Encrypting NSString with SHA1 hash_问答_开发者

开发者 https://www.devze.com 2023-04-07 13:27 出处：网络

Someone asked me if I can help them out with a small project. Everything was working out perfect until I ran into an SHA-1 encryption. I have been working on it for several days but cannot figure out

Someone asked me if I can help them out with a small project. Everything was working out perfect until I ran into an SHA-1 encryption. I have been working on it for several days but cannot figure out a way how to tackle this problem.

The goal is to encrypt an NSString, sending it to a remote PHP script and receiving an answer back from the server. I managed the sending and receiving part but cant figure out the 'hard part'

The string needs to be encoded on the client side and needs to be checked on the receiving side, so it needs to be decoded there (not my problem). Is the开发者_如何学Pythonre a possibility on achieving this, so can a SHA-1 hash be decoded provided the receiving side knows its de-/en-cryption algorithm?

SHA creates a non-reversible signature of the data it processes, it is not encryption per-se, it is hashing (Secure Hash Algorithm).

It can be used as part of an authentication protocol. If both sides have a shared value and want to endure they both have the same value but don't want to send the value (it could be seen by an advisory) a hash can be used. The initiator hashes (SHA-1) the shared value, send the hash to the other side. The receiver hashes their copy of the shared value and compares the hashes.

There are many ways this an be accomplished such as only sharing the hash value, @Greg mentions this method. More importantly, @Greg mentions that one should not re-invent security methods. I will add that if security is important get a proven security professional's help. When I develop a secure product I always have it reviewed.

If the receiver knows what the string should be (like a password), then you can SHA1 hash the password on the sender, send it to the receiver, which can check it against the locally-computed SHA1 hash of the known password.

However, this approach also has problems and you probably shouldn't be inventing cryptographic protocols yourself. Or, if you're passing some bit of information that the server doesn't already know, then you'll need a completely different approach.