I would like to sign a device, and I have 64 bits to store my signature in the device. This device has a MAC address and some other details (about 30 bytes worth) I can mangle to create my signature.
我想签署一个设备,我有64位将我的签名存储在设备中。这个设备有一个MAC地址和一些其他细节(大约30个字节)我可以破坏创建我的签名。
If possible, I would like the method to be one-way, so that I can verify that the signature is valid without knowing how to create a valid signature. Most public-private keys have this feature but they generate signatures that are 48 bytes long (I only have 8 bytes).
如果可能的话,我希望该方法是单向的,这样我就可以在不知道如何创建有效签名的情况下验证签名是否有效。大多数公钥 - 私钥具有此功能,但它们生成48字节长的签名(我只有8个字节)。
Implementation in Python is a plus.
在Python中实现是一个优点。
Thanks
EDIT: Thanks for the advice everyone. It sounds like there is no secure way to do this, only a way that is moderately inconvenient to attackers. I'll probably use a cryptographic hash combined with secret bit-shuffling. This will be as secure as any other link in my (very weak) 'security'.
编辑:感谢大家的建议。听起来没有安全的方法来做到这一点,只是一种对攻击者来说中度不方便的方式。我可能会使用加密哈希与秘密比特混洗相结合。这将与我(非常弱)的“安全”中的任何其他链接一样安全。
3 个解决方案
#1
5
Hash functions and digital signatures are very different things.
散列函数和数字签名是非常不同的东西。
The size of a digital signature depends on the underlying hash function and the key length. So in theory, you can create an RSA implementation that generates 64-bit signatures, but that'd be an extremely weak signature.
数字签名的大小取决于底层哈希函数和密钥长度。因此从理论上讲,您可以创建一个生成64位签名的RSA实现,但这是一个非常弱的签名。
For smaller key lengths, you might want to look at elliptic curve cryptography.
对于较小的密钥长度,您可能需要查看椭圆曲线加密。
EDIT: Yes, I'm a cryptographer.
编辑:是的,我是一名密码学家。
EDIT 2: Yet if you only need a hash function, you can look at elf64 or RIPEMD-64 as Fernando Miguélez suggested.
编辑2:然而,如果你只需要一个哈希函数,你可以看看elf64或RIPEMD-64,正如FernandoMiguélez所建议的那样。
EDIT 3: Doing the math, you'd need to use 16-bit keys in ECC to generate 64-bit signatures, which is very weak. For ECC, anything less than 128 bits can be considered weak. For RSA this is 1024 bits.
编辑3:做数学运算,你需要在ECC中使用16位密钥来生成64位签名,这非常弱。对于ECC,任何小于128位的内容都可以被认为是弱的。对于RSA,这是1024位。
#2
3
Basically what you need is a 64-bit cryptographic hash funcion, such as Ripemd-64 or elf-64. Then you encrypt the hash with a cryptographic method and you got a 64 bit signature. The only problem is, from the point of view of a non-cryptoanalyst, that 64 bit offers a much weaker signature than typical over-128 bit hash. Nonetheless it could still be suitable for your application.
基本上你需要的是64位加密哈希函数,例如Ripemd-64或elf-64。然后,您使用加密方法加密哈希,并获得64位签名。唯一的问题是,从非加密分析师的角度来看,64位提供的签名比典型的128位散列要弱得多。尽管如此,它仍然适合您的应用程序。
#3
0
You could just use a standard hashing function (MD5 SHA1) and only use the first or last 30 bytes.
The number of bytes a hashing function generates is fairly arbitrary - it's obviously a trade off between space and uniqueness. There is nothing special about the lenght of the signature they use.
您可以使用标准散列函数(MD5 SHA1)并仅使用第一个或最后30个字节。散列函数生成的字节数相当随意 - 显然是空间和唯一性之间的折衷。他们使用的签名的长度没有什么特别之处。
Edit - sorry I was thinking that MD5 returned 32bytes- it actaulyl returns 16bytes but is ussually written as 32hex digits.
编辑 - 抱歉我认为MD5返回了32bytes-它actaulyl返回16bytes但是通常写为32hex数字。
#1
5
Hash functions and digital signatures are very different things.
散列函数和数字签名是非常不同的东西。
The size of a digital signature depends on the underlying hash function and the key length. So in theory, you can create an RSA implementation that generates 64-bit signatures, but that'd be an extremely weak signature.
数字签名的大小取决于底层哈希函数和密钥长度。因此从理论上讲,您可以创建一个生成64位签名的RSA实现,但这是一个非常弱的签名。
For smaller key lengths, you might want to look at elliptic curve cryptography.
对于较小的密钥长度,您可能需要查看椭圆曲线加密。
EDIT: Yes, I'm a cryptographer.
编辑:是的,我是一名密码学家。
EDIT 2: Yet if you only need a hash function, you can look at elf64 or RIPEMD-64 as Fernando Miguélez suggested.
编辑2:然而,如果你只需要一个哈希函数,你可以看看elf64或RIPEMD-64,正如FernandoMiguélez所建议的那样。
EDIT 3: Doing the math, you'd need to use 16-bit keys in ECC to generate 64-bit signatures, which is very weak. For ECC, anything less than 128 bits can be considered weak. For RSA this is 1024 bits.
编辑3:做数学运算,你需要在ECC中使用16位密钥来生成64位签名,这非常弱。对于ECC,任何小于128位的内容都可以被认为是弱的。对于RSA,这是1024位。
#2
3
Basically what you need is a 64-bit cryptographic hash funcion, such as Ripemd-64 or elf-64. Then you encrypt the hash with a cryptographic method and you got a 64 bit signature. The only problem is, from the point of view of a non-cryptoanalyst, that 64 bit offers a much weaker signature than typical over-128 bit hash. Nonetheless it could still be suitable for your application.
基本上你需要的是64位加密哈希函数,例如Ripemd-64或elf-64。然后,您使用加密方法加密哈希,并获得64位签名。唯一的问题是,从非加密分析师的角度来看,64位提供的签名比典型的128位散列要弱得多。尽管如此,它仍然适合您的应用程序。
#3
0
You could just use a standard hashing function (MD5 SHA1) and only use the first or last 30 bytes.
The number of bytes a hashing function generates is fairly arbitrary - it's obviously a trade off between space and uniqueness. There is nothing special about the lenght of the signature they use.
您可以使用标准散列函数(MD5 SHA1)并仅使用第一个或最后30个字节。散列函数生成的字节数相当随意 - 显然是空间和唯一性之间的折衷。他们使用的签名的长度没有什么特别之处。
Edit - sorry I was thinking that MD5 returned 32bytes- it actaulyl returns 16bytes but is ussually written as 32hex digits.
编辑 - 抱歉我认为MD5返回了32bytes-它actaulyl返回16bytes但是通常写为32hex数字。