preamble
If the string we want to consume has no unique identifier, how can we prevent repeated consumption . [email protected]
Background Information
encryption
Encryption technology is the most commonly used means of security and confidentiality. It uses technical means to convert important data into garbled codes (encryption) for transmission, and then restores (decrypts) with the same or different means after reaching the destination.
The algorithm converts ordinary information or understandable information and a series of numbers into incomprehensible ciphertext . In security and confidentiality, appropriate encryption technology and key management mechanism can be used to ensure the security of network information communication.
AES
The Advanced Encryption Standard (AES) in cryptography, also known as Rijndael encryption , is a block encryption standard adopted by the US federal government . ---------Symmetric encryption
This standard is used to replace the original DES (Data Encryption Standard), has been analyzed by many parties and is widely used all over the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) in FIPS PUB 197 on November 26, 2001, and became an effective standard on May 26, 2002. In 2006, the Advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption [1].
The Advanced Encryption Standard Algorithm addresses concerns in many ways. In fact, the same means of attacking Data Encryption Standard have no effect on Advanced Encryption Standard Algorithm itself. With true 128-bit encryption or even 256-bit encryption, a brute force attack would take a considerable amount of time to succeed.
OF THE
Data Encryption Standard (DES, Data Encryption Standard) is a block cipher encrypted with a key. It was identified as the Federal Data Processing Standard (FIPS) by the National Bureau of Standards of the US federal government in 1976, and then widely spread internationally. It is based on a symmetric algorithm using a 56-bit key. This algorithm was controversial at the beginning because it contained some confidential design elements, relatively short key length , and suspected of containing the back door of the US National Security Agency (NSA) , so DES was therefore subject to strong academic scrutiny and was named as This drove the development of modern block ciphers and their cryptanalysis.
hash
Hash, generally translated as "hash", there are also direct transliterations into "hash", that is, an input of any length is converted into a fixed-length output through a hash algorithm , and the output is