SHA1哈希澄清

2024-10-04 03:17:41 发布

您现在位置:Python中文网/ 问答频道 /正文
9038 3

我有以下python代码:

from hashlib import sha1
secretString=b"this is the secret string"
publicData=b"x10291434"
hash=sha1(publicData+secretString).hexdigest()

现在如果我把publicDatahash发给公众消费。这个安全吗?我想检查一下,当用户提供publicData时,它是否与我最初发送的hash匹配。在

我只是想检查一下我做的是否正确


Tags: the代码fromimportsecretstringishash
2条回答
网友
1楼 · 编辑于 2024-10-04 03:17:41

嗯,SHA-1不被认为是安全的哈希算法,所以不,它不安全。在

SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[4] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[5][6][7] Microsoft,[8] Google,[9] Apple[10] and Mozilla[11][12][13] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

来源:https://en.wikipedia.org/wiki/SHA-1

更多阅读:https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

网友
2楼 · 编辑于 2024-10-04 03:17:41

看起来你想做HMAC

您应该尝试使用类似itsdangerous

>>> from itsdangerous import Signer
>>> s = Signer('secret-key')
>>> s.sign('my string')
'my string.wh6tMHxLgJqB6oY1uT73iMlyrOA'
>>> s.unsign('my string.wh6tMHxLgJqB6oY1uT73iMlyrOA')
'my string'

相关问题 更多 >

    编程相关推荐