未分类

MD5是什么,如何查看文件的MD5

MD5是什么?

MD5 Message-Digest Algorithm

    这是一种被广泛使用的密码散列函数,可以产生出一个128位(16字节)的散列值(hash value),用于确保信息传输完整一致。MD5由美国密码学家罗纳德·李维斯特(Ronald Linn Rivest)设计,于1992年公开,用以取代MD4算法。(这里摘自百度百科对MD5词条的解释)

MD5的特性:

  1. 压缩性:任意长度的数据,算出的MD5值长度都是固定的。
  2. 容易计算:从原数据计算出MD5值很容易。
  3. 抗修改性:对原数据进行任何改动,哪怕只修改1个字节,所得到的MD5值都有很大区别。
  4. 弱抗碰撞:已知原数据和其MD5值,想找到一个具有相同MD5值的数据(即伪造数据)是非常困难的。
  5. 强抗碰撞:想找到两个不同的数据,使它们具有相同的MD5值,是非常困难的。

MD5应用于哪些方面?

综合他的特性,尤其是最后一条,强抗碰撞。可以接近的理解为:这是不可逆的。但是还是存在应用场景的方面,比如此刻的时间,是2018年10月18日,16点47分42秒,这个可以转化为时间戳(timestrap),时间戳的概念以后再讲。其实说起来也容易,就是1970年1月1日的0点0分0秒的时间戳是1,随后每一秒加1。这个1970年1月1日的0点0分0秒也就是北京时间的1970年1月1日的8点0分0秒。这个时间戳是可以很容易转化为md5的,而且很容易把MD5转为时间戳的。因为是全数字,而且位数比较短。

比如我们去任何一个网站上注册一个账号,比如当下比较流行的论坛吧,一般用的是discuz系统,基于php运行,使用的大部分是mysql数据库,也有postgresql。这个mysql的数据库,对于字符串的加密有几种,其中就有一种是MD5加密。如果一个网站被渗透攻击,拿到了数据库的管理权限。那么攻击者可以看的到我们注册后的,经过md5加密过的密码。这个密码在存储的时候是已密文形式的存储,攻击者如果想得到明文,就可以使用一些MD5的破解工具,当然这些工具的作用非常有限。只能破解掉一些简单的密码,比如全数字10位以下,全大小写英文10位以下,全字符8位以下。基本上是这样的。这也就是我们在注册的时候,一般都会看到提示说“密码过于简单,请使用强度高的密码”。这个功能大部分是用的js进行验证,当然java/ruby也可以,在没有提交之前,这个网站一般是不会存储你刚才输入的密码信息的。一旦注册成功,这个刚才输入的密码一般会以MD5加密,传到mysql里面建立数据表,你的信息也存储在了这个网站的数据库中。

上述所说的是最为广泛也是最常用的一种应用场景,就是保存我们的密码。虽然看起来是有漏洞的,其实比于md4,已经在安全方面更有效了。下面说说比较高端的应用场景。

  • 请求参数校验:服务器来言排除系统问题最大的问题就是害怕请求被拦截,拦截修改之后就有很多漏洞的可能性了为了避免被拦截,参数被修改这种文件的常用方法就是对请求参数进行校验,就算拦截了请求参数修改了只要模拟不出MD5加密出来的值,在服务器过滤器直接就会进行拦截。推荐的请求校验方法是在传递参数的时候带上 MD5值 随机数 时间戳 当然这几个都是由客户端生成。MD5=MD5(随机数+时间戳+MD5(KEY+公司名+项目名)) 当然这个规则也是可以定制的,请求参数在服务器拦截器就用客户端传递过来的。随机数,时间戳来做校验,如果不通过就不让继续访问(在这里的随机数 时间戳在后面的请求安全请求唯一性验证中会起到很大的作用。所以建议保留)
  • 文件校验:当然对于一些图片已经一些很小很小的文件来说,可以不用MD5校验。因为基本上都是一次请求就完成了上传,而且显示的时候也不需要验证图片完不整。但是如果是遇到了大文件上传MD5,就起到作用了。当然不是吧一个几个G 的文件,一次性上传使用MD5校验。这边100%会失败。就算传递到服务端了,这个时间是不能被接受的,而且服务器最好是对请求做好限制(以后会开一篇来单独探讨文件上传的问题) 我们对于大文件上传的处理方式是进行分片上传。也就是所谓的断点续传,里面的实现机制 如果有一个5MB的文件 客户端把它分割成5份 1MB的文件 在上传的时候,上传两个MD5值。一个是当前上传的片1MB文件流的MD5 还有一个就是拼接之后的MD5(如果现在上传的是第二片。这个MD5就应该是第一片加上第二片的MD5)通过这样的方式能保证文件的完整性 当如果文件传到一半断了,用户换了台机器传,通过验证文件MD5 值就可以得知用户已经传到了第几片 就可以告诉用户从第几片开始传递,就解决了这个问题。(比如我们用一些游戏第三方盒子类的软件,下载游戏,下载的时候会不时的弹出:文件校验中这样的字样。还有我们使用的百度网盘,下载上传。手机一些软件,断点续传)注:只要文件有一点点的修改,MD5值就会发生改变。
  • 通讯安全
  • 数字签名
  • 金融证券

