December 2021
Intermediate to advanced
227 pages
5h 7m
Chinese
Content preview from 安全防御入门手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
密码管理与多因素身份验证
|
111
如果我们尝试一个更长的短语,会得到:
Amanda and Lee are awesome at creating examples =
51eba84dc16afa016077103c1b05d84a
它们的结果长度相同。这意味着多个输入可能产生相同的输出,这种情况被称为冲突。在
大数据集上使用相同的哈希算法时,冲突是不可避免的,但对于比较其他类型数据的有效
性,冲突还是有用的。
MD5
也是一种容易被破解的哈希算法。
哈希对于存储不需要回读的内容很有用,而且还能够检查有效性。密码是最主要的例子;
不存储明文密码,而是存储其哈希后的版本。然后,当某人输入他的密码时,会对密码使
用相同的哈希算法,然后与数据库中的哈希值进行比较。哈希函数可用于测试信息、程序
或其他数据是否被篡改了。
哈希算法最重要的性质在于它是单向的。找回原始值的唯一方法是进行暴力破解,尝试多
个值,看看它们是否产生相同的哈希值。但这如果用于密码则有问题,因为密码通常很
短,而且使用常见的单词。现代计算机无须花太多时间就可以遍历一个很大的字典(或使
用现成的彩虹表),找出所有常用密码的哈希值。这时就要加盐。
13.5.3
加盐
加盐的工作原理是向输入中添加一个额外的秘密值来扩展原始密码的长度。
在本例中,密码是
Defensive
,盐的值是
Security
.Handbook
。哈希值将由二者组合而成:
DefensiveSecurity.Handbook
。这能为使用常用单词作为密码的人提供一些保护
。但是,如
果使用的盐值被人知道了,那么他们就 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.