PBKDF2
Password-Based Key Derivation Function 2,PBKDF2 是 RSA 实验室的公钥加密标准(PKCS)系列的一部分,2017 年发布的 RFC 8018 (PKCS #5 v2.1)推荐使用 PBKDF2 进行密码散列。
PBKDF2 将伪随机函数(例如 HMAC),把明文和一个盐值(salt)作为输入参数,然后进行重复运算,并最终产生密钥,如果重复的次数足够大,破解的成本就会变得很高。
在 RFC 8018 中对该算法的描述如下:
PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
example) to derive keys. The length of the derived key is
essentially unbounded. (However, the maximum effective search space
for the derived key may be limited by the structure of the underlying
pseudorandom function. See Appendix B.1 for further discussion.)
PBKDF2 is recommended for new applications.
PBKDF2 (P, S, c, dkLen)
Options: PRF underlying pseudorandom function (hLen
denotes the length in octets of the
pseudorandom function output)
Input: P password, an octet string
S salt, an octet string
c iteration count, a positive integer
dkLen intended length in octets of the derived
key, a positive integer, at most
(2^32 - 1) * hLen
Output: DK derived key, a dkLen-octet string
Steps:
1. If dkLen > (2^32 - 1) * hLen, output "derived key too long"
and stop.
2. Let l be the number of hLen-octet blocks in the derived key,
rounding up, and let r be the number of octets in the last
block:
l = CEIL (dkLen / hLen)
r = dkLen - (l - 1) * hLen
Moriarty, et al. Informational [Page 11]
RFC 8018 PKCS #5 v2.1 January 2017
Here, CEIL (x) is the "ceiling" function, i.e., the smallest
integer greater than, or equal to, x.
3. For each block of the derived key apply the function F defined
below to the password P, the salt S, the iteration count c,
and the block index to compute the block:
T_1 = F (P, S, c, 1) ,
T_2 = F (P, S, c, 2) ,
...
T_l = F (P, S, c, l) ,
where the function F is defined as the exclusive-or sum of the
first c iterates of the underlying pseudorandom function PRF
applied to the password P and the concatenation of the salt S
and the block index i:
F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
where
U_1 = PRF (P, S || INT (i)) ,
U_2 = PRF (P, U_1) ,
...
U_c = PRF (P, U_{c-1}) .
Here, INT (i) is a four-octet encoding of the integer i, most
significant octet first.
4. Concatenate the blocks and extract the first dkLen octets to
produce a derived key DK:
DK = T_1 || T_2 || ... || T_l<0..r-1>
5. Output the derived key DK.
Note: The construction of the function F follows a "belt-and-
suspenders" approach. The iterates U_i are computed recursively to
remove a degree of parallelism from an opponent; they are exclusive-
ored together to reduce concerns about the recursion degenerating
into a small set of values.
代码样例
JavaScript
// 引用 crypto-js 加密模块
var CryptoJS = require('crypto-js')
function pbkdf2Encrypt() {
var text = "I love Python!"
var salt = "43215678"
// keySize 数据大小, iterations 迭代次数
// key 长度 128,10 次重复运算
var encryptedData = CryptoJS.PBKDF2(text, salt, {keySize: 128/32,iterations: 10});
return encryptedData.toString()
}
console.log(pbkdf2Encrypt()) // 7fee6e8350cfe96314c76aaa6e853a50
Python
import binascii
from Cryptodome.Hash import SHA1
from Cryptodome.Protocol.KDF import PBKDF2
text = 'I love Python!'
salt = b'43215678'
result = PBKDF2(text, salt, count=10, hmac_hash_module=SHA1)
result = binascii.hexlify(result)
print(result)
# b'7fee6e8350cfe96314c76aaa6e853a50'
RipeMD
RIPEMD (RACE原始完整性校验讯息摘要)是一种加密哈希函数,由 鲁汶大学 Hans Dobbertin,Antoon Bosselaers 和 Bart Prenee组成的COSIC 研究小组发布于1996年。
RIPEMD是以MD4为基础原则所设计的 ,而且其表现与更有名的SHA-1类似。
RIPEMD-160 是RIPEMD系列中最常见的版本。 RIPEMD-160是设计给学术社群所使用的,刚好相对于国家安全局 所设计SHA-1和SHA-2算法。 同时也存在着128,256-320位元的这种算法,称为RIPEMD-128,RIPEMD-256和RIPEMD-320。
算法流程
RIPEMD算法采用64位输入,分5步执行,最终输出128位哈希值。具体步骤如下:
- (1)初始化:将输入消息分为512字节,并进行初始化处理。
- (2)循环处理:对512字节的数据进行12轮的循环处理,每轮包括4个步骤:
- a. 数据填充:将512字节的数据扩展为64字节,填充至80字节。
- b. 子哈希计算:将填充后的数据分为16个部分,每个部分计算出一个32位子哈希值。
- c. 异或操作:将16个32位子哈希值进行异或操作,得到一个64位的中间哈希值。
- d. 循环左移:将中间哈希值循环左移一定的位数,作为下一轮的输入。
- (3)最终处理:循环处理结束后,将最后得到的64位哈希值与初始哈希值进行异或操作,得到最终的128位哈希值。
代码样例
CryptoJS
return CryptoJS.RIPEMD160('a12345678');
评论区