以Erlang格式获取SHA-512散列字符串

7ivaypg9  于 2022-12-08  发布在  Erlang
关注(0)|答案(2)|浏览(163)

要求是为Erlang中的给定密码获取基于SHA-512的散列字符串。但是API crypto:hash()返回一些二进制数据。在此API中是否还有提供salt值的选项?

32> crypto:hash(sha512,"password").                                 
<<215,224,160,147,228,234,208,93,217,94,133,49,214,115,67,
  187,112,144,78,139,206,144,117,67,50,80,2,113,78,...>>
sirbozc5

sirbozc51#

如果您需要打印出调用函数crypto:hash(sha512,"password").的结果以提高可读性,您可以尝试转换结果,例如:

1> Secret = crypto:hash(sha512, "password").
<<177,9,243,187,188,36,78,184,36,65,145,126,208,109,97,
  139,144,8,221,9,179,190,253,27,94,7,57,76,112,...>>
2> <<SHA512:512/big-unsigned-integer>> = Secret. 
<<177,9,243,187,188,36,78,184,36,65,145,126,208,109,97,
  139,144,8,221,9,179,190,253,27,94,7,57,76,112,...>>
3> io_lib:format("~128.16.0b", [SHA512]).
"b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86"

关于salt-看起来你需要在你的终端实现这个逻辑。例如:salt将被添加到将要加密的字符串的开头或结尾,客户端将把它发送到服务器,在服务器端,您将尝试检查它,但对于这种情况,您需要提前知道salt。

mu0hgdu0

mu0hgdu02#

Unlikely, as a salt is not an input parameter of a secure hash. A secure hash such as SHA-512 only has one input: a binary message (and similarly, as output a statically sized binary value).
SHA-512 can however be used as primitive to create other algorithms. For instance, you can build a key derivation function out of it. If that KDF is used for passwords, then we talk about a password based KDF or - more commonly - a password hash. Now a password hash does include a salt as input parameter.
One such PBKDF is PBKDF2 which uses HMAC, which in turn can use SHA-512 (or any hash algorithm, defaulting to SHA-1). It is defined in the password based encryption (PBE) standard called PKCS#5 .
Finally, there are password hash documents that define how an the algorithm type, salt, work factor / iterations and password hash may be contained into a single string for easy verification . Those are generally just defined by somebody when the need arises; they are not really standardized as such.

相关问题