Shulou(Shulou.com)06/01 Report--

Here are some basic knowledge of data encryption that I have sorted out, including a summary of all kinds of data encryption and an introduction to most commonly used data encryption.

Premise:

Encryption technology is the main security measure adopted by e-commerce, and it is the most commonly used means of security secrecy, which transmits important data into garbled code (encryption) by technical means. after arriving at the destination, it is restored (decrypted) by the same or different means. Encryption technology is applied in many aspects, but the most widely used is in e-commerce and × ×, which is deeply loved by the majority of users.

Classification:

1. According to the way plaintext is encrypted, cipher algorithms can be divided into sequence ciphers and block cipher algorithms.

1. The sequence cipher algorithm processes plaintext messages bit by character. It uses a small number of keys to generate a large number of pseudo-random bitstreams through some complex operation, which is used to encrypt the plaintext bitstream. The key must be changed before each use, generally stored in the cryptographic device or input from the external cryptographic device. Its advantage lies in its fast operation speed and is suitable for trunk information encryption. Its disadvantage is that the key transformation is too frequent, the key distribution is difficult, and the key synchronization problem is serious.

2. The block cipher algorithm divides the ciphertext into equal-length groups and encrypts them separately. Because it meets the needs of network data processing in blocks and is easy to solve the problem of password synchronization, it has become the mainstream of commercial ciphers.

Second, according to whether the keys are the same during encryption and decryption, the encryption algorithm can be divided into symmetric cryptographic algorithm (or single-key cryptographic algorithm) and public-key cryptographic algorithm Hash algorithm.

1. Symmetric algorithm in the Japanese cryptographic algorithm, the receiver and the sender use the same key (key for short). That is, the encryption key and the decryption key are the same or equivalent. the more famous symmetric cryptographic algorithms are American DES and its various variants, such as DES, 3DES, DESX, Blowfish, IDEA, RC4, RC5, RC6, AESTriple, FEAL-N, LOKI-91, Skipjack and so on. The disadvantage of symmetric cryptography is that the problem of key distribution is serious, because it requires a separate secure channel, and N (Nmurl) / 2 sets of keys are needed for N users to communicate with each other.

AES

With the development of symmetric cryptography, DES data encryption standard algorithm can no longer meet the security requirements of data encryption in today's distributed open network because of its small key length (56 bits). Therefore, in 1997, NIST openly solicited a new data encryption standard, namely AES [1]. After three rounds of screening, the Rijndael algorithm submitted by Joan Daeman and VincetRijmen of Belgium is proposed as the final algorithm of AES. This algorithm will become the new data encryption standard in the United States and will be widely used in various fields. Although people have different views on AES, generally speaking, as a new generation of data encryption standard, AES combines the advantages of strong security, high performance, high efficiency, easy to use and flexibility.

BLOWFISH

The BlowFish algorithm is used to encrypt a string of 64Bit length.

The BlowFish algorithm uses two "boxes"-ungigned long pbox [18] and unsigned long sbox [4256].

In the BlowFish algorithm, there is a core encryption function: BF_En (described in detail later). The function inputs 64-bit information and outputs it in the form of 64-bit ciphertext. Encrypt the letter with BlowFish algorithm

Information requires two processes: 1. Key preprocessing 2. Information encryption

DES

Data encryption algorithm (Data Encryption Algorithm,DEA) is a symmetric encryption algorithm, which is probably the most widely used key system, especially in protecting financial data.

The developed DEA is embedded in the hardware. Typically, automatic teller machines (Automated Teller Machine,ATM) use DEA. It comes from IBM's research work, and IBM has patented it for several years.

The right, however, is in the public domain after it expired in 1983 and is allowed to be used without patent royalties under certain conditions. It was formally adopted by the United States government in 1977.

There are also DES2 and DES3 algorithms.

3DES

3DES (that is, Triple DES) is an encryption algorithm for the transition from DES to AES, which uses three 64-bit keys to encrypt data three times. Is a safer variant of DES. It takes DES as the basic module.

The packet encryption algorithm is designed by over-combination grouping method. It is more secure than the original DES,3DES.

RC2

RC2 is a traditional symmetric block encryption algorithm designed by the famous cryptographer Ron Rivest. It can be used as a suggested alternative to the DES algorithm. Its input and output are both 64 bits. The length of the key is

Variable from 8 bytes to 128 bytes, but the current implementation is 8 bytes (1998).

