SHA-256

原创

vanguard

修改于 2020-12-11 14:26:15

1.5K0

修改于 2020-12-11 14:26:15

文章被收录于专栏：vanguardvanguard

SHA/Secure Hash Algorithm/安全散列算法

是一个密码散列函数家族，xxx认证的安全散列算法。能计算出一个数字消息所对应到的，长度固定的字符串（又称消息摘要）的算法。且若输入的消息不同，它们对应到不同字符串的机率很高。

case = u"readmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadmereadme"
import hashlib
x = hashlib.sha256()
x.update(case.encode())
print("SHA-256:" + x.hexdigest())
# SHA-256:740916e8f017fec0a2ef522f69c8f247494aa8b28375e778cbc572f4fc638159

# salted
import binascii
x = hashlib.pbkdf2_hmac("sha256", case.encode(), b"", 1) 
print("SALTED SHA-256:" + binascii.hexlify(x).decode())
# SALTED SHA-256:b8bf9af6a1b05bd06bcbfbe1fbafe858aa97c0f91d40bd44a5192c3efc9c25fa

《SHA256算法原理详解》一文中作者的介绍把SHA-256分为了常量的初始化、信息预处理、逻辑运算三部分。其中常量初始化用了8个哈希初值(自然数中前8个质数2,3,5,7,11,13,17,19的平方根的小数部分取前32bit而来)和64个常量同平方根小数；预处理就是在想要Hash的消息后面补充需要的信息，使整个消息满足指定的结构，这里包括附加填充比特和附加长度；逻辑运算散列函数中涉及的操作全部是逻辑的位运算。

Ch(x,y,z)=(x∧y)⊕(¬x∧z)

Ma(x,y,z)=(x∧y)⊕(x∧z)⊕(y∧z)

Σ 0 (x)=S 2 (x)⊕S 13 (x)⊕S 22 (x)

σ 0 (x)=S 7 (x)⊕S 18 (x)⊕R 3 (x)

σ 1 (x)=S 17 (x)⊕S 19 (x)⊕R 10 (x)

∧ 按位“与”¬按位“补”⊕ 按位“异或”S n 循环右移n个bitR n 右移n个bit

运行期计算时候：1. 将消息分解成512-bit大小的块; 2. 进行64次循环。

Note: All variables are unsigned 32 bits and wrap modulo 232 when calculating

Initialize variables
(first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
h0 := 0x6a09e667
h1 := 0xbb67ae85
h2 := 0x3c6ef372
h3 := 0xa54ff53a
h4 := 0x510e527f
h5 := 0x9b05688c
h6 := 0x1f83d9ab
h7 := 0x5be0cd19

Initialize table of round constants
(first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311):
k[0..63] :=
   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Pre-processing:
append the bit '1' to the message
append k bits '0', where k is the minimum number >= 0 such that the resulting message
    length (in bits) is congruent to 448(mod 512)
append length of message (before pre-processing), in bits, as 64-bit big-endian integer

Process the message in successive 512-bit chunks:
break message into 512-bit chunks
for each chunk
    break chunk into sixteen 32-bit big-endian words w[0..15]

    Extend the sixteen 32-bit words into sixty-four 32-bit words:
    for i from 16 to 63
        s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor(w[i-15] rightshift 3)
        s1 := (w[i-2] rightrotate 17) xor (w[i-2] rightrotate 19) xor(w[i-2] rightshift 10)
        w[i] := w[i-16] + s0 + w[i-7] + s1

    Initialize hash value for this chunk:
    a := h0
    b := h1
    c := h2
    d := h3
    e := h4
    f := h5
    g := h6
    h := h7

    Main loop:
    for i from 0 to 63
        s0 := (a rightrotate 2) xor (a rightrotate 13) xor(a rightrotate 22)
        maj := (a and b) xor (a and c) xor(b and c)
        t2 := s0 + maj
        s1 := (e rightrotate 6) xor (e rightrotate 11) xor(e rightrotate 25)
        ch := (e and f) xor ((not e) and g)
        t1 := h + s1 + ch + k[i] + w[i]
        h := g
        g := f
        f := e
        e := d + t1
        d := c
        c := b
        b := a
        a := t1 + t2

    Add this chunk's hash to result so far:
    h0 := h0 + a
    h1 := h1 + b
    h2 := h2 + c
    h3 := h3 + d
    h4 := h4 + e
    h5 := h5 + f
    h6 := h6 + g
    h7 := h7 + h

Produce the final hash value (big-endian):
digest = hash = h0 append h1 append h2 append h3 append h4 append h5 append h6 append h7

单向的缩略信息可以用来校验不需要暴露原文，PKI Public Key Infrastructure, 这里主要是对这种公钥/非对称加密证书即CA Certificate Authority的管理...能开门就行什么抵赖不抵赖的碰撞不碰撞的...总是拿银行做对比，比如连Wi-Fi的 WPA2-PSK (PSK(SHA256))...问题在于，SHA256开头到的质数的情况就是个这么情况，科学技术的发展就是这么不讲武德...

质因数分解与量子计算机

1099551473989等于？量子计算机分解的最大质因数有新纪录了！

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

云计算