algorithm used
10.1 Choosing an Algorithm
Several alternatives when choosing an algorithm:
1) Choose an algorithm that has been verified and published by many cryptographers
2) Choose a cryptographic algorithm manufacturer with a very good reputation
3) Choose a reputation Very good and very capable consultant4
), choose to believe in the government5
), choose to write algorithms by yourself (believe in your own ability)
Of these choices, the best is the first one. All the algorithms in this book are publicly released and tested in practice. Others, such as manufacturers, consultants, governments, and individuals, are all unreliable, either because of man-made reasons or machine reasons, and there are more or less all security problems, and there are not many of these problems It is difficult to know where the problem is.
In the final analysis, the algorithm generally chooses a public and verified encryption algorithm
10.2 Public-key cryptography vs. symmetric cryptography
The debate on who is good and who is bad between asymmetric encryption and symmetric encryption has been around for a long time, and each has its own opinion. But in fact, both have their own advantages and disadvantages.
Symmetric encryption algorithm: its best place is fast. The amount of encrypted data can be very large, which can be doubled by public key encryption. In addition it is immune to chosen ciphertext attacks . But the key is very dangerous during the transfer process, and it is likely to be intercepted.
Public key encryption algorithm: its benefits are key custody and massive agreements. There is no doubt about the security of the key, but it will be very slow compared to symmetric encryption.
To sum up, both have their own advantages and cannot be compared together. It is obviously unfair to talk about the advantages of a certain type of algorithm alone.
10.3 Encrypted transmission channel
In theory, the encryption process can be implemented on the OSI communication model.
In fact, it is necessary to discuss in layers. If it is at the lower layer, such as layer 1-2, the encryption at this time is called: link-by-link encryption , and if it is at a higher layer, it can be called: end-encryption (end- to-end encryption)
1) The link is encrypted segment by segment
The physical layer is the best choice for this type of encryption. The encryption at this layer is to encrypt data, route information, protocol information, and so on. This algorithm has a huge impact, because all information is encrypted, and cryptographers do not know any information at all. This is called: traffic-flow security (the enemy is not only denied information, but also denied the source of information, information how much).
This kind of encryption does not rely on communication management technology, and key management is also very simple. Only two endpoints on a line need a common key, and these two endpoints can freely change their own online keys. As shown below:
The shortcomings of this model are also obvious. 1. All data will be encrypted, and the security is very strong, but the amount of data will be very large, and the transmission process will be quite difficult. 2. Because there is a key between nodes, if the key between nodes is cracked, it will appear insecure.
side encryption
This approach generally places the encryption device between the network layer and the transport layer. Therefore, the equipment must understand the data of the lower three layers, encrypt the transport layer unit, and send it to the bottom layer.
This method is to encrypt once at the beginning and decrypt once at the end. The disadvantage is that the relevant information of the data is not encrypted, and an excellent cryptographer can know more things through these scattered relevant information. Key management is also very difficult, and every user must ensure that they protect their keys.
10.4 Hardware Encryption vs. Software Encryption
hardware
1) Speed
The speed of hardware encryption is much faster than that of software encryption. Generally speaking, encryption algorithms are very complicated, and processing them on general-purpose processors will be very inefficient. Therefore, if the same algorithm is run by software, the speed is generally not as good as that of the hardware encryption algorithm.
In addition, the encryption algorithm occupies a lot of computing tasks. If the main processor is all occupied by software, the utilization rate of resources will be very low. Transferring the algorithm to a dedicated chip will save more resources. ?
2) The security
algorithm runs on a computer without hardware protection, so anyone can participate in modifying the algorithm without being detected. But if there is hardware detection, then these operations will be detected and blocked according to the situation. Various types of hardware have different protection functions. Such as key protection, information tamper-proof...
3), easy to install
Many encryption applications are not compatible with ordinary computers. For example, if someone wants to encrypt phone conversations, faxes, data connections, then the role of the computer is not particularly obvious. But hardware encryption, you can install the hardware directly on the phone, on the fax machine, on the modem. Installation can be described as extremely convenient.
software
The disadvantages of software are the advantages of hardware, but there are also advantages of software. In summary, there are several: flexibility, portability, ease of use, and ease of update .
These advantages of the software make it widely used by ordinary people, and the number of users is very large. You only need to encrypt a file, and its confidentiality is not so high that it cannot be viewed, so there is no need to To buy a piece of hardware to encrypt this file, you only need to use an encryption software or a compressed file to encrypt it, which is simple, effective, and has certain security.
10.5 Compression, Encoding, Encryption
There are two reasons why compression and encryption are used together:
1. Cryptanalysis relies on the use of redundancy in plaintext, and compression can effectively reduce redundancy in text.
2. Encryption is very time-consuming. Compression before encryption can reduce the entire process time.
Remember to compress before encryption, if the encryption algorithm is good, then the plaintext will not be able to be compressed anymore.
10.6 Check Encryption
How to spy on an encrypted file? Now popular encryption algorithms have a well-defined header. Through this header, you can check the type of the file and whether it is compressed. Anyway, you can get quite a lot of information.
10.7 Hiding ciphertext in ciphertext
Alice and Bob are two criminals, P is the plaintext, D is the fake plaintext, C is the ciphertext, K is the real key, K' is the fake key A encrypts the plaintext P: P⊕K
=
C
Alice and Bob share K, Bob It can be decrypted:
C⊕K=P
The police forced them to hand over the key, but they handed over the fake key:
K'=C⊕D
The police decrypted and got a fake message:
C⊕K'=D
This is an encryption, and K is random, so it cannot be proved that K' is false. If Alice and Bob make the news in D more plausible, it will be impossible to detect that they gave fake keys and fake news.
10.8 Destruction of information
The apparent deletion of files in the disk is not really deleted, but just deletes the entry to open the file on the computer. You can use related software to search, repair, and finally retrieve the original deleted file.
In a computer, even if you don't actively save plaintext, your computer will do it automatically.
So in summary, if you want to delete files on your computer, you have to delete all the files on the disk, or overwrite all the disks with new files