Data security is critical when developing applications. We ask developers not to allow the transmission of users’ private data in clear text, and also not to allow the storage of users’ private data in clear text; This requires us to encrypt sensitive data.

Common encryption algorithms

  • Hash functions: MD5, SHA
  • Symmetric encryption algorithms: DES, 3DES, AND AES
  • Asymmetric encryption algorithm: RSA

Features:

  • Generates a unique 128-bit hash value (32 characters) for input information
  • The result of MD5 encryption is irreversible
  • Encrypting the same data gives the same result

All data (video, audio, files, whatever exists on hard disk or memory) can be encrypted by MD5, resulting in 32 characters. The code:

- (NSString *)md5String {
    const char *str = self.UTF8String;
    uint8_t buffer[CC_MD5_DIGEST_LENGTH];
    CC_MD5(str, (CC_LONG)strlen(str), buffer);
    return [self stringFromBytes:buffer length:CC_MD5_DIGEST_LENGTH];
}
Copy the code

The encapsulated Hash is here: NSString-hash

But this is insecure and relatively easy to crack: MD5 decrypts websites

The traditional method is to Salt: insert a random string with enough digits and enough complexity in the fixed position of the plaintext, and then perform MD5.

NSString *salt = @"fdsfjf)*&*JRhuhew7HUH^&udn&&86&*";
NSString *str = @"123456";   
str = [str stringByAppendingString:salt];
str = [str md5String];
NSLog(@"%@",str);
Copy the code

Disadvantages: salt is fixed, once the consequences of leakage is unimaginable; Once decrypted by MD5 with salt, it is easy to find the pattern and crack it.

The solution

HMAC: Hashes encrypted with one key twice!

Take user account login and registration as an example

  • Registration:

1. When the client sends a registration request to the server, the server generates a key and saves the key. The key is returned to the client. 2. The client encrypts the password using HMAC based on the key to generate ciphertext and sends the password to the server. The server saves the user privacy information in plain text. 3. After the server returns a successful registration, the client saves the key to the key string of the mobile phone (reducing the number of key transfers and improving security).

  • Login:

1. The client reads the key in the phone key string, encrypts the password with HMAC, and sends a login request to the server. 2. The server reads the ciphertext from the database based on the account and compares it with the ciphertext submitted by the client. The code:

- (NSString *)hmacMD5StringWithKey:(NSString *)key {
    const char *keyData = key.UTF8String;
    const char *strData = self.UTF8String;
    uint8_t buffer[CC_MD5_DIGEST_LENGTH];
    CCHmac(kCCHmacAlgMD5, keyData, strlen(keyData), strData, strlen(strData), buffer)
    return [self stringFromBytes:buffer length:CC_MD5_DIGEST_LENGTH];
}
Copy the code

Extension: can make use of this type of device lock or QQ mobile phone token function, the purpose is to be unable to log in their own accounts on other devices. Here under the general process, when the client sends out the login request, to read the key mobile phone keys, when this key is not exist, it is on other equipment operation, can make use of push notifications or messages tell myself at this moment, whether to allow others to equipment login, only allows the login or permanent authorization to log in. If you log in only once, do not save the key to the key string, and repeat the above operations next time. If you authorize permanent login, you can save the key to another device.

So is it safe? No!

If in step 2, intercept the POST content to obtain the encrypted ciphertext, and then simulate the client to send a request to the server, you will successfully hack!

Improve security again: Add a timestamp

  • The first step:

The client splices the HMAC data to the current server time and encrypts it with MD5. That is, (HMAC+201802271633).md5string posts encrypted data to the server.

Note: 201802271633 must be the current server time to avoid client time inconsistency.

  • The second step:

The server starts authentication: reads the HMAC from the database based on the account, concatenates the current server time, and uses MD5 encryption to obtain 32-bit characters and compare them with the 32-bit characters submitted by the client. There are two scenarios: 1. If the time of the server and the client are the same and the ciphertext is the same, the authentication succeeds. 2. The time on the server is inconsistent with that on the client, resulting in different ciphertext. Md5String: (HMAC+201802271633). Md5String: (HMAC+201802271634).md5string. If they are inconsistent, the server concatenates the ciphertext of the previous period for the second time :(HMAC+201802271633).md5string. If they are consistent, the server passes.

After this operation is performed, the validity of the request sent by the client lasts only one minute. If the request is not secure, you can add seconds to shorten the validity of the request to improve security.

The use of hashes

Hashes are primarily used for authentication, much like a human fingerprint. Generally, Md5 can be used for verification. For example, if you upload files to Baidu Cloud, Baidu will perform Md5 for each file. Compare the Md5 of the uploaded file with the existing one and add it to the existing one. Generally, only one copy of the same file will be stored in the library.

