在python中会使用hashlib来进行加密操作,但是如何确保hsahlib模块不被篡改呢?
比如我在软件中使用hashlib去验证一个文件是否被修改了,于是我在mian.py中import hashlib,然后使用hashlib.md5()生成一个摘要。
然后我把软件发布给客户,如果客户修改了软件,则会被检测出来,这极大的依赖hashlib模块,如果客户篡改了hashlib模块文件,那我的检测则失败了。
我在python中查询了源码,发现hashlib.py文件和平常代码不一样,(摘取部分如下),想找到hashlib到底依赖那些文件,以便进一步保护这些文件,防止hashlib被篡改,但是发现import了_md5、_sha 等文件,这些文件在我当前的解释环境中是不存在的,但是运行软件却没有报错。
真是搞不懂。
故请教:如何确保hashlib不被篡改?
algorithms_guaranteed = set(__always_supported)
algorithms_available = set(__always_supported)
__all__ = __always_supported + ('new', 'algorithms_guaranteed',
'algorithms_available', 'pbkdf2_hmac')
__builtin_constructor_cache = {}
# Prefer our blake2 implementation
# OpenSSL 1.1.0 comes with a limited implementation of blake2b/s. The OpenSSL
# implementations neither support keyed blake2 (blake2 MAC) nor advanced
# features like salt, personalization, or tree hashing. OpenSSL hash-only
# variants are available as 'blake2b512' and 'blake2s256', though.
__block_openssl_constructor = {
'blake2b', 'blake2s',
}
def __get_builtin_constructor(name):
print('__get_builtin_constructor')
cache = __builtin_constructor_cache
constructor = cache.get(name)
if constructor is not None:
print('return',name,constructor)
return constructor
print('other',name)
try:
if name in {'SHA1', 'sha1'}:
import _sha1
cache['SHA1'] = cache['sha1'] = _sha1.sha1
elif name in {'MD5', 'md5'}:
print('md5')
import _md5
cache['MD5'] = cache['md5'] = _md5.md5
elif name in {'SHA256', 'sha256', 'SHA224', 'sha224'}:
import _sha256
cache['SHA224'] = cache['sha224'] = _sha256.sha224
cache['SHA256'] = cache['sha256'] = _sha256.sha256
elif name in {'SHA512', 'sha512', 'SHA384', 'sha384'}:
import _sha512
cache['SHA384'] = cache['sha384'] = _sha512.sha384
cache['SHA512'] = cache['sha512'] = _sha512.sha512
