In the last article, asymmetric encryption, also known as RSA data principle and simple and practical, then in this article will talk about symmetric encryption, among which Hash (Hash algorithm, Hash function) is the most well-known.
A Hash is a Hash algorithm that transforms an input of arbitrary length into an output of fixed length, which is the Hash value. This transformation is a compression mapping, that is, the space of hash values is usually much smaller than the space of input, and different inputs may be hashed into the same output, so it is impossible to determine a unique input value from the hash value. Simply put, it is a function that compresses a message of any length into a message digest of a fixed length.
The following points will be discussed in this paper:
- The characteristics of the Hash
- The purpose of the Hash
- Symmetric encryption
1. Features of Hash
(1) The algorithm is open. (2) The result is the same for the same data. (3) The default result for different data, such as MD5, is 128 bits,32 characters (hexadecimal identifier). 5, Information summary, information “fingerprint”, is used to do data identification.
2. Use of Hash
①, user password encryption ②, search engine ③, copyright ④, digital signature
The following is an overview of password encryption and digital signatures
1. Password encryption
Step 1
Password encryption requires that the server does not retain the plaintext password of the user. Therefore, RSA is not suitable for password encryption.
Step 2 Common HASH
Ordinary hashes have Hash collisions, so simple password hashes (such as MD5) are not secure. Recommended sites: Anti-MD5 sites
Step 3 Fix the salt
Since simple hashing is not secure, we can further think of converting the password through a fixed algorithm to Hash, which is commonly known as adding salt. This method seems to be safe, but because the algorithm is fixed, there are actually a lot of people who have contacted this algorithm. For example, once the programmer who wrote this algorithm leaves, the algorithm will become unsafe.
Step 4 Dynamic salt (HMAC)
Fixed algorithm is not good, so change to a dynamic algorithm, algorithm parameters are issued by the server for individuals, so no matter who quit will not affect the privacy of the algorithm. In this way, although the plaintext password of the user is protected, the hacker can still obtain the user’s token returned to us by the server in the form of man-in-the-middle attack. Then, the hacker can still obtain the user’s information through this token every time, so it is not safe.
Step 5 Dynamic salt (HMAC) + timestamp
Finally, to make each user’s token different, dynamic salt + timestamp can be adopted for the final verification. Md5 is checked in the same way by the server, the only difference is that the time stamp is also taken into account the last minute of service delivery delay.
2. Digital signature
A diagram illustrates digital signatures
3, symmetric encryption
Symmetric Encryption
Commonly used symmetric encryption is divided into three types:
| way | meaning |
|---|---|
| DES | Data encryption standards (used sparingly because they are not strong enough) |
| 3DES | The same data is encrypted three times with three keys, and the strength is enhanced |
| AES | Advanced cryptographic standard |
AES is the mainstream encryption mode. AES is divided into ECB and CBC encryption modes: ECB (Electronic Code Book) : Electronic Code Book mode. Each piece of data is encrypted independently. The most basic encryption mode, that is, commonly understood encryption, the same plaintext will always be encrypted into the same ciphertext, no initial vector, vulnerable to passbook replay attacks, rarely used in general.
Cipher Block Chaining (CBC) : Cipher Block Chaining mode. Data is encrypted using a key and an initialization vector [IV]. The plaintext is encrypted after xOR operation with the previous ciphertext. Therefore, the same ciphertext will be encrypted after different initial vectors are selected. This is the most widely used ciphertext mode. CBC encrypted ciphertext is context-dependent, but plaintext errors are not passed to subsequent groups, but if one group is lost, all subsequent groups are invalidated (synchronization errors).
Features: CBC effectively ensures the integrity of ciphertext. If a data block is lost or changed during transmission, subsequent data cannot be decrypted.
Symmetric encryption terminal command:
Encryption:
/ / AES encryption (ECB) "hello" string $echo -n hello | openssl enc - AES - 128 - the ECB - 616263 - K nosalt | base64 / / AES encryption "hello" string $(CBC) echo -n hello | openssl enc -aes-128-cbc -iv 0102030405060708 -K 616263 -nosalt | base64Copy the codeDecryption:
/ / AES (ECB) decryption $echo -n d1QG4T2tivoi0Kiu3NEmZQ = = | | base64 - D openssl enc - AES - 128 - the ECB - 616263 - K nosalt - D / / AES (CBC) decryption $echo -n u3W/N816uzFpcg6pZ + KBDG = = | | base64 - D openssl enc - AES - 128 - CBC - iv in 0102030405060708-616263 K - nosalt - dCopy the code