Professor Wang Xiaoyun's "decryption" about hash and MD5"

About hash and MD5

It seems that many people are not very familiar with the hash algorithm. Here, I will give a brief explanation. I don't want anyone to ask how to decrypt MD5 and sha1 later! First, let's briefly talk about the hash algorithm and its communication path! You may find yourself Currently, the purpose of the hash algorithm is different from that of the hash algorithm. The hash algorithm is either MD5 or sha1. they are all hash algorithms, which feature the ability to compress strings of any length to generate strings of a fixed length, and the resulting string represents all the characters in the original string. For a simple example, let's take the example of kc_ren (paradise Dragon) in the post I mentioned above: After admin encryption: 16-bit 8f00b204e9800998 32-bit d41d8cd98f00b204e9800998ecf8427e The 8f00b204e9800998 (16bit) or d41d8cd98f00b204e9800998ecf8427e (32bit) strings generated by 32-bit or 16-bit indicate the original string admin. As long as the admin string is not changed, the result remains unchanged no matter how MD5 or sha1 is repeatedly used for re-calculation. With this feature, we use this algorithm in computer security to ensure data integrity (integrity) Here I will talk about computer security. Here I will expand: A Brief Overview of computer security is actually a lecture about the CIA. . C = confidentiality (confidentiality), I = integrity (integrity), A = avalibility (availability) Obviously, the hash algorithm is used to ensure integrity. What is integrity? Not only does it mean that data is not lost, but it must be ensured that the data has not been illegally modified. Here is a simple example. For example, if a sends an email to B with the content "hello", anyone may intercept this email on the network because of the Ethernet network we are currently using, modify the string hello. So when B receives the email sent by a, how can he determine that this email has not been modified during transmission? We use the hash algorithm to ensure data integrity. He works like this: 1. A write an email with the content hello 2. A uses the hash algorithm to encode Hello (I used the encoding here, but the word "encryption" is not used) 3. A sends the original email hello and digest (the digest information of the original email) encoded by the hash algorithm to B (Therefore, the email sent by A to B is composed of two parts: 1 is the original hello, and 2 is the digest information encoded by hash) 4. B receives an email from a, which is composed of two parts. 5. B uses the hash algorithm to recalculate the abstract information of the email based on the content of the received email. 6. B compares the summary information calculated by himself with the summary information received. If the comparison result is the same, it is deemed that this email has not been modified in the middle. Otherwise, this email must have been modified in the middle, so the content is untrusted. This ensures the integrity of the original data. Many people use the hash algorithm to encrypt passwords. The final result of this operation is at most to reassure those who use the software. Rest assured? Rest assured that the passwords they save in your software cannot be obtained by developers. In addition, there is no other value. If you must say something else. That is, if the developer or maintenance engineer accidentally leaks the database containing the customer's password, the passwords of those customers cannot be obtained from the database. However, if you think about it, I have obtained the database data. What else do I need the passwords? I believe that many developers in csdn use the hash algorithm to implement the so-called pravicy promised to the customer. In this way, they will say to the users who use their webbase applications: "your login password here is safe and nobody knows. "It seems very thoughtful to think about it. In fact, if you think about this method, how can we ensure your pravicy? To put it bluntly, it is just like a false one. It is of no high value to use the hash algorithm to encode the user's password (so-called encryption. After talking about this, I believe you should understand the usage of the hash algorithm. Now let's talk about the MD5 "decryption" news from Professor Wang Xiaoyun of Shandong University, which many people are proud. (According to my website of Shandong University, she is said to have "decrypted" even sha1 and md4 ). please note that I put quotation marks on decryption !! If this is the case on the internet, I can only talk about the ignorance of the journalists reporting this news! (Of course, you can't blame them because they did not graduate in computer science, and they are reporting something about computer security. You need to know that computer security in the United States can be used as a single undergraduate major, with too many things to be learned. I am only talking about it now .) A little out of question: p ...... Let's look back at Professor Wang's collision method. Speaking of decryption? Professor Wang's method is not used for decryption. Therefore, Professor Wang can decrypt MD5 and restore the MD5 code (so-called encryption). This is a bit exaggerated. Not so expressive, those statements use fashionable words to describe "The Legend of decryption" Professor Wang's collision method exploits a vulnerability in the MD5 or sha1 algorithm (I am calling it a vulnerability for the time being, but I have not verified it) According to the features of the MD5 and sha1 hash algorithms, because they are strings of any length and become summary information of a fixed length. In this case, different strings may generate the same abstract information theoretically. Professor Wang's so-called collision method is that the digest information produced by different strings is the same. Therefore, the collision method is named. Collision is embodied here. There is nothing else about God. According to sha1, MD5, and other hash algorithms, during the design, the person who designed this algorithm thought that different strings would generate abstract information with the same results, almost without any possibility. Professor Wang proved that digest information rules generated by hash algorithms such as sha1 and MD5 can be cracked in a short time. In this way, the integrity of the original data is broken. The so-called cracking is embodied here. If you still don't understand it, I will simply use Professor Wang's collision method to give you a simple example. In my previous example, A wrote an email to B called HELLO, and then passed Professor Wang's collision method, the summary of the fuck string may be the same as that of the hello string. Therefore, in the previous example. If B receives the email fuck B, it will also be considered as an email sent by a, and it has not been modified! Here, I believe that many people who are currently using MD5 or sha1 hash algorithms to ensure password security should consider whether to continue using the current method to ensure security.