再简单说一下如何用我们的电脑查看MD5,不使用任何软件

    我的机器是windows10,这个不影响,你就是mac、win vista/xp/7/8/8.1都是可以的。

  1. 首先打开cmd命令窗口,是不是管理员运行都无所谓。快捷的就是win键+R键,打开运行,输入CMD,回车即可。(当然用powershell也是一样的)
  2. 找到你的文件存储路径,比如我想查我桌面上1018文件夹里面一个文件名是1.jpg的文件。QQ截图20181018172449.png
  3. 输入命令 certutil -hashfile 1.jpg MD5(certutil这个命令是用于增删查改证书密码、显示密钥内容、删除密钥对,-hashfile是哈希文件,1.jpg是文件名,文件名=文件名+文件扩展名,MD5就是查MD5,这个也可以是SHA1,SHA256,分别是查SHA1和SHA256的值。)
  4. 就可以了QQ截图20181018172528.png

总结:

    这个由数字和字幕组成的MD5值,是任何一种信息的信息摘要。可以唯一的代表原信息的特征,其实MD5值修改工具,这个东西是没什么用的。

35 thoughts on “MD5是什么,如何查看文件的MD5

  1. Hi there! I understand this is somewhat off-topic but I needed to ask.
    Does managing a well-established blog like yours require a massive amount work?

    I’m completely new to blogging however I do write in my journal every day.

    I’d like to start a blog so I can share my own experience and
    views online. Please let me know if you have any suggestions or tips for new aspiring blog
    owners. Thankyou!

  2. That is very attention-grabbing, You are an excessively skilled blogger.

    I’ve joined your feed and look forward to searching for extra of your excellent post.
    Also, I have shared your site in my social networks

  3. Good day! This is my 1st comment here so I just wanted to give a quick shout
    out and tell you I really enjoy reading your posts.

    Can you suggest any other blogs/websites/forums that deal with
    the same subjects? Thanks!

  4. I do not know if it’s just me or if everybody else encountering issues with
    your site. It appears as though some of the text in your
    content are running off the screen. Can someone else please
    provide feedback and let me know if this is happening to them as well?
    This may be a issue with my internet browser because I’ve had this happen before.
    Many thanks

  5. Admiring the persistence you put into your site and detailed
    information you offer. It’s good to come across a blog every once in a while that isn’t the same old rehashed material.
    Excellent read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  6. Awesome blog you have here but I was wondering if you
    knew of any message boards that cover the
    same topics discussed in this article? I’d really like to be a part of online community where I can get feed-back from other knowledgeable individuals that share the same interest.
    If you have any recommendations, please let
    me know. Many thanks! plenty of fish natalielise

  7. This design is incredible! You obviously know how to keep a reader amused.
    Between your wit and your videos, I was almost moved to start my
    own blog (well, almost…HaHa!) Fantastic job. I really
    enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

  8. I’m extremely impressed with your writing skills as well as with
    the layout on your blog. Is this a paid theme or did you customize it yourself?
    Either way keep up the excellent quality writing, it is rare to see a great blog like this one today.

  9. I’m not sure where you’re getting your information, but good topic.

    I needs to spend some time learning more or understanding more.
    Thanks for excellent info I was looking for this info for
    my mission.

  10. Ahaa, its good dialogue regarding this paragraph here at this
    web site, I have read all that, so at this time me also commenting at this place.

  11. Very good blog! Do you have any tips and hints
    for aspiring writers? I’m planning to start my own site soon but
    I’m a little lost on everything. Would you propose starting with a free
    platform like WordPress or go for a paid option? There are so
    many choices out there that I’m completely confused .. Any suggestions?
    Cheers!

  12. You really make it appear so easy with your presentation however I in finding this topic to be actually one thing which I think I would never understand.
    It seems too complex and extremely vast for me. I am taking a
    look ahead on your subsequent post, I will attempt to
    get the cling of it!

  13. I’m amazed, I must say. Rarely do I encounter a blog that’s both
    educative and entertaining, and without a doubt,
    you have hit the nail on the head. The problem is something which not enough people are speaking intelligently about.

    I am very happy I stumbled across this in my hunt for something relating to this.

  14. I really like your blog.. very nice colors & theme.

    Did you make this website yourself or did you hire someone to do it for you?
    Plz respond as I’m looking to construct my own blog and would like to find out
    where u got this from. thanks

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
11 + 12 =


返回顶部