Shulou(Shulou.com)06/01 Report--

Established demand A

In typical cases where encryption is used, both parties (Alice and Bob) communicate over an insecure channel. Alice

And Bob want to make sure that anyone who might be listening cannot understand the communication between them. And, because

Alice and Bob are far apart, so Alice must make sure that the information she receives from Bob is not in the

Modified by anyone during transmission. In addition, she must make sure that the information does come from Bob, not from imitation.

Bob's people.

Encryption is used for the following purposes:

Confidentiality: helps protect the user's identity or data from being read. Take measures: two-way encryption

Data integrity: helps protect data from being changed. Action taken: single encryption (MD5 hash)

Authentication: ensure that the data is sent from a specific party. Take measures: digital signature

Non-repudiation: prevents a particular party from denying that a message has been sent. Take measures: public key encryption

Brief Analysis of the principle of two-way encryption:

Alice sends a "I Love You" message to Bob,Alice and doesn't want anyone else to see it, so she uses

Two-way encryption completes the processing of the content. If the encrypted password of Alice is aa, the message becomes "IaaLoveaaYou".

Then Bob gets the information of Alice, specifies the password aa, and Bob can decrypt the original words. At this time, both directions

Encryption is obvious, using the same password to encrypt and decrypt, which ensures the rapidity of encryption.

Figure:

Common two-way encryption: DES, 3DES, AES

# encrypt a file with des

Openssl enc-in-out-e encryption-des

# decrypt a file with des

Openssl enc-in-out-d decryption-des

Established requirements B:

When Alice and Bob communicate, maybe Evil is watching. Evil through multiple technical means (self-brain supplement

Http://wenku.baidu.com/view/1473d13a580216fc700afdf6.html)

After getting the original content and encrypted password of Alice, Evil had an idea to change the content to I Fairchild You, and then made use of

The encryption password aa is encrypted, and the content becomes IaaF**KaaYou. Guess what happens when Bob receives the message? So Bob

When you receive a message, make sure that no one has modified it.

Figure:

Brief Analysis of the principle of single encryption:

I Love You and random hash value (11), one round of calculation, of course, in the real scene is greater than

128-bit primes, which may be calculated in more than 512 rounds, are here only for illustration.

Figure:

Common single encryption: MD5, SHA128, SHA256, SHA512

Openssl dgst [- Summary Type]

Note: single encryption only summarizes the content of the original message and does not encrypt the data.

Established requirements C:

So far, we have solved only one of the two problems in the established requirement B (ensuring integrity), encrypting the transmission process.

A transmission password is required in, which is obviously not secure. Let's try it: do not transmit passwords, so that passwords are exchanged.

Figure:

Brief Analysis of the principle of key Exchange (asymmetric encryption):

Using the Diffle-Hellman key exchange algorithm, only two large primes are negotiated, and the most basic multiplication distribution is used locally.

Complete the data exchange to avoid the network transmission of passwords. But the DH algorithm cannot resist the middleman and must borrow a digital signature.

It's safe enough.

Figure:

Common asymmetric encryption: DH, IKE

Struct {BIGNUM * p; / / large prime BIGNUM * g; / / generated prime BIGNUM * priv_key; / / private value x BIGNUM * pub_key; / / calculated value g to the x power}

Established requirements D:

After passing the established requirements B and C, it seems that password security can be guaranteed, we are trying to imagine a problem, in Alice and Bob

When the first negotiation prepares the password, Evil has already replaced Bob under a false name. What should I do? Alice in future communications

Will continue to communicate with Evil, which of course goes against the original intention of Alice. The question arises, who can prove to Alice at this time

What about Bob who corresponded with her?

Figure:

A brief Analysis of the principle of Digital Certificate and signature

The digital certificate acts as the third party here, and the money of the buyer who goes to Taobao is placed in Alipay in the same position.

How do you prove that you paid for the credit card? Because there is your signature, the digital signature is to use the only code you have

The resulting Internet information is encrypted individually. The digital certificate will prove the authenticity of the information, and the digital signature will prove the authenticity of the

Can't be forged, because you're the only one who has that code.

Common digital certificates and digital signatures: x509, pkcs and RSA, DSA

For more information on openssl, please see apache2.4.9 installation-https implementation.

Since then, we have solved the four purposes of encryption. Of course, there are no foolproof security measures. Today, the security problem is becoming more and more serious.

(CSDN, Tianya plaintext password, JD.com was stolen, Ali internal data was stolen, 2000W room data, Ctrip credit card information leaked.)

We also need to pay more attention to Internet security and spread Internet security, which is the duty and obligation of every practitioner.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.