Mainperformance
Keymanagementincludesallaspectsfromkeygenerationtokeydestruction.Mainlymanifestedinthemanagementsystem,managementagreementandkeygeneration,distribution,replacementandinjection,etc.Formilitarycomputernetworksystems,duetousermobility,affiliationandcoordinatedcombatcommandarecomplicated,higherrequirementsareputforwardforkeymanagement.
Процес
Генериране на ключ
Дължината на ключа трябва да е достатъчно дълга. Най-общо казано, колкото по-голяма е дължината на ключа, толкова по-голямо е съответното ключово пространство и по-трудно е за нападателя да използва изчерпателно отгатване на паролата.
Chooseagoodkeyandavoidweakkeys.Therandombitstringgeneratedbytheautomaticprocessingdeviceisagoodkey.Whenchoosingakey,youshouldavoidchoosingaweakkey.
Forpublickeycryptosystems,keygenerationismoredifficultbecausethekeymustsatisfycertainmathematicalcharacteristics.
Keygenerationcanbeachievedthroughonlineorofflineinteractivenegotiation,suchascryptographicprotocols.
Keydistribution
Theuseofsymmetricencryptionalgorithmsforconfidentialcommunicationrequiresthesharingofthesamekey.Usually,amemberofthesystemselectsasecretkeyfirst,andthentransmitsittoanothermemberorothermembers.TheX9.17standarddescribestwotypesofkeys:keyencryptionkeysanddatakeys.Thekeyencryptionkeyencryptsotherkeysthatneedtobedistributed;whilethedatakeyonlyencryptstheinformationflow.Thekeyencryptionkeyisgenerallydistributedmanually.Toenhanceconfidentiality,thekeycanalsobedividedintomanydifferentpartsandthensentoutondifferentchannels.
Ключ за потвърждение
Ключът се предава с някои прикачени битове за откриване и коригиране на грешки. Когато ключът има грешка при предаване, той може лесно да бъде извлечен и ако е необходимо, ключът може да бъде предаден.
Thereceivingendcanalsoverifywhetherthereceivedkeyiscorrect.Thesenderencryptsaconstantwiththekey,andthensendsthefirst2-4bytesoftheciphertexttogetherwiththekey.Atthereceivingend,dothesamework.Ifthedecryptedconstantatthereceivingendcanmatchtheconstantatthesendingend,thetransmissioniserror-free.
Updatingthekey
Whenthekeyneedstobechangedfrequently,itisindeeddifficulttodistributethenewkeyfrequently.Aneasiersolutionistochangethekeyfromtheoldone.Anewkeyisgeneratedfromthekey,sometimescalledakeyupdate.Youcanuseaone-wayfunctiontoupdatethekey.Ifbothpartiessharethesamekeyandoperatewiththesameone-wayfunction,thesameresultwillbeobtained.
Съхранение на ключове
Ключовете могат да бъдат съхранени в мозъка, карта с магнитни ленти, смарткарта. Ключът може също така да бъде разделен на две части, като едната половина се съхранява в терминала, а другата се съхранява в ключа ROM. Също така е възможно да се използват методи, подобни на ключа за криптиране на ключа, за криптиране и запазване на трудния за запомняне ключ.
Резервен ключ
Ключ, секретно разделение, споделяне на секрети и т.н. могат да се използват за архивиране на ключ.
Theeasiestwayistouseakeyescrowcenter.Keyescrowrequiresalluserstohandovertheirkeystothekeyescrowcenter,andthekeyescrowcenterbacksupandkeepsthekeys(suchaslockedinasafesomewhereorencryptedandstoredwiththemasterkey),Oncetheuser'skeyislost(suchastheuserforgetsthekeyortheuseraccidentallydies),inaccordancewithcertainrulesandregulations,theuser'skeycanbeobtainedfromthekeyescrowcenter.Anotherbackupsolutionistousesmartcardsastemporarykeyescrow.Forexample,Alicestoresthekeyinthesmartcard,andgivesittoBobwhenAliceisaway.BobcanusethecardtodoAlice'swork.WhenAlicereturns,Bobreturnsthecard.Becausethekeyisstoredinthecard,BobIdon'tknowwhatthekeyis.
Secretdivisiondividesthesecretintomanypieces.Eachpiecedoesnotmeananything,butwhenthesepiecesareputtogether,thesecretwillbereproduced.
По-добре да използвате протокол за споделяне на тайни. Разделете ключовете Kinton на блокове и всяка страна се нарича негова "сянка". Знаейки още повече блокове, можете да изчислите ключа K, като знаете, че всеки 1 или по-малко блокове не могат да бъдат изчислени Ключът K, който се нарича (m, n) прагова (базирана на праг) схема. ,проективнагеометрия,линейнаалгебра,SunTzutheorem и др.
