Article Directory
1 python hashlib library
Python's hashlib provides common digest algorithms, such as MD5, SHA1, etc. Digest algorithm is also called hash algorithm, hash algorithm. It uses a function to convert data of any length into a fixed-length data string.
Digest function is a one-way function, the digest function f()calculation f(data)is easy, but the results of reverse thrust by datavery difficult. Moreover, making a bit modification to the original data will cause the calculated summary to be completely different.
1.1 md5
MD5 is the most common digest algorithm. It is very fast. The result is a fixed 128-bit byte, usually represented by a 32-bit hexadecimal string.
# coding=utf8
import hashlib
x = hashlib.md5()
x.update('I_love_python'.encode('utf-8'))
print("x1 = ", x.hexdigest())
# 如果数据量很大,可以分块多次调用 update(),最后计算的结果是一样的
x = hashlib.md5()
x.update('I_love_'.encode('utf-8'))
x.update('python'.encode('utf-8'))
print("x2 = ", x.hexdigest())
operation result:
x1 = e5030aa9394f5f2da0f0bdf9ea55f532
x2 = e5030aa9394f5f2da0f0bdf9ea55f532
1.2 sha1
Calling SHA1 is completely similar to calling MD5. The result of SHA1 is 160 bit bytes, usually represented by a 40-bit hexadecimal string.
import hashlib
md5 = hashlib.sha1()
md5.update('I_love_'.encode('utf-8'))
md5.update('python'.encode('utf-8'))
print(md5.hexdigest())
1.3 sha256
import hashlib
x = hashlib.sha256()
x.update(b"I_love_python")
print("x_1 = " + x.hexdigest())
x = hashlib.sha256()
x.update("I_love_python".encode())
print("x_2 = " + x.hexdigest())
x = hashlib.sha256()
x.update(b"I_")
x.update(b"love_")
x.update(b"python")
print("x_3 = " + x.hexdigest())
y = hashlib.sha256(b"I_love_python").hexdigest()
print("y_1 = " + y)
z = hashlib.new("sha256")
z.update(b"I_love_python")
print("z_1 = " + z.hexdigest())
operation result:
x_1 = b770909b3279c6a2dd2c8a9e6376c56e1d0610a26d561f16f25119d0cf9c63f8
x_2 = b770909b3279c6a2dd2c8a9e6376c56e1d0610a26d561f16f25119d0cf9c63f8
x_3 = b770909b3279c6a2dd2c8a9e6376c56e1d0610a26d561f16f25119d0cf9c63f8
y_1 = b770909b3279c6a2dd2c8a9e6376c56e1d0610a26d561f16f25119d0cf9c63f8
z_1 = b770909b3279c6a2dd2c8a9e6376c56e1d0610a26d561f16f25119d0cf9c63f8
1.4 sha512
The sha512 algorithm is the same as the MD5, sha1, and sha256 algorithms mentioned above, and they are all the same interface
import hashlib
sha512 = hashlib.sha512()
sha512.update("I_love_python".encode('utf-8'))
res = sha512.hexdigest()
print("res = %s" % res)
operation result:
res = f5d86ab81d53f7a0e4f673fc942522ae22e032234c1c7d6dd57bd534c3efe1db2b06853a7e58ac02bcfe5c901c765511cf2e0492a4d435dbf679403e66859295
The SHA256 algorithm is more secure than the SHA1 algorithm, and the SHA512 algorithm is more secure than the SHA1 algorithm. The more secure the algorithm, the slower the calculation speed and the longer the digest
1.5 pbkdf2_hmac
hashlib.pbkdf2_hmac add salt:
import hashlib
import binascii
import os
x = hashlib.pbkdf2_hmac("sha256", b"I_love_python", b"", 1)
print("x_1 = " + binascii.hexlify(x).decode())
x = hashlib.pbkdf2_hmac("sha256", b"I_love_python", b"", 1) # 相同盐值
print("x_2 = " + binascii.hexlify(x).decode())
x = hashlib.pbkdf2_hmac("sha256", b"I_love_python", b"", 10) # 相同盐值,不同迭代次数
print("x_3 = " + binascii.hexlify(x).decode())
x = hashlib.pbkdf2_hmac("sha256", b"I_love_python", b"dsa", 1) # 不同盐值,相同迭代次数
print("x_4 = " + binascii.hexlify(x).decode())
y = hashlib.pbkdf2_hmac("sha256", b"I_love_python", os.urandom(16), 1) # 随机生成盐值
print("y_1 = " + binascii.hexlify(y).decode())
operation result:
x_1 = 6cb68803fd852f149dd40a0ed8e4677a92c690361aee907c4c844dc02e2add55
x_2 = 6cb68803fd852f149dd40a0ed8e4677a92c690361aee907c4c844dc02e2add55
x_3 = 18e22cfd109c318a2194826ed6cd9ababc2d567550fc1a5c2d0df6b0b94c4864
x_4 = 340a813fea20130a8895f0727d3a946091e6bdc80f70273c4782b8d390cf2900
y_1 = 9c7e8627b5f5d8a3d6de200578a1fd7033d49eb5e059ee1a110fac3b04f81767
The first parameter of hashlib.pbkdf2_hmac is the hash function, here is sha256, all the hash functions mentioned above can be used, such as changing the first parameter to "sha512"
2 PBKDF2 function principle
2.1 Introduction to PBKDF2
PBKDF2 (Password-Based Key Derivation Function) is a function used to derive keys and is often used to generate encrypted passwords.
Its basic principle is to pass a pseudo-random function (such as the HMAC function), take plaintext and a salt value as input parameters, and then repeat the operation, and finally generate a key.
If the number of repetitions is large enough, the cost of cracking will become very high. The addition of salt will also increase the difficulty of the "rainbow table" attack.
2.2 Definition of PBKDF2 function
DK = PBKDF2(PRF, Password, Salt, c, dkLen)
- PRF is a pseudo-random function, such as the HASH_HMAC function, which will output a result of length hLen.
- Password is the original password used to generate the key.
- Salt is a salt value for encryption.
- c is the number of repeated calculations.
- dkLen is the length of the desired key.
- DK is the last key generated.
2.3 PBKDF2 algorithm flow
The value of DK is formed by concatenating more than one block. The number of blocks is the value of dkLen/hLen. That is to say, if the output result of PRF is shorter than the expected key length, multiple results must be spliced to meet the key length:
DK = T1 || T2 || ... || Tdklen/hlen
And each block is obtained through function F:
Ti = F(Password, Salt, c, i)
In function F, PRF will perform c operations, and then XOR the result to get the final value.
F(Password, Salt, c, i) = U1 ^ U2 ^ ... ^ Uc
For the first time, PRF will use Password as the key, and Salt concatenated with a 32-bit integer encoded in big-endian order as the salt value for operation.
U1 = PRF(Password, Salt || INT_32_BE(i))
The subsequent c-1 times will use the result obtained last time as the salt value.
U2 = PRF(Password, U1)
...
Uc = PRF(Password, Uc-1)
The approximate flow chart of function F is as follows:
Reference:
https://segmentfault.com/a/1190000004261009
https://www.liaoxuefeng.com/wiki/1016959663602400/1017686752491744
https://blog.csdn.net/qq_42486920/article/details/80836749