encrypted.

3, simple one-time hash (hash)

The currently most commonly used hash algorithm is MD5 and SHA1

usingSystem;usingSystem.Web.Security;namespacehashandencrypt{/// <summary>    ///hashing (hash) tool class/// </summary>     Public Sealed classHashhelper {/// <summary>        ///hashing using the MD5 algorithm/// </summary>        /// <param name= "source" >Source String</param>        /// <returns>Hash String</returns>         Public Static stringMd5hash (stringsource) {            returnFormsAuthentication.HashPasswordForStoringInConfigFile (Source,"MD5"); }         /// <summary>        ///hashing using the SHA1 algorithm/// </summary>        /// <param name= "source" >Source String</param>        /// <returns>Hash String</returns>         Public Static stringSha1hash (stringsource) {            returnFormsAuthentication.HashPasswordForStoringInConfigFile (Source,"SHA1"); }    }}

4, to a simple hash (hash) attack

There are mainly search collision method and poor lifting method.

I. Search for collision Method: If you can find the password to decipher the same hash value of the password can be. But there is no effective method for finding collisions for MD5 and SHA1.

II. Exhaustive method: Assume that the attack range is 000000-999999, starting from 000000 to use the hash, the obtained hash value compared to the target, if the same, then this value is the target hash value of a collision, that is deciphered.

1 usingSystem;2 usingSystem.Web.Security;3  4 namespaceHashandencrypt5 {6     /// <summary>7     ///MD5 attack Tool class8     /// </summary>9      Public Sealed classMd5attackhelperTen     { One         /// <summary> A         ///MD5 attacks on the poor -         /// </summary> -         /// <param name= "hashstring" >Hash String</param> the         /// <returns>the source string or source string collision of the hash string (returns null if the attack fails)</returns> -          Public Static stringAttackMD5 (stringhashstring) -         { -              for(inti =0; I <=999999; i++) +             { -                 stringTestString =i.tostring (); +                  while(Teststring.length <6) ATestString ="0"+teststring; at   -                 if(FormsAuthentication.HashPasswordForStoringInConfigFile (TestString,"MD5") ==hashstring) -                     returnteststring; -             } -   -             return NULL; in         } -     } to}

This method is easy to decipher those simple passwords such as "000000" or "123456" and so on.

5, multiple mixed hash (hash)

To avoid a simple password being deciphered, use a multiple mixed hash:

Assuming the string key, the hash value of the target password A r=sha1 (MD5 (A) *md5 (key))

1 usingSystem;2 usingSystem.Web.Security;3  4 namespaceHashandencrypt5 {6     /// <summary>7     ///Multi-blend Hash tool class8     /// </summary>9      Public Sealed classHashhelperTen     { One         Private Static ReadOnlyString HashKey ="qwer#&^buaa06"; A         /// <summary> -         ///multi-blend hashing of sensitive data -         /// </summary> the         /// <param name= "source" >Pending Clear Text</param> -         /// <returns>data after the hasn</returns> -          Public Staticstring Hash (string source) -         { +String hashcode = formsauthentication.hashpasswordforstoringinconfigfile (source,"MD5") + -FormsAuthentication.HashPasswordForStoringInConfigFile (HashKey,"MD5"); +             returnFormsAuthentication.HashPasswordForStoringInConfigFile (Hashcode,"SHA1"); A         } at     } -}

* Collation Source: http://www.cnblogs.com/leoo2sk/archive/2010/10/01/hash-and-encrypt.html

Hashing (hash) and encryption (ENCRYPT) related content