Схемата на интерполационния полином на Лагранж е лесна за разбиране прагова схема за споделяне на тайна (m,n).
Secretsharingsolvestwoproblems:first,ifthekeyisaccidentallyorintentionallyexposed,theentiresystemisvulnerabletoattack;second,ifthekeyislostordamaged,allinformationinthesystemcannotbeused.
Keyvalidityperiod
Encryptionkeyscannotbeusedindefinitely.Thereareseveralreasons:thelongerthekeyisused,thegreaterthechanceofitbeingleaked;ifthekeyisHasbeenleaked,thenthelongerthekeyisused,thegreatertheloss;thelongerthekeyisused,thegreaterthetemptationforpeopletospendenergydecipheringit-evenbruteforceattacks;formultipleciphertextsencryptedwiththesamekeyItisgenerallyeasiertoperformcryptanalysis.
Differentkeysshouldhavedifferentvalidityperiods.
Thevalidityperiodofthedatakeymainlydependsonthevalueofthedataandtheamountofencrypteddatainagiventime.Thegreaterthevalueandthedatatransferrate,themorefrequentlythekeysusedwillbereplaced.
Keyencryptionkeysdonotneedtobechangedfrequently,becausetheyareonlyusedoccasionallyforkeyexchange.Insomeapplications,thekeyencryptionkeyisonlychangedonceamonthorayear.
Theencryptionkeyusedtoencryptthesaveddatafilecannotbechangedfrequently.Usuallyeachfileisencryptedwithauniquekey,andthenallkeysareencryptedwithakeyencryptionkey.Thekeyencryptionkeyiseithermemorizedorstoredinasafeplace.Ofcourse,losingthiskeymeanslosingallfileencryptionkeys.
Thevalidityperiodoftheprivatekeyinthepublickeycryptographyapplicationvariesaccordingtotheapplication.Theprivatekeyusedfordigitalsignatureandidentificationmustlastforseveralyears(orevenlife),andtheprivatekeyusedforthecointossprotocolshouldbedestroyedimmediatelyaftertheagreementiscompleted.Evenifthesecurityofthekeyisexpectedtolastforalifetime,itisnecessarytoconsiderchangingthekeyonceeverytwoyears.Theoldkeystillneedstobekeptsecretincasetheuserneedstoverifytheprevioussignature.Butthenewkeywillbeusedtosignthenewfiletoreducethenumberofsignaturefilesthatacryptanalystcanattack.
Унищожете ключа
Ако ключът трябва да бъде заменен, старият ключ трябва да бъде унищожен и ключът трябва да бъде физически унищожен.
Система за управление
Паролата за publickey прави ключа по-лесен за управление. Без значение колко хора има в мрежата, всеки има само един publickey.
Itisnotenoughtouseapublic/privatekeypair.Theimplementationofanygoodpublickeycryptographyneedstoseparatetheencryptionkeyfromthedigitalsignaturekey.Butasinglepairofencryptionandsigningkeysisnotenough.LikeanIDcard,aprivatekeyprovesarelationship,andpeoplehavemorethanonerelationship.Forexample,Alicecansignadocumentinthenameofaprivateperson,thevicepresidentofthecompany,etc.
InthefinancialICcardjointpilotprojectsofcommercialbanks,thesecuritycontrolandmanagementofkeysbybanksatalllevelsisthekeytothesecurityoftheapplicationsystem.
"RT-KMSKeyManagement System" следва "ChinaFinancialIntegratedCircuit(IC)CardSpecification(v1.0)"и"BankICCardJointPilotTechnicalPlan"за улесняване на независимостта на банките-членки
p>Издаване на карти, реализиране на споделянето на четци на карти и завършване на междубанкови транзакции на различни места.
Securitymechanism
InthenationalbankICcardjointpilotprogram,banksatalllevelsusekeymanagementsystemstoimplementkeysecuritymanagement.Thekeymanagementsystemadoptsthe3DESencryptionalgorithmandusesthethree-levelmanagementsystemofthebankheadoffice,theregionalbranchofthePeople’sBankofChina(commercialbankheadoffice),andmemberbankstosecurelysharethepublicmasterkeyandrealizecardintercommunication.,Equipmentsharing.
Theentiresecuritysystemstructuremainlyincludesthreetypesofkeys:thenationally-usedconsumer/cashwithdrawalmasterkeyGMPKoftheheadoffice,theconsumption/cashwithdrawalmasterkeyMPKoftheissuingbank,andothersoftheissuingbank
Главен ключ. Според предназначението на ключа системата приема различни стратегии за обработка.
Принципи на проектиране
(1) Всички ключове са заредени и импортирани в кодиран текст.
(2)Ключът подлежи на строг контрол на авторитета и различни организации или персонал имат различни правомощия за четене, писане, актуализиране и използване на различни ключове.