RC4

RC4 encryption algorithm is a stream encryption algorithm cluster with variable key length designed by Ron Rivest, the number one of the famous RSA trio, in 1987. It is called a cluster because of its core part.

The length of the S-box can be arbitrary, but it is generally 256 bytes. The speed of the algorithm can reach about 10 times that of DES encryption, and has a very high level of nonlinearity. RC4 was originally used to protect trade secrets. But...

In September 1994, its algorithm was published on the Internet, and there were no more trade secrets. RC4 is also called ARC4 (Alleged RC4-- 's so-called RC4) because RSA never has

This algorithm has been officially released.

RC5

The RC5 code was invented in 1994 by Professor RonaldL.Rivest of the Massachusetts Institute of Technology. It is a very fast and simple algorithm that is parameterized by block size, number of rounds, and key length. These parameters

Can be adjusted to meet different security purposes, performance and export capabilities. The merged RSA data Security has filed the patent application for RC5 password and RC5,RC5-CBC,RC5-CBC-Pad,RC5-CTS and

Classifies the various changes

ECDSA

The mathematical principle of elliptic curve digital signature algorithm (ECDSA) is based on the unsolvability of elliptic curve discrete logarithm problem. The research status of discrete logarithm on EC points shows that the ECDSA keys used should at least

It takes 192 bits to ensure adequate medium-and long-term security.

SKIPJACK

The Skipjack block encryption algorithm was designed by the US National Security Agency (NSA) in 1985, completed the evaluation in 1990, and was officially announced by the US government in 1993. It is "Capstone".

One of the government's long-term plans based on the computer Security Act passed by Congress in 1987 (the other three projects are Digital signature Standard (DSA), secure Hash function (SHA) and key Exchange

Method). The Skipjack algorithm was once classified as "confidential".

2. In public key cryptography, the keys used by the receiver and the sender are different, and it is almost impossible to derive the encryption key (private key for short) from the decryption key (public key for short). The more famous public key cryptography algorithms are: RSA, McEliece cryptography, Diffe-Hcllman, Rabin, Ong-Fiat Shamir, zero knowledge proof algorithm, ECC, EIGamal algorithm and so on. The advantage of public key cryptography algorithm is that it is very convenient for key distribution. There is no need for a separate secure key channel, and as long as N users communicate with each other as long as N groups of keys (public key and private key), the process from public key to private key is irreversible. At the same time, it also has identity authentication, which can meet the current authentication needs of digital signatures, such as RSA DSA (digital signature).

RSA

RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and it is easy to understand and operate. The RSA public key encryption algorithm was developed by Ron Rivest, Adi Shamirh and LenAdleman in 1977.

Developed by the Massachusetts Institute of Technology. RSA is named after the three developers. RSA is by far the most influential public key encryption algorithm, which can resist all known passwords so far.

It has been recommended as the public key data encryption standard by ISO. The RSA algorithm is based on a very simple number theory fact: it is very easy to multiply two large primes, but it is extremely difficult to factorize their products at that time.

It is difficult, so the product can be exposed as an encryption key.

DSA

DigitalSignature Algorithm (DSA) is a variant of Schnorr and ElGamal signature algorithms, and is used as a digital signature standard (DigitalSignature) by NIST (National Bureau of Standards).

Standard). It also belongs to the public key cryptosystem and uses Secure Hash Algorithm (SHA/SHA-1) as the intermediate one-way calculation algorithm.

DH

Diffie-Hellman algorithm (Dmurh algorithm), key consistency protocol. It is an idea put forward by Diffie and Hellman, the founders of public key cryptosystem. To put it simply, two users are allowed to

Exchange information on public media to generate "consistent" keys that can be shared. In other words, Party A produces a pair of keys (public key and private key), and Party B generates Party B's key pair according to Party A's public key.

(public key, private key). Take this as the baseline, as the data transmission security basis, while both sides use the same symmetric encryption algorithm to build a local key (SecretKey) to encrypt the data. In this way, it's interworking.

After the local secret (SecretKey) algorithm, Party An and Party B disclose their own public keys, encrypt the data with each other's public key and the private key just generated, and at the same time use each other's public key and their own private key to pair the data.

Decrypt it. Not only Party An and Party B, can be extended to multi-party shared data communication, so as to complete the secure communication of network interactive data! The algorithm comes from the Chinese congruence theorem-Chinese remainder theorem.

