英文:
Python compare two SHA512 hashes
问题
以下是代码部分的翻译:
hashlib.sha512(h1.encode).digest() == hashlib.sha512(h2.encode).digest()
不需要其他内容,以上就是代码的翻译。
英文:
I have two SHA512 hashes with salt:
h1 = "412e00cc45afb8d2d5675bf5de0d1bb83eb85ab4af2c5560c8cc580feeb319565cde4e8d57ff847c0c6d9c6681d68d7850da594932d66fd65db133b19e5b31ec:9c0d2ff09e8c43babc49d42ad215e0fa"
h2 = "bc80293178d0aa302f5372a744a2acd3d4f7350b635bcdbded1f95fba187a4d04b429b30fb94daed2a94be3ec2c9ed5a110827f3a794b9f8c40fcdd41015e2c2:1a8de82d82134aecbab7f6d0c37c8444"
Is it possible to compare them, to derive if they are generated from the same password without having the password?
hashlib.sha512(h1.encode).digest() == hashlib.sha512(h2.encode).digest()
答案1
得分: 1
No.
你有哈希和盐 - 你的字符串形式为hash:salt - 但即使如此,你仍然需要破解至少一个哈希密码,以确定这些哈希是否来自使用不同盐的相同密码。阻止攻击者轻松确定两个哈希是否来自相同密码是盐存在的主要原因之一。
(另外,SHA-512是一个糟糕的密码哈希选择,因为它不是为这个任务设计的,评估速度太快。仅仅破解密码可能相当容易。)
英文:
No.
You've got both hash and salt - your strings are of the form hash:salt - but even with that, you would still need to crack the password of at least 1 hash to determine if the hashes came from the same password with different salts. Preventing attackers from easily determining if two hashes came from the same password is one of the primary reasons salts exist.
(As an aside, SHA-512 is a terrible choice of password hash, as it is not designed for the job and is far too quick to evaluate. Just cracking the password may be pretty easy.)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论