(3)Inordertoensurethesecurityofkeyuseandconsidertheneedsofactualuse,thesystemcangeneratemultiplesetsofmasterkeys.Ifoneofthekeysisleakedorattacked,theapplicationsystemcanbestoppedimmediatelyTheuseofthissetofkeysandtheuseofbackupkeys,soastoavoidthewasteofexistinginvestmentandequipmentasmuchaspossible,andreducetheriskofsystemuse.
(4)Userscanchoosedifferentcombinationsandconfigurationsofthekeymanagementsubsystemaccordingtoactualneeds.
(5) Ключовата услуга, съхранението и архивирането са във формата на ключ за криптираща машина.
Managementtechnology
Technologyclassification
1.Symmetrickeymanagement.Symmetricencryptionisrealizedbasedonthecommonkeepingofsecrets.Bothpartiestothetradethatadoptsymmetricencryptiontechnologymustensurethattheyusethesamekey,thattheexchangeofeachother'skeysissafeandreliable,andalsosetupprocedurestopreventkeyleakageandchangekeys.Inthisway,themanagementanddistributionofsymmetrickeyswillbecomeapotentiallydangerousandcumbersomeprocess.Therealizationofsymmetrickeymanagementthroughpublickeyencryptiontechnologymakesthecorrespondingmanagementsimplerandmoresecure,andatthesametimesolvesthereliabilityandauthenticationproblemsinthepuresymmetrickeymode.Thetradingpartycangenerateauniquesymmetrickeyforeachexchangeofinformation(suchaseachEDIexchange)andencryptthekeywithapublickey,andthenencrypttheencryptedkeywiththekeyTheinformation(suchasEDIexchange)issenttothecorrespondingtradingpartytogether.Sinceauniquekeyisgeneratedforeachinformationexchange,eachtradingpartynolongerneedstomaintainthekeyandworryabouttheleakageorexpirationofthekey.Anotheradvantageofthismethodisthatevenifakeyisleaked,itwillonlyaffectonetransaction,andwillnotaffectallthetransactionrelationshipsbetweenthetradingparties.Thismethodalsoprovidesasecurewaytoissuesymmetrickeysbetweentradingpartners.
2.Publickeymanagement/digitalcertificate.Digitalcertificates(publickeycertificates)canbeusedtoexchangepublickeysbetweentradingpartners.ThestandardX.509developedbytheInternationalTelecommunicationUnion(ITU)definesdigitalcertificates.ThisstandardisequivalenttotheISO/IEC9594-8:195standardjointlyissuedbytheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC).Digitalcertificatesusuallyincludethenamethatuniquelyidentifiestheownerofthecertificate(ie,thetradingparty),thenamethatuniquelyidentifiesthecertificateissuer,thepublickeyofthecertificateowner,thedigitalsignatureofthecertificateissuer,thevalidityperiodofthecertificate,andtheserialnumberofthecertificate,etc..Thecertificateissuerisgenerallycalledacertificateauthority(CA),whichisanorganizationtrustedbyallpartiesinthetrade.Digitalcertificatescanplayaroleinidentifyingtradingpartiesandarecurrentlyoneofthetechnologieswidelyusedine-commerce.
3.Standardspecificationsrelatedtokeymanagement.Atpresent,relevantinternationalstandardizationorganizationshavestartedtoformulatetechnicalstandardsandspecificationsonkeymanagement.TheInformationTechnologyCommittee(JTC1)underISOandIEChasdraftedaninternationalstandardspecificationforkeymanagement.Thespecificationismainlycomposedofthreeparts:oneisthekeymanagementframework;thesecondisthemechanismusingsymmetrictechnology;thethirdisthemechanismusingasymmetrictechnology.Thespecificationhasnowenteredthestageofvotingondraftinternationalstandardsandwillsoonbecomeanofficialinternationalstandard.
Цифров подпис
Digitalsignatureisanothertypeofapplicationofpublickeyencryptiontechnology.Itsmainmethodis:thesenderofthemessagegeneratesa128-bithashvalue(ormessagedigest)fromthemessagetext.Thesenderusesitsownprivatekeytoencryptthishashvaluetoformthesender'sdigitalsignature.Then,thisdigitalsignaturewillbesenttotherecipientofthemessageasanattachmenttothemessagetogetherwiththemessage.Thereceiverofthemessagefirstcalculatesa128-bithashvalue(ormessagedigest)fromthereceivedoriginalmessage,andthenusesthesender'spublickeytodecryptthedigitalsignatureattachedtothemessage.Ifthetwohashvaluesarethesame,thereceivercanconfirmthatthedigitalsignatureisfromthesender.Throughthedigitalsignature,theauthenticationandnon-repudiationoftheoriginalmessagecanberealized.