ECC

In October 2000, the international cryptographic community held an academic conference (ECC2000) in ESSEN, Germany. At this conference, cryptographers and mathematicians from all over the world proved that the fastest cracking of the ECC algorithm was achieved.

The efficiency is higher than that of sub-exponential level, while the fastest cracking efficiency of RSA algorithm is sub-exponential level. The convening of ECC2000 further established the security of ECC algorithm academically, and greatly promoted it in all over the world.

The application of China.

3. HASH algorithm: HASH algorithm is an one-way algorithm. Through the monomial three-column function, a kind of special encryption algorithm, generally used for authentication, the input variable length data can get a fixed length output, the input data changes immediately. Specific hash value data can be generated from the original data through a specific HASH algorithm, but the reverse is irreversible; for example, MD5, which is mainly used for password storage. For example, the data form of user passwords stored in large portals should be the form after the HASH algorithm. There are: MD5, RSA, MD2, MD4, MD5, HAVAL, SHA, SHA-1, HMAC, HMAC-MD5, HMAC-SHA1

SHA

SHA (Secure Hash Algorlthm, secure hashing algorithm) is a commonly used data encryption algorithm. It is developed by the National Institute of Standards and Technology (Natlonal Instituteof Standards and).

Technology) was published as a federal information processing standard in 1993 (that is, the first generation of SHA algorithm-SHA-0). In 1995 and 2002, the improved versions of SHA-1 and SHA-2 were also officially released.

SHA-1 and SHA-2 have higher security than SHA-0. The design principle of SHA algorithm is similar to that of MD5 algorithm. Input is also processed in units of 2blt data blocks.

SHA-1

SHA-1 hash algorithm was originally designed for DSA algorithm, and its design principle is similar to the design principle of MD2,MD4, especially MD5 hash function proposed by Ron Rivest.

MD2

Rivest developed the MD2 algorithm in 1989. In this algorithm, the information is patched first so that the byte length of the information is a multiple of 16. Then, with a 16-bit check and append to the information

At the end. And the hash value is calculated according to the newly generated information. Later, Rogier and Chauvaud found that it would conflict with MD2 if the verification was ignored. After encrypted by MD2 algorithm, the result is unique.

That is, there is no repetition.

MD4

MD4 is an information summary algorithm designed by Ronald Rivest, a professor at Massachusetts Institute of Technology in 1990. It is the implementation of a cryptographic hash function used to test the integrity of information. The length of the summary is 128

Bit. This algorithm affects later algorithms such as MD5, SHA family, RIPEMD and so on.

MD5

The full name of MD5 is Message-Digest Algorithm 5 (Information-Summary algorithm), which was developed by MIT Laboratory for ComputerScience and RSA Data Security Inc in the early 1990s.

Developed by Ronald L. Rivest and developed by MD2, MD3 and MD4.

HAMC

HAMC is a key-related hash operation message authentication code (keyed-Hash Message Authentication Code). The HMAC operation uses a hash algorithm to generate a key and a message as input.

A message digest as output. The HMAC engine provides HMAC computing capabilities and plays a role in two aspects:

(1) validate the authorization data and authentication data accepted by TPM;

(2) confirm that the command request received by TPM is an authorized request and that the command has not been changed during transmission.

HMAC_SHA1

HMAC_SHA1 (Hashed Message Authentication Code, Secure Hash Algorithm) is a secure message authentication protocol based on encrypted hash function and shared key. It can have

Effectively prevent data from being intercepted and tampered with in the process of transmission, and maintain the integrity, reliability and security of the data. The success of HMAC_SHA1 message authentication mechanism lies in an encrypted hash function and an addition.

Secret random key and a secure key exchange mechanism. HMAC_SHA1 is actually a hash algorithm, but a hash algorithm that uses a key to get the abstract value.

HMAC_SHA1 algorithm can be well applied in authentication and data integrity, and network security has been well implemented at present.

In addition to the above types of passwords, there are many other new types of passwords that have been studied at home and abroad in recent years.

Such as quantum cipher (Quantum Cryptography), heat flow cipher (Heat Flow Cryptography), chaos cipher (Chaos Cryptography) and view cipher (Visual Cryptography).

These are still in the pre-research stage, especially their safety and reliability need to be studied. There is still a long way to go.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.