要求是为Erlang中的给定密码获取基于SHA-512的散列字符串。但是API crypto:hash()
返回一些二进制数据。在此API中是否还有提供salt值的选项?
32> crypto:hash(sha512,"password").
<<215,224,160,147,228,234,208,93,217,94,133,49,214,115,67,
187,112,144,78,139,206,144,117,67,50,80,2,113,78,...>>
2条答案
按热度按时间sirbozc51#
如果您需要打印出调用函数
crypto:hash(sha512,"password").
的结果以提高可读性,您可以尝试转换结果,例如:关于
salt
-看起来你需要在你的终端实现这个逻辑。例如:salt将被添加到将要加密的字符串的开头或结尾,客户端将把它发送到服务器,在服务器端,您将尝试检查它,但对于这种情况,您需要提前知道salt。mu0hgdu02#
Unlikely, as a salt is not an input parameter of a secure hash. A secure hash such as SHA-512 only has one input: a binary message (and similarly, as output a statically sized binary value).
SHA-512 can however be used as primitive to create other algorithms. For instance, you can build a key derivation function out of it. If that KDF is used for passwords, then we talk about a password based KDF or - more commonly - a password hash. Now a password hash does include a salt as input parameter.
One such PBKDF is PBKDF2 which uses HMAC, which in turn can use SHA-512 (or any hash algorithm, defaulting to SHA-1). It is defined in the password based encryption (PBE) standard called PKCS#5 .
Finally, there are password hash documents that define how an the algorithm type, salt, work factor / iterations and password hash may be contained into a single string for easy verification . Those are generally just defined by somebody when the need arises; they are not really standardized as such.