ISO/IECJTC1isalreadydraftingrelevantinternationalstandards.Thepreliminarytitleofthestandardis"InformationTechnologySecurityTechnologywithAttachedDigitalSignatureScheme",whichconsistsoftwoparts:anoverviewandanidentity-basedmechanism.
Алгоритъм за шифроване
Въведение в криптографията. Според записите през 400 г. пр. н. е. древните гърци са изобретили заместващ шифър. През 1881 г. се появява първият в света патент за телефонна сигурност. По време на Втората световна война германските военни са използвали криптографската машина „Енигма“ и криптографията е имала голямо значение.
Withthedevelopmentofinformationtechnologyanddigitalsociety,people’sawarenessoftheimportanceofinformationsecurityandconfidentialitycontinuestoincrease,soin1997,theNationalBureauofStandardsannouncedtheimplementationofthe"USDataEncryptionStandard(DES)"Thecivilforcesbegantofullyinterveneintheresearchandapplicationofcryptography,usingencryptionalgorithmssuchasDES,RSA,andSHA.Asthedemandforencryptionstrengthcontinuestoincrease,AESandECChaverecentlyappeared.
Usingcryptographycanachievethefollowingpurposes:
Поверителност: Предотвратете прочитането на идентификацията или данните на потребителя.
Целостта на данните: Предотвратяване на промяна на данните.
Потвърждение на самоличността: за да се гарантира, че данните са изпратени от конкретна страна.
2.IntroductiontoencryptionalgorithmsAccordingtodifferentkeytypes,moderncryptographictechnologiesaredividedintotwocategories:symmetricencryptionalgorithms(secretkeyencryption)andasymmetricencryptionalgorithms(publickeyencryption).
Thesymmetrickeyencryptionsystemusesthesamesecretkeyforencryptionanddecryption,andbothpartiesincommunicationmustobtainthiskeyandkeepthekeysecret.
Ключът за криптиране (publickey) и ключът за декриптиране (privatekey), използвани от системата за криптиране с асиметричен ключ, са различни.
Symmetricencryptionalgorithm
Inasymmetricencryptionalgorithm,onlyonekeyisusedtoencryptanddecryptinformation,thatis,thesamekeyisusedforencryptionanddecryption.Commonlyusedalgorithmsinclude:DES(DataEncryptionStandard):adataencryptionstandard,whichisfasterandissuitableforencryptinglargeamountsofdata.
3DES(TripleDES):Въз основа на DES, част от данните се криптират три пъти с три различни ключа, с по-висока якост.
AES(AdvancedEncryptionStandard):AdvancedEncryptionStandard,стандарт за алгоритъм за криптиране от следващо поколение,с бърза скорост ивисоко ниво на сигурност;
InOctober2000,NIST(AmericanNationalStandardAndTechnologyAssociation)announcedtheadoptionofanewkeyencryptionstandardselectedfrom15candidatealgorithms.RijndaelwasselectedasthefutureAES.Rijndaelwasfoundedinthesecondhalfof1999byresearchersJoanDaemenandVincentRijmen.AESisincreasinglybecomingthedefactostandardforencryptingvariousformsofelectronicdata.
Националният институт за стандарти и технологии (NIST) формулира нова спецификация на Advanced Encryption Standard (AES) на 26 май 2002 г.
AlgorithmprincipleTheAESalgorithmisbasedonpermutationandpermutationoperations.Permutationistorearrangedata,andreplacementistoreplaceonedataunitwithanother.AESusesseveraldifferentmethodstoperformpermutationandpermutationoperations.
AESisaniterative,symmetrickeyblockcipher,itcanuse128,192,and256-bitkeys,anduse128-bit(16-byte)blockstoencryptanddecryptdata.Unlikepublickeyciphersthatusekeypairs,symmetrickeyciphersusethesamekeytoencryptanddecryptdata.Thenumberofbitsoftheencrypteddatareturnedbytheblockcipheristhesameastheinputdata.Iterativeencryptionusesaloopstructureinwhichtheinputdataisrepeatedlyreplacedandreplaced.
Сравнение между AES и 3DES
Име на алгоритъм | Тип алгоритъм | Дължина на ключа | Скорост | p>Време за декриптиране(theconstructionmachinetries255keyspersecond) | Потребление на ресурси |
AES | Симетричен блоков шифър | 128 192 256 бита | Високо | 149 трилиона години | нисък |
3DES | Symmetricfeistel парола | 112 или 168 бита | нисък | 46100 милиона години | Среден |
Асиметричен алгоритъм
Обикновените алгоритми за симетрично криптиране са както следва:
RSA:InventedbyRSA,itisapublickeyalgorithmthatsupportsvariable-lengthkeys.Thelengthofthefileblockthatneedstobeencryptedisalsovariable;
p>
DSA(DigitalSignatureAlgorithm):Алгоритъм за цифров подпис,isstandardDSS(DigitalSignatureStandard);
ECC(Криптография на елиптични криви):Криптография на елиптични криви.