Hash cracking (hash collision) : Different N types of data hash after the same result

As mentioned above, different data should be generated by different 32-bit characters after MD5, but the number of permutations and combinations of 32-bit characters is limited, but the data is infinite, such as natural numbers. MD5 gets a finite number of 32 – bit characters for an infinite amount of data, which must be duplicated.

Symmetric encryption algorithm

Symmetric encryption (also known as private key encryption) is an encryption algorithm that uses the same key for encryption and decryption. Sometimes called traditional cryptographic algorithm, the encryption key can be calculated from the decryption key, and the decryption key can also be calculated from the encryption key. The sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it a complex encrypted ciphertext and sends it out. After receiving the ciphertext, the recipient needs to decrypt the ciphertext using the used encryption key and the inverse algorithm of the same algorithm to restore the ciphertext to readable text if it wants to read the original text.

That is, plaintext > Encryption > Ciphertext Ciphertext > Decryption > plaintext

Features: open algorithm, small computation, fast encryption speed, high encryption efficiency. Disadvantages: The key management is difficult and the cost is high. The security is not guaranteed because both parties use the same key.

Asymmetric encryption algorithm — (RSA) Modern encryption algorithm

Asymmetric encryption algorithms require two keys: a publickey and a privatekey. The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. If data is encrypted with a private key, it can only be decrypted with the corresponding public key. Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption. That is:

1. To send A message to B, A and B generate A pair of public and private keys for encryption and decryption

2. The private key of A is kept confidential, and the public key of A is told to B. B’s private key is confidential, and B’s public key tells A.

3. When A wants to send A message to B, A encrypts the message with B’s public key because A knows B’s public key.

4. A sends the message to B (the message has been encrypted with B’s public key).

5. After receiving the message, USER B decrypts the message with its own private key. None of the other recipients of this message can decrypt it because only B has B’s private key.

Features: The algorithm has complex strength and high security. Disadvantages: because of the complexity of its algorithm, the encryption and decryption speed is not as fast as symmetric encryption and decryption speed.

RSA

The RSA algorithm is based on a very simple number theory fact: it is easy to multiply two large prime numbers (prime numbers), but extremely difficult to factor their product, so the product can be exposed as an encryption key. For example: take two simple prime numbers: 89, 97, the product of the two is very simple 8633; But in order to factor 8633, its work increases geometrically.

A digital signature

Scenario: If you buy a cup of milk tea in the morning, you can get a 50% discount if you use the store’s APP to pay. A cup of milk tea costs 10 yuan. You pay 5 yuan on the store’s app and immediately receive a notice to spend 5 yuan. Seems everything is normal, but the hackers to intercept and capture the client sends the request payment information, will need to pay 5 yuan to 50 yuan and send, terminal received a request to pay 50 yuan, deductions and will deduct $50 information returned to the client, the hackers to intercept deductions information again, 5 yuan change has deducted 50 yuan to have deductions backwardness to the client. You’ve lost forty-five dollars without even realizing it.

As mobile payment and financial circulation become more frequent, how to avoid such problems requires digital signature of sensitive data.

Digital signature (also known as public key or electronic signature) is a common physical signature similar to that written on paper, but it uses the technology in the field of public key encryption to identify digital information. A set of digital signatures typically defines two complementary operations, one for signing and one for verification.

The summary message is encrypted with the sender’s private key and sent to the receiver along with the original text. The receiver can decrypt the encrypted digest only with the sender’s public key, and then use the HASH function to generate a digest of the received text and compare it with the decrypted digest. If they are the same, the received information is complete and has not been modified during transmission. Otherwise, the received information has been modified. Therefore, the digital signature can verify the integrity of the information.

Digital signature is a process of encryption, and digital signature verification is a process of decryption.

  • Client:

    • Encrypt sensitive information symmetrically or asymmetrically to obtain encrypted data packets;
    • Encrypt the data packets with the HASH algorithm to obtain the 32-bit HSAH value.
    • The 32-bit HASH value is encrypted using the RSA algorithm to obtain the signature.
    • The signature and data packets are packaged and sent to the server.

  • Server:

    • Decrypt the received signature with a private key to obtain a 32-bit HASH value.
    • The received data packets are HASH based on the same operations performed by the client to obtain the 32-bit HASH value.
    • Check whether the two hashes are the same. If they are the same, the data packets are secure.
    • Decrypt data packets to obtain the required original data;

conclusion

Attack and defense no small matter, important is the use of algorithms. The type of encryption algorithm is fixed, according to their own product business to choose the appropriate algorithm combination is the most important.

Personal shallow view, wrong place welcome correction