Shulou(Shulou.com)06/01 Report--

This article briefly talks about the two most commonly used asymmetric encryption DH algorithm and RSA algorithm, the text does not intend to involve some mathematical principles, this has been described in many articles on the Internet, and there is no too much meaning to repeat (This kind of article only needs to pay attention to two points, ** one is the key generation method, and the other is the data encryption and decryption formula **), this article is only to help the general user to clearly distinguish the similarities and differences between the two algorithms and the application occasions, so it will not be too long. For DH and RSA algorithms, the biggest similarity lies in their theoretical basis is "elementary number theory." Since it is elementary, it means that if we need to understand its principle, we only need to have the mathematical foundation of middle school, even junior high school mathematics, and will not apply to the relevant content of college mathematics. You don't need to pay attention to any limit, differentiation, integration, etc., but RSA algorithm is based on the so-called "Euler Theorem"(Fermat's theorem is a special case), while DH has no obvious involvement, but there are two contents that may need to be proved, which are not involved in this paper. They are all about congruence problems (many problems in elementary number theory are related to congruence, among which the most famous one is probably "Sun Zi Theorem", or can be called "Chinese Remainder Theorem", which will be described in any book on number theory). So where is the difference? The most significant difference is that DH is used for dynamic key exchange, which actually generates a key pair on the server and client, that is, two pairs of keys, and note that it is dynamic; RSA only contains a set of key pairs, and it is static, that is, once the private key is generated, it will not change unless it is explicitly replaced. Through a simple analysis, we can see why shared keys generated using DH algorithm are not available because they are in the memory of the server and client respectively.(For shared keys, both parties can calculate by themselves, without exchange, because the client and server calculate the same key, as long as they exchange their respective public keys), so there is no other way except brute force cracking, and because of the problem of large prime numbers, and the randomness of key generation (random private key size is between 1 and this large prime minus one, so it must be mutual prime), it cannot be guaranteed to crack under the current conditions. In addition, RSA is only used for signature because it consumes too much computational resources (That is, only a small amount of data can be verified, such as the digest of part of the content of the digital certificate can be signed), will not be used for real data content encryption; while DH algorithm is only an exchange key, the generated key is used for data encryption and decryption, and the symmetric algorithm used for real data encryption and decryption is generally AES.(SSL, HTTPS usually use this algorithm, and not much of the previous 3DES); so in OPENSSL there is a so-called encryption algorithm suite, they are used for different purposes, and in OPENSSL there is a set of calculations on large numbers (Big Number), but users generally do not call it directly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.