In1976,becausesymmetricencryptionalgorithmscouldnolongermeettheneeds,DiffieandHellmanpublishedanarticlecalled"NewTrendsinCryptography",whichintroducedtheconceptofpublickeyencryption.AdelmanproposedtheRSAalgorithm.
Withtheprogressandimprovementofthemethodofdecomposinglargeintegers,theincreaseofcomputerspeedandthedevelopmentofcomputernetworks,inordertoensurethesecurityofdata,theRSAkeyneedstoincreasecontinuously.However,theincreaseofthekeylengthleadstoAsthespeedofencryptionanddecryptionhasbeengreatlyreduced,hardwareimplementationhasbecomemoreandmoreunbearable,whichhasbroughtaheavyburdentoapplicationsthatuseRSA,soanewalgorithmisneededtoreplaceRSA.
In1985,N.KoblitzandMillerproposedtheuseofellipticcurvesincryptographicalgorithms,basedonthediscretelogarithmproblemECDLPinpointgroupsonellipticcurvesoverfinitefields.ECDLPisamoredifficultproblemthanthefactorizationproblem,itisexponentiallydifficult.
Principle-thedifficultproblemontheellipticcurveThediscretelogarithmproblemontheellipticcurveECDLPisdefinedasfollows:GivenaprimenumberpandanellipticcurveE,forQ=kP,findPandQFindapositiveintegerkthatislessthanp.ItcanbeprovedthatitiseasiertocalculateQfromkandP,butitismoredifficulttocalculatekfromQandP.
Correspondingtheadditionoperationintheellipticcurvetothemodularmultiplicationoperationinthediscretelogarithm,andthemultiplicationoperationintheellipticcurvecorrespondingtothemodularexponentiationoperationinthediscretelogarithm,wecanbuildbasedonThecorrespondingcryptosystemoftheellipticcurve.
Forexample,correspondingtotheDiffie-Hellmanpublickeysystem,wecanimplementitontheellipticcurveinthefollowingway:selectthegeneratorPonE,andrequireenoughgroupelementsgeneratedbyP,andthecommunicationpartiesAAndBselectsaandbrespectively,aandbarekeptsecret,butaPandbParemadepublic,andthekeyusedforcommunicationbetweenAandBisabP,whichisnotknowntoathirdparty.
ThecorrespondingELGamalcryptosystemcanbeimplementedontheellipticcurveinthefollowingway:
Вградете обикновения текст в точката Pm на E, изберете точка B∈E и всеки потребител изберете цяло число,0
K=kG[къдетоK,GarepointsonEp(a,b),иkisintegerless thann(nistheorderofpointG)]
ItisnotdifficulttofindthatgivenkandG,itiseasytocalculateKaccordingtotheruleofaddition;butgivenKandG,itisrelativelydifficulttofindk.
Това е проблемът, който създава алгоритъмът за криптиране на елиптичната крива. Ние наричаме точката Gбазова точка, k(privtekey) и Kпубличният ключ.
ComparisonofECCandRSAComparedwithECCandRSA,Hasabsoluteadvantagesinmanyaspects,mainlyreflectedinthefollowingaspects:
Силна анти-атака. Същата дължина на ключа, неговата анти-атака е многократно по-силна.
Theamountofcalculationissmallandtheprocessingspeedisfast.TheoverallspeedofECCismuchfasterthanthatofRSAandDSA.
Thestoragespaceissmall.ThekeysizeandsystemparametersofECCaremuchsmallerthanthoseofRSAandDSA.More,itmeansthatitoccupiesamuchsmallerstoragespace.ThisisofspecialsignificancefortheapplicationofencryptionalgorithmsonICcards.
Lowbandwidthrequirements.WhenencryptinganddecryptinglongmessagesAtthistime,thethreetypesofcryptosystemshavethesamebandwidthrequirements,butwhenappliedtoshortmessages,theECCbandwidthrequirementsaremuchlower.ThelowbandwidthrequirementsmakeECChaveawiderangeofapplicationprospectsinthefieldofwirelessnetworks.
ECCThesecharacteristicsmakeitsuretoreplaceRSAandbecomeageneralpublickeyencryptionalgorithm.Forexample,thecreatorsoftheSETprotocolhaveadopteditasthedefaultpublickeyencryptionalgorithminthenextgenerationSETprotocol.
ThefollowingtwoRepresentsthecomparisonofthesecurityandspeedofRSAandECC.
