Hash decoding: izindlela ezilula

Nakuba abasebenzisi bekhompyutha banamuhla bahamba phambili kakhulu kunabasebenzisi bokuqala bezinhlelo zakudala, akubona wonke umuntu owaziyo ukuthi i- hash, i-hash-tag, i-hash-sum yilezi nokuthi yikuphi ukucaciswa kwehora okudingekayo (ku-intanethi kufaka phakathi). Njengoba kuvela, konke kulula kakhulu kunokuba kungabonakala ekuqaleni.

Kuyini ukubethela kwe-hash?

Uma siqhubeka ngencazelo esemthethweni, i-hash iyunithi yezintambo ezinobude obude, okuhambisana nedatha ethile (kufaka phakathi imfihlo) kwifom ebethelwe.

Le nqubo isetshenziselwa kakhulu ukungena kanye namaphasiwedi ngokusebenzisa ama-algorithms e-MD5, NTLM, SHA-160 kanye neziqephu ezisekelwe kuwo. Okuvamile kakhulu i-algorithm ye-MD5. I-imeyli yedatha yayo, ikakhulukazi amaphasiwedi amade aqukethe izinhlamvu nezinombolo kuphela, kodwa futhi nezinhlamvu ezikhethekile, ukucacisa ngendlela ejwayelekile yokukhetha - kuyinto engathembekile (nakuba ezinye izinhlelo kanye nezinsizakalo ze-intanethi zingakwazi ukumisa amaphasiwedi amfisha).

Kungani kufanele uqede i-hashi

Abasebenzisi abaningi bangazibuza ngokwemvelo ukuthi konke lokhu kudingekile. Noma kunjalo, iphutha lale ndlela ukuthi abaqondi ukuthi bangakhohlwa iphasiwedi oyifunayo ngensizakalo ethile, isevisi noma uhlelo ngemuva kokubethela, ukuze kungabikho muntu ongakwazi ukuyiqaphela, ngendlela ehlanzekile.

Ngezinye izikhathi akunakwenzeka ukubuyisela iphasiwedi noma ukungena ngemvume. Futhi uma ubheka izinto eziyisisekelo ze-cryptography, nakhu kuyadingeka nje ukuchithwa i-hah. Eqinisweni, le nqubo ukudala kabusha kwenhlanganisela yangempela yedatha eguquliwe.

Le nqubo ingcono kakhulu. Isibonelo, egameni elithi "umuntu", inhlanganisela encrypted usebenzisa i-algorithm ye-MD5 ibukeka njenge-e3447a12d59b25c5f850f885c1ed39df. Futhi lezi ziyizinhlamvu eziyisikhombisa kuphela ezwini lokuqala. Yini engingayisho ngamaphasiwedi asele aqukethe izinombolo noma izinhlamvu ezikhethekile, ngisho nalabo abanobugebengu? Noma kunjalo, ezinye izinhlelo zokusebenza nezinsizakalo ze-intanethi eziqukethe ulwazi olubanzi lwezinhlanganisela ezingenzeka kunakho konke. Akusikhathi njalo, kodwa, yimpumelelo (konke kuxhomeke ekuhlanganisweni kokuqala), kodwa ezimweni eziningi ngeke bahluleke ukwenza okuthile, nakuba basebenzisa indlela ye-bruteforce.

Uhlelo lokukhishwa kwe-hash yephasiwedi

Enye yezinhlelo ezinamandla kunayo yonke i-Hash Killer yesicelo se-intanethi ("i-Killer hash") esivela kubalimi baseBrithani. I-database yakhe inezigidi ezingaba ngu-43.7 million ezihlanganisiwe ezaziwayo.

Impendulo kuphela ukuthi amaphasiwedi aqukethe izinhlamvu ze-Cyrillic aboniswa ngokungalungile ekukhoneni okuzenzakalelayo. Kodwa, kukholelwa ukuthi ukuchithwa kwe-hashi ku-alfabhethi yesiLatini kwenziwa ngokushesha. Ngokwezibalo, isikhathi esilinganiselwe sokuchithwa kwamaphasiwedi amathathu alula amahlanu ayingxenye yesibili.

Ngaphezu kwalokho, kumthombo osemthethweni wabathuthukisi bahlale bephethe zonke izinhlobo zemincintiswano ngokubandakanyeka kwabo bonke abadlali. Futhi, futhi, njengoba kuvela, ngezinye izikhathi bayakwazi ukunikeza izixazululo ezingavumelani neze.

Akukho okuthakazelisayo okuncane ukukhishwa kwe-hashi usebenzisa i-utility John The Ripper. Isebenza ngokusheshisa kakhulu, kodwa ukushiya okuyinhloko ukuthi yonke imisebenzi yohlelo ingasetshenziswa kuphela emgqeni womyalo, okuyinto abasebenzisi abaningi abesabekayo.

Izinsizakalo zokukhishwa kwe-inthanethi

Ngokusemthethweni, ukuze ungafaki isofthiwe, ungasebenzisa nezinsizakalo ze-intanethi ukuchithwa kwe-NT-ishes of amaphasiwedi noma idatha yanoma yiluphi uhlobo.

Izinsiza ezinjalo ze-inthanethi azihlali zikhululekile ngaso sonke isikhathi. Ngaphezu kwalokho, eziningi zazo aziqukethe ulwazi olubanzi olunjalo njengoba singathanda. Kodwa ukulungiswa kwe-MD5 noma ukubethela nge-MySQL, ikakhulukazi, babuyisela kabusha okuyisisekelo. Ngokuyinhloko, lokhu kuhilela inhlanganisela elula equkethe izinombolo.

Kodwa akufanele uzibeke phansi, ngoba izinsizakalo ezinjalo aziqapheli ngaso sonke isikhathi inqubo yokumemezela ngokuzenzekelayo. Okusho ukuthi, uma ukubethelwa kwenziwa ngokusebenzisa i-base64 encode algorithm, umsebenzisi kufanele abeke ipharamitha efanele ye-decode. Ngaphezu kwalokho, ungakhohlwa ukuthi kungenzeka kube khona amacala okungaziwa ngekhodi, uma ukuchithwa kwe-hash ku-intanethi kungeke kwenzeke nhlobo.

Esikhundleni segama elilandelayo

Iyiphi ikhambi elihle kunzima ukusho. Abanye abasebenzisi baneluleka ukufaka uhlelo lokusebenza "i-Stirlitz", okuyinhloko eyenzelwe ukuchithwa kwamaphasiwedi ahlanganisa izimpawu ze-Cyrillic ngokusekelwe ku-binhex, i-base64, i-BtoA, i-xxencode, i-uuencode, njll Kodwa kulokhu, isiqiniseko esiphelele sokuphumelela asikwazi ukunikezwa.

Okokugcina, ngaphambi kokumisa ikhodi, okokuqala, kufanele uqaphele inhlanganisela ngokwayo. Uma kubonakala ngesimo sezinhlamvu ezingasetshenziswanga, kungenzeka ukuthi ukukhishwa kwesidingo akudingeki (udinga nje ukushintsha ikhodididi). Uma kungenjalo, uma izenzo ezinjalo zidinga ngempela, kungcono ukusebenzisa usizo lwezinsizakalo ezikhethekile ezichazwe ngenhla, futhi ungasebenzisi izinsiza ze-intanethi lapho ukukhishwa kwe-hash kunikelwa khona ku-intanethi.