Python比较两个SHA512哈希值。

huangapple go评论73阅读模式
英文:

Python compare two SHA512 hashes

问题

以下是代码部分的翻译:

hashlib.sha512(h1.encode).digest() == hashlib.sha512(h2.encode).digest()

不需要其他内容,以上就是代码的翻译。

英文:

I have two SHA512 hashes with salt:

h1 = "412e00cc45afb8d2d5675bf5de0d1bb83eb85ab4af2c5560c8cc580feeb319565cde4e8d57ff847c0c6d9c6681d68d7850da594932d66fd65db133b19e5b31ec:9c0d2ff09e8c43babc49d42ad215e0fa"

h2 = "bc80293178d0aa302f5372a744a2acd3d4f7350b635bcdbded1f95fba187a4d04b429b30fb94daed2a94be3ec2c9ed5a110827f3a794b9f8c40fcdd41015e2c2:1a8de82d82134aecbab7f6d0c37c8444"

Is it possible to compare them, to derive if they are generated from the same password without having the password?

hashlib.sha512(h1.encode).digest() == hashlib.sha512(h2.encode).digest()

答案1

得分: 1

No.

你有哈希和盐 - 你的字符串形式为hash:salt - 但即使如此,你仍然需要破解至少一个哈希密码,以确定这些哈希是否来自使用不同盐的相同密码。阻止攻击者轻松确定两个哈希是否来自相同密码是盐存在的主要原因之一。

(另外,SHA-512是一个糟糕的密码哈希选择,因为它不是为这个任务设计的,评估速度太快。仅仅破解密码可能相当容易。)

英文:

No.

You've got both hash and salt - your strings are of the form hash:salt - but even with that, you would still need to crack the password of at least 1 hash to determine if the hashes came from the same password with different salts. Preventing attackers from easily determining if two hashes came from the same password is one of the primary reasons salts exist.

(As an aside, SHA-512 is a terrible choice of password hash, as it is not designed for the job and is far too quick to evaluate. Just cracking the password may be pretty easy.)

huangapple
  • 本文由 发表于 2023年2月24日 03:36:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/75549545.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定