Време на нарушение (MIPS години) td> | RSA/DSA(дължина на ключа) | ECCkeylth | RSA/ECCkeylgthratio |
10 | 512 | 106 | 5:1 |
10 | 768 | 132 | 6:1 |
10 | 1024 | 160 | 7:1 |
10 | 2048 | 210 | 10:1 |
10 | 21000 | 600 | 35:1 |
Сравняване на RSA и ECC модули за сигурност
Функция | SecurityBuilder1.2 | BSAFE3.0 |
163-bitECC(ms) | 1023-bitRSA(ms) | |
Генериране на двойка ключове | 3.8 | 4708,3 |
Подпис p> | 2.1(ECNRA) | 228.4 |
3.0(ECDSA) | ||
Сертифициране | 9.9(ECNRA) | 12.7 |
10.7(ECDSA) | ||
Diffie—Hellmankeyexchange | 7.3 | 1654,0 |
Сравнение на скоростта между RSA и ECC
Hashalgorithm
Hashingalgorithmisalsocalledhashalgorithm,EnglishisHash,whichistotransformaninputofanylength(alsocalledpre-image,pre-image)intoafixed-lengthoutputthroughahashingalgorithm.Theoutputisthehashvalue.Thisconversionisacompressionmapping,thatis,thehashvaluespaceisusuallymuchsmallerthantheinputspace,differentinputsmaybehashedintothesameoutput,anditisimpossibletouniquelydeterminetheinputvaluefromthehashvalue.Simplyput,itisafunctionthatcompressesmessagesofanylengthtoafixed-lengthmessagedigest.
HASHismainlyusedinencryptionalgorithmsinthefieldofinformationsecurity.Itconvertsinformationofdifferentlengthsintomessy128-bitcodes.ThesecodedvaluesarecalledHASHvalues.ItcanalsobesaidthathashistofindakindofThehashofthemappingrelationshipbetweenthedatacontentandthedatastorageaddressistherefinementoftheinformation,anditslengthisusuallymuchsmallerthanthatoftheinformation,anditisafixedlength.Astrongencryptionhashmustbeirreversible,whichmeansthatnopartoftheoriginalinformationcanbederivedfromthehashresult.Anychangeintheinputinformation,evenifitisonlyonebit,willcauseasignificantchangeinthehashresult,whichiscalledtheavalancheeffect.Hashingshouldalsobeanti-collision,thatis,twopiecesofinformationwiththesamehashresultcannotbefound.Thehashresultwiththesecharacteristicscanbeusedtoverifywhethertheinformationhasbeenmodified.
Еднопосочната функция за хеширане обикновено се използва за генериране на обобщени съобщения, криптиране на ключове и т.н. Общите са:
MD5(MessageDigestAlgorithm5): Разработено е от RSADataSecurityCorporationAone-wayhashalgorithm.
SHA(SecureHashAlgorithm): Може да генерира 160-битова стойност за дължина на данните;
In1993,theSecureHashAlgorithm(SHA)wasadoptedbytheAmericanNationalStandardItwasproposedbytheInstituteofTechnologyandTechnology(NIST)andpublishedastheFederalInformationProcessingStandard(FIPSPUB180);in1995,arevisedversionofFIPSPUB180-1wasreleased,usuallycalledSHA-1.SHA-1isbasedontheMD4algorithm,anditsdesignlargelyimitatesMD4.Itisnowrecognizedasoneofthesafesthashingalgorithmsandiswidelyused.
PrincipleSHA-1isadataencryptionalgorithm.Theideaofthealgorithmistoreceiveapieceofplaintextandthenconvertitintoapieceof(usuallysmaller)ciphertextinanirreversibleway.ItcanalsobesimpleTheunderstandingofistheprocessoftakingastringofinputcodes(calledpre-mappingorinformation)andconvertingthemintoashort-length,fixed-digitoutputsequencethatisahashvalue(alsoknownasinformationdigestorinformationauthenticationcode).
Thesecurityoftheone-wayhashfunctionliesinitsstrongone-wayoperationintheprocessofgeneratingthehashvalue.Ifthepasswordisembeddedintheinputsequence,noonecangeneratethecorrecthashvaluewithoutknowingthepassword,thusensuringitssecurity.SHAdividestheinputstreamintoblocksof512bits(64bytes)perblock,andproduces20bytesofoutputcalledthemessageauthenticationcodeormessagedigest.
Максималната дължина на въведеното съобщение на алгоритъма не надвишава 264 бита, а изходът е 160-битово обобщено съобщение. Входът се обработва в 512-битови групи. SHA-1 е необратим, против сблъсък и има добър лавинообразен ефект.
Thedigitalsignaturecanberealizedthroughthehashalgorithm.Theprincipleofdigitalsignatureistoconverttheplaintexttobetransmittedintoamessagedigestthroughafunctionoperation(Hash)(differentplaintextcorrespondstodifferentmessagedigests),Themessagedigestisencryptedandsenttotherecipienttogetherwiththeplaintext.Therecipientwillgenerateanewmessagedigestofthereceivedplaintextandcompareitwiththesender'ssentmessagedigest.Thecomparisonresultisconsistent,indicatingthattheplaintexthasnotbeenchanged.Ifitisinconsistent,itmeansTheplaintexthasbeentamperedwith.
