gpt4 book ai didi

amazon-web-services - 使用 sha1 进行 AWS S3 签名真的安全吗?

转载 作者:行者123 更新时间:2023-12-02 02:48:48 29 4
gpt4 key购买 nike

The Signature element is the RFC 2104 HMAC-SHA1 of selected elements from the request.

https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader

但是维基百科说 sha1 不再安全:

As of 2020, chosen-prefix attacks against SHA-1 are now practical[8] as such, it is recommended to remove SHA-1 from products as soon as possible and use instead SHA-256 or SHA-3. Replacing SHA-1 is urgent where it is used for signatures.

https://en.wikipedia.org/wiki/SHA-1

还有一个基准测试,一个人以 68771.0 MH/s 的速度暴力破解 sha1! https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

最佳答案

SHA-1 和 HMAC-SHA1 不是同一件事,在某些用例中,HMAC-SHA1 仍然被认为是安全的。看看这个问题:https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure

关于amazon-web-services - 使用 sha1 进行 AWS S3 签名真的安全吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62402155/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com