MessageDigest.getInstance("SHA") seems to work and gives me a MessageDigest, but I can't tell what algorithm it's giving me.
MessageDigest.getInstance(“SHA”)似乎工作并给我一个MessageDigest,但我不知道它给了我什么算法。
Is it SHA-1 or SHA-0 or ..?
是SHA-1还是SHA-0或..?
I'm not interested in what happens on my machine. I want to know whether it will return sha0 or sha1 for all valid implementations of Java (or it's undefined).
我对我的机器上发生的事情不感兴趣。我想知道它是否会为所有有效的Java实现返回sha0或sha1(或者它是未定义的)。
2 个解决方案
#1
24
The JCE Specification lists standard names that an implementation is expected to support. "SHA-1" is specified, as are SHA-256, SHA-384, and SHA-512. "SHA", "SHA-0" and SHA-2" are not standard names and therefore may not be supported at all. You cannot guarantee what "SHA" will return, if anything at all, because it is not in the standard.
JCE规范列出了预期实现支持的标准名称。指定了“SHA-1”,SHA-256,SHA-384和SHA-512也是如此。 “SHA”,“SHA-0”和SHA-2“不是标准名称,因此可能根本不受支持。您无法保证”SHA“将返回什么,如果有的话,因为它不在标准中。
#2
17
SHA-0 is obsolete. For use with the Java JCE MessageDigest, SHA == SHA-1 for some JCE providers. By the way, SHA-1 is not considered to be secure with today's computers and technology. SHA-512 is still secure for pretty much anything. SHA-256 is ok for most things, still.
SHA-0已经过时了。与Java JCE MessageDigest一起使用时,SHA == SHA-1用于某些JCE提供程序。顺便说一句,使用今天的计算机和技术,SHA-1不被认为是安全的。 SHA-512对于任何东西都是安全的。对于大多数事情,SHA-256仍然可以。
You can list the protocols available in the Java version you are using with this code. (I got it here ):
您可以使用此代码列出正在使用的Java版本中可用的协议。 (我明白了):
import java.security.Provider;
import java.security.Security;
public class JceLook {
public static void main(String[] args) {
System.out.println("Algorithms Supported in this JCE.");
System.out.println("====================");
// heading
System.out.println("Provider: type.algorithm -> className" + "\n aliases:" + "\n attributes:\n");
// discover providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println("<><><>" + provider + "<><><>\n");
// discover services of each provider
for (Provider.Service service : provider.getServices()) {
System.out.println(service);
}
System.out.println();
}
}
}
It will show information like this for all the various algorithms available. (Note that this is actual output from the program above for some update level of Oracle/Sun Java 6 and it shows that SHA is equivalent to SHA-1 and SHA1. You can pass any of the three strings to MessageDigest and get the same result. But this depends on the Cryptography Provider (the JCE) and might not be the same.)
它将为所有可用的算法显示这样的信息。 (请注意,这是上面程序的实际输出,用于Oracle / Sun Java 6的某些更新级别,它显示SHA等同于SHA-1和SHA1。您可以将三个字符串中的任何一个传递给MessageDigest并获得相同的结果但这取决于加密提供程序(JCE),可能不一样。)
SUN: MessageDigest.SHA -> sun.security.provider.SHA
aliases: [SHA-1, SHA1]
attributes: {ImplementedIn=Software}
If you load additional providers (e.g. BouncyCastle) it will show those too.
如果您加载其他提供程序(例如BouncyCastle),它也会显示这些提供程序。
#1
24
The JCE Specification lists standard names that an implementation is expected to support. "SHA-1" is specified, as are SHA-256, SHA-384, and SHA-512. "SHA", "SHA-0" and SHA-2" are not standard names and therefore may not be supported at all. You cannot guarantee what "SHA" will return, if anything at all, because it is not in the standard.
JCE规范列出了预期实现支持的标准名称。指定了“SHA-1”,SHA-256,SHA-384和SHA-512也是如此。 “SHA”,“SHA-0”和SHA-2“不是标准名称,因此可能根本不受支持。您无法保证”SHA“将返回什么,如果有的话,因为它不在标准中。
#2
17
SHA-0 is obsolete. For use with the Java JCE MessageDigest, SHA == SHA-1 for some JCE providers. By the way, SHA-1 is not considered to be secure with today's computers and technology. SHA-512 is still secure for pretty much anything. SHA-256 is ok for most things, still.
SHA-0已经过时了。与Java JCE MessageDigest一起使用时,SHA == SHA-1用于某些JCE提供程序。顺便说一句,使用今天的计算机和技术,SHA-1不被认为是安全的。 SHA-512对于任何东西都是安全的。对于大多数事情,SHA-256仍然可以。
You can list the protocols available in the Java version you are using with this code. (I got it here ):
您可以使用此代码列出正在使用的Java版本中可用的协议。 (我明白了):
import java.security.Provider;
import java.security.Security;
public class JceLook {
public static void main(String[] args) {
System.out.println("Algorithms Supported in this JCE.");
System.out.println("====================");
// heading
System.out.println("Provider: type.algorithm -> className" + "\n aliases:" + "\n attributes:\n");
// discover providers
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.out.println("<><><>" + provider + "<><><>\n");
// discover services of each provider
for (Provider.Service service : provider.getServices()) {
System.out.println(service);
}
System.out.println();
}
}
}
It will show information like this for all the various algorithms available. (Note that this is actual output from the program above for some update level of Oracle/Sun Java 6 and it shows that SHA is equivalent to SHA-1 and SHA1. You can pass any of the three strings to MessageDigest and get the same result. But this depends on the Cryptography Provider (the JCE) and might not be the same.)
它将为所有可用的算法显示这样的信息。 (请注意,这是上面程序的实际输出,用于Oracle / Sun Java 6的某些更新级别,它显示SHA等同于SHA-1和SHA1。您可以将三个字符串中的任何一个传递给MessageDigest并获得相同的结果但这取决于加密提供程序(JCE),可能不一样。)
SUN: MessageDigest.SHA -> sun.security.provider.SHA
aliases: [SHA-1, SHA1]
attributes: {ImplementedIn=Software}
If you load additional providers (e.g. BouncyCastle) it will show those too.
如果您加载其他提供程序(例如BouncyCastle),它也会显示这些提供程序。