MAC(InformationAuthenticationCode)isahashresult.Partoftheinputinformationisapassword.OnlyparticipantswhoknowthispasswordcanrecalculateandverifythevalidityoftheMACcode.ThegenerationofMACisshowninthefigurebelow.
Информация |
Парола |
Хеш функция |
Код за удостоверяване на информация |
Сравнение между SHA-1 и MD5, тъй като и двете са получени от MD4, и SHA-1 и MD5 са много различни от всяка друга.прилика.
Securityagainstforcedsupply:ThemostsignificantandimportantdifferenceisthattheSHA-1abstractislongerthantheMD5abstract32bits.Usingforcetechnology,thedifficultyofgeneratinganymessagesothatitsdigestisequaltoagivendigestisa2-orderoperationforMD5,anda2-orderoperationforSHA-1.Inthisway,SHA-1hasgreaterstrengthagainstforcedattacks.
Сигурност на криптирания анализ: Благодарение на дизайна на MD5 е уязвим на атаки на криптиран анализ и SHA-1 не е уязвим на такива атаки.
Скорост: На същия хардуер SHA-1 работи по-бавно от MD5.
Сравнение на двата
Сравнение на симетрични и асиметрични алгоритми
Theprinciplesofthetwoencryptionmethodsaresummarizedabove.Generallyspeaking,therearemainlythefollowingaspectsDifferent:
1.Intermsofmanagement:thepublickeycryptographicalgorithmonlyneedslessresourcestoachieveitspurpose.Inthedistributionofkeys,thereisanexponentialleveldifferencebetweenthetwo(oneisnoneIsn).Therefore,theprivatekeycryptographicalgorithmisnotsuitablefortheuseofWAN,andmoreimportantly,itdoesnotsupportdigitalsignatures.
2.Intermsofsecurity:Sincethepublickeycryptographicalgorithmisbasedonanunsolvedmathematicalproblem,itisalmostimpossibletocrack.Fortheprivatekeycryptographicalgorithm,althoughitisimpossibletocracktheoreticallybyAES,fromtheperspectiveofcomputerdevelopment.Thepublickeyismoreadvantageous.
3.Fromthepointofviewofspeed:ThesoftwareimplementationspeedofAEShasreachedseveralmegabitsortensofmegabitspersecond.Itis100timesthepublickey.Ifimplementedbyhardware,thisratiowillbeexpandedto1000times.
ThechoiceofencryptionalgorithmThepreviouschaptershaveintroducedsymmetricdecryptionalgorithmsandasymmetricencryptionalgorithms.Manypeoplearewondering:Sowhichoneshouldweuseinactualuseisbetter?
Weshoulddetermineaccordingtoourowncharacteristics.Sincetherunningspeedofasymmetricencryptionalgorithmismuchslowerthanthatofsymmetricencryptionalgorithm,whenweneedtoencryptalargeamountofdata,itisrecommendedtousesymmetricencryptionalgorithmtoimproveEncryptionanddecryptionspeed.
Symmetricencryptionalgorithmcannotrealizesignature,sosignaturecanonlybeasymmetricalgorithm.
Asthekeymanagementofthesymmetricencryptionalgorithmisacomplexprocess,themanagementofthekeydirectlydeterminesitssecurity,sowhentheamountofdataissmall,wecanconsiderusinganasymmetricencryptionalgorithm.
Intheactualoperationprocess,weusuallyadoptthemethod:useanasymmetricencryptionalgorithmtomanagethekeyofthesymmetricalgorithm,andthenusethesymmetricencryptionalgorithmtoencryptthedata,sothatwehaveintegratedtwotypesofencryptionalgorithmsTheadvantageofnotonlyrealizestheadvantagesoffastencryptionspeed,butalsorealizestheadvantagesofsafeandconvenientkeymanagement.
Ако алгоритъмът за криптиране е избран погрешно, колко бита ключ трябва да се използва? Най-общо казано, колкото по-дълъг е ключът, толкова по-ниска е скоростта на работа. Той трябва да бъде избран в съответствие с нивото на сигурност, което действително се нуждае.
Themodernapplicationofcryptography,withthepopularizationofcommercialapplicationsofcryptography,publickeycryptographyhasreceivedunprecedentedattention.Inadditiontotraditionalcryptographicapplicationsystems,thePKIsystemisbasedonpublickeycryptography,providingfunctionssuchasencryption,signature,authentication,keymanagement,anddistribution.
Confidentialcommunication:Confidentialcommunicationisthecauseofcryptography.Whenusingpublicandprivatekeycryptographyforconfidentialcommunication,therecipientoftheinformationcandecrypttheinformationonlyifheknowsthecorrespondingkey.
Digitalsignature:Digitalsignaturetechnologycanreplacetraditionalhandwrittensignatures,andfromasecurityperspective,digitalsignatureshaveagoodanti-counterfeitingfunction.Ithasawiderangeofapplicationenvironmentsingovernmentagencies,militaryfields,andcommercialfields.
Secretsharing:Secretsharingtechnologyreferstotheuseofcryptographictechniquestosplitasecretinformationintonpiecesofinformationcalledsharingfactors,anddistributethemtonmembers,onlyk(k≤n)legalmembersThesecretinformationcanberecoveredbythesharingfactorof,andanyoneorm(m≤k)memberscooperateswithoutknowingthesecretinformation.Theuseofsecretsharingtechnologycancontrolanysecretinformation,commands,etc.thatneedtobecontrolledbymultiplepeople.
Authenticationfunction:transmitsensitiveinformationonopenchannels,usesignaturetechnologytoverifytheauthenticityandintegrityofthemessage,andverifytheidentityofthecommunicationsubjectbyverifyingthepublickeycertificate.
Keymanagement:Thekeyisamorefragileandimportantlinkinthesecuritysystem.Thepublickeycryptosystemisapowerfultooltosolvethekeymanagementwork;thepublickeycryptosystemisusedforkeynegotiationandgeneration,Thetwopartiesinconfidentialcommunicationdonotneedtosharesecretinformationinadvance;publickeycryptosystemsareusedforkeydistribution,protection,keyescrow,andkeyrecovery.
Basedonthepublickeycryptosystem,inadditiontotheabovegeneralfunctions,thefollowingsystemscanalsobedesignedandimplemented:securee-commercesystem,electroniccashsystem,electronicelectionsystem,electronicbiddingsystem,electroniclotterysystem,etc.
Theemergenceofthepublickeycryptosystemisthebasisforthedevelopmentofcryptographyfromthetraditionalgovernment,militaryandotherapplicationfieldstocommercialandcivilianuse.Atthesametime,thedevelopmentoftheInternetande-commercehasopenedupabroaderfieldforthedevelopmentofcryptography.prospect.
ThefutureofencryptionalgorithmsWiththeimprovementofcalculationmethods,theaccelerationofcomputeroperationspeed,andthedevelopmentofnetworks,moreandmorealgorithmshavebeencracked.
Atthe2004InternationalConferenceonCryptography(Crypto'2004),ProfessorWangXiaoyunfromShandongUniversity,China,madeareportondecipheringMD5,HAVAL-128,MD4andRIPEMDalgorithms,whichmadethepresentinternationaltoppasswordsAcademicexpertsareshocked,whichmeansthatthesealgorithmswillbeeliminatedfromtheapplication.Subsequently,SHA-1wasalsodeclaredtohavebeencracked.
TherearethreeattackexperimentsthathaveanimpactonDESinhistory.In1997,using70,000computersfromvariouscountriesatthattime,ittook96daystocracktheDESkey.In1998,theElectronicFrontierFoundation(EFF)usedaspecialcomputerbuiltfor$250,000tocracktheDESkeyin56hours.In1999,EFFcompletedthecrackingworkin22hoursand15minutes.therefore.DES,whichoncemadeoutstandingcontributions,cannolongermeetourgrowingneeds.
Recently,agroupofresearcherssuccessfullydecomposeda512-bitintegerandannouncedtheRSAcracking.
Wesaythatdatasecurityisrelative.Itcanbesaidthatitissafeforacertainperiodoftimeandundercertainconditions.Withthedevelopmentofhardwareandnetwork,ortheemergenceofanotherWangXiaoyun,thecurrentcommonlyusedencryptionalgorithmsareItmaybecrackedinashorttime.Atthattime,wehavetouselongerkeysormoreadvancedalgorithmstoensuredatasecurity.Therefore,encryptionalgorithmsstillneedtobecontinuouslydevelopedandimprovedtoprovidehigherencryptionsecuritystrengthandcalculatingspeed.
Overviewofthesetwoalgorithms,oneisfromDESto3DEStoAES,andtheotherisfromRSAtoECC.Itsdevelopmentangleisallconsideringthesimplicityofthekey,thelowcost,theeaseofmanagement,thecomplexityofthealgorithm,thesecurityofconfidentiality,andthespeedofcalculation.Therefore,thedevelopmentofalgorithmsinthefuturemustbebasedontheseperspectives,andthesetwoalgorithmsareoftencombinedinactualoperations,andanewalgorithmthatcombinestheadvantagesofthetwoalgorithmswillappearinthefuture.Atthattime,therealizationofe-commercewillsurelybefasterandsafer.