Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Java encryption and Security

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/03 Report--

I. brief introduction

Data security

Anti-theft, anti-tampering, anti-forgery

Ancient encryption: shift password: HELLO = > IFMMP move an alternative password back according to English order: HELLO = > p12jue 5, or replace the password by using the words on the pages and lines of a book.

All of this is based on human imagination and intuition, which is very unreliable, and modern computer encryption:

Cryptography has gradually developed into a discipline based on strict data theory.

Summary

It is very difficult to design a secure encryption algorithm to verify that it is more difficult to verify whether an encryption algorithm is secure. at present, the encryption algorithm that is considered secure is only so far unbreached, do not design your own encryption algorithm, do not implement your own encryption algorithm, do not modify your existing encryption algorithm 2, URL coding

What is URL coding?

URL encoding is the encoding used by the browser when sending data to the server.

Key1=value1&key2=value2&key3=valuyeq=%E4%B8%AD%E6%96%87

What is coding?

Ascii code is a kind of coding, such as

Letter coding (hexadecimal) A0x41B0x42C0x43D0x44. Chinese character Unicode coding UTF-8 coding 0x4e2d0xe4b8ad text 0x65870xe69687 coding 0x7f160xe7bc96 code 0x78010xe7a081.

What are the URL coding rules?

Amurz XX 0-9 and * *-_. * remain the same. Other characters are represented by%

For example:

1. "5Lit"

Index coding 0A26a5201B27b5312C28c.3D29d619.62+25Z51z63/

Purpose

It is a way to express binary content in text (AmurZLING 0-9MALINGRAPHY =), which is suitable for reducing the efficiency of text protocols.

Because binary is encoded by base64, its length will increase by 1/3. If the length of the array is not an integer multiple of 3, the 0x00 or 0x00 0x00 will be added at the end.

Adding = after encoding indicates that 1 byte has been added.

Adding = after encoding indicates that 2 bytes have been added.

Apply email protocol / * Base64 Encoding * / public class SecBase64 {public static void main (String [] args) throws Exception {String original = "Hello\ u00ff Encoding Test"; / / withoutPadding () can remove the byte "=" after encoding, whether or not it does not affect String b64 = Base64.getEncoder () .withoutPadding () .encodeToString (original.getBytes ("UTF-8")) System.out.println (b64); String ori = new String (Base64.getDecoder (). Decode (b64), "UTF-8"); System.out.println (ori);}}

Because standard base64 causes conflicts in url, using base64 encoding in url uses a different one.

In java, using url's base64 encoding, it changes "+" to "-" and "/" to "_" so that it does not cause conflicts when passing url parameters

Summary

Base64 is an encoding algorithm, not an encryption algorithm. The purpose of Base64 coding is to encode any binary data into text (increase the length by 1 stroke 3) other codes: Base32, Base48, Base58 III, digest algorithm

First, what is the summary algorithm?

The algorithm is an algorithm that can produce a special output format, the characteristic of this algorithm is that no matter how long the original data input by the user, the ciphertext output after calculation is of fixed length, as long as the original data changes slightly, the output "summary" is completely different, therefore, the algorithm based on this principle can provide a more sound guarantee for data integrity.

The commonly used summary algorithms are MD5 and SHA1. The output of D5 is 16 bytes (128bits) and that of SHA1 is 20 bytes (160bits).

Abstract algorithm (also known as hash algorithm / digital fingerprint)

* calculate the summary of any Chengdu data (fixed length)

The same input data always get the same output, different input data get different output as much as possible.

Objective:

Verify that the original data has been tampered with

For example:

Input: data of any length (byte [])

Output: fixed length data (byte [n])

Hash ("hello") = 0x5e918d2

Hash ("hello,java") = 0x7a9d88e8

Hash ("hello,bob") = 0xa0dbae2f

The Object.hashCode () method of Java is a summary algorithm.

This means that the same input must get the same output, and when we re-equals () method, we have to re-hashCode () method at the same time

What is a collision?

Two different inputs get the same output.

For example:

Hash ("abc") = 0x12345678

Hash ("xyz") = 0x12345678

At this time, we said that there was a collision, can the collision, the collision can not be avoided.

The output bytes are fixed, while the input bytes are uncertain

Output n bits range 000000000000001100000000102.111111111111162235

The security of Hash algorithm?

With a low collision rate, you can't guess that any change in the output input bit will cause a completely different output. It is very difficult to deduce the input from the output (can only rely on violence).

Common summary algorithm

Rainbow watch

What is a rainbow watch? Is a pre-calculated list of commonly used characters and md5.

Resist the rainbow watch

Add an additional random salt (salt) public static void main (String [] args) throws Exception {String str = "MD5 digest algorithm test" to each password; byte [] bytes = toMD5 (str.getBytes ("UTF-8")); / / print out the byte array System.out.println (String.format ("2x", new BigInteger (1 bytes)) in hexadecimal format) } public static byte [] toMD5 (byte [] input) {MessageDigest md; try {md = MessageDigest.getInstance ("MD5");} catch (Exception e) {throw new RuntimeException (e);} md.update (input); return md.digest ();}

Public static void main (String [] args) throws Exception {String password = "helloworld"; String salt = "Random salt"; byte [] bytes = toMD5 ((salt+password) .getBytes ("UTF-8")); / / print out the byte array System.out.println (String.format ("2x", new BigInteger (1 bytes)) in hexadecimal format } public static byte [] toMD5 (byte [] input) {MessageDigest md; try {md = MessageDigest.getInstance ("MD5");} catch (Exception e) {throw new RuntimeException (e);} md.update (input); return md.digest ();}

II. SHA-1

It is also a hash algorithm output 160bits / 20 bytes U.S. National Security Agency Development SHA-0/SHA-1/SHA-256/SHA-512

Example: same as md5

Public static void main (String [] args) throws Exception {String str = "MD5 digest algorithm test"; byte [] bytes = toMD5 (str.getBytes ("UTF-8")); / / since the SHA-1 output is 40 bytes, use 0x to represent the output System.out.println (String.format ("0x", new BigInteger (1 bytes) } public static byte [] toMD5 (byte [] input) {MessageDigest md; try {md = MessageDigest.getInstance ("SHA-1");} catch (Exception e) {throw new RuntimeException (e);} md.update (input); return md.digest ();}

Jdk does not include the RipeMD160 algorithm. You need to download the jar package separately and put it in jdk.

III. BouncyCastle

A set of encryption / hash algorithms provided by third parties provide algorithms that are not provided by JDK, such as RipeMD160 hash algorithm

How do I use an algorithm provided by a third party?

Add a third-party jar to classpath to register a third-party algorithm provider that normally uses the interface provided by JDK

IV. Hmac

Hmac:Hash-based Message Authentication Code

Message Authentication Code algorithm based on key

A more secure message digest algorithm

HmacMD5 can be thought of as MD5 with secure Salt

Public class Hmac {public static byte [] hmac (String hmacAlgorithm, SecretKey skey,byte [] input) throws Exception {Mac mac = Mac.getInstance (hmacAlgorithm); mac.init (skey); mac.update (input); return mac.doFinal ();} public static void main (String [] args) throws Exception {String algorithm = "HmacSHA1"; / String algorithm = "HmacSHA256"; / / Raw data String data = "hello world" / randomly generate a key KeyGenerator keyGen = KeyGenerator.getInstance (algorithm); SecretKey skey = keyGen.generateKey (); / / print key byte [] key = skey.getEncoded (); BigInteger bigInteger = new BigInteger (1, key); System.out.println ("Key:" + bigInteger.toString (key.length/2)); / / use this key to calculate byte [] result = hmac (algorithm,skey,data.getBytes ("UTF-8")) BigInteger resultInteger = new BigInteger (1, result); System.out.println ("Hash:" + resultInteger.toString (result.length/2));}}

Summary:

Hmac is not a reinvented algorithm, but the algorithm that mixes Key into digest can cooperate with digest algorithms such as MD5 and SHA-1. The length of digest is the same as that of the original digest. 4. Symmetrical encryption algorithm

one。 What is symmetrical encryption algorithm

Encrypt and decrypt using the same key, for example: WinRAR

Second, commonly used encryption algorithms

Their key lengths are different, and the key length determines the strength of encryption. Working mode and filling mode can be regarded as the choice of parameters and format of encryption algorithm. The algorithm provided by jdk does not provide all working mode and filling mode.

The des algorithm has been eliminated because the key can be violently cracked in a short time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 293

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report