开发者

a strong function for hash strings and restore it

I'm looking for a strong hash function (algori开发者_如何转开发thm) to hash my codes. i want to restore hashed string to original string. (can i restore sha to original?)

can you help me?


You can't restore the original data from a hash as it is not reversible by design. An usual explanation is the Pigeonhole Principle - most hashes are about 128-256 bits, so 16-32 bytes in size. As soon as your string is longer (and even before this) than this, there will be two strings that have the same hash. This is called a collision.

Also note that strings shorter than 16-32 bytes can often be reversed, although you shouldn't rely on this as there can be collisions, too. For example, hash some string like test and search for the hash on Google.

Nevertheless, even test and some other short word could have the same hash, so you'll never be 100% sure you've got the right string.


Hash algorithms are one way so you can't restore the original text from the hash


You have your terminology wrong, I think. A "hash" is a one-way encryption algorithm; by definition, you cannot "de-hash" a hashed string (if you can "de-hash" the string using anything more efficient than a birthday attack, then the hash algorithm is vulnerable and should not be used). The purpose of hashes is to provide a unique substitute value, usually with a fixed length, that can be compared for exact equality without exposing the plaintext used to generate the hash.

If you want strong information-hiding while retaining the ability within your program to get the original value back out, then you just want encryption. I would recommend something like AES or Rijndael, which are symmetric encryption algorithms. You use the same key to decrypt as to encrypt, so you can hide the key somewhere in your code or database and decrypt things you've previously encrypted. What you usually lose is the fixed-length property of most hashes; in the case of things like passwords, the length of the plaintext string, and thus the ciphertext, is usually self-limiting anyway.

If decryption of data is not something you normally need to do, but you often need to encrypt things (for instance you are using the algorithm to "hash" passwords for DB storage, but you need to retain the ability to decrypt them if a user forgets one), you can use an an asymmetric algorithm like RSA. One key, the public key, is used to encrypt strings, then another key, the private key, decrypts them. You can put the public key out in your assemblies, and even if it's decompiled, an attacker cannot use the key in the assembly to read passwords. Your private key, which should be stored very securely in a private place in your own system and is never pushed out with any code objects, is the only thing that can decrypt the strings that are encrypted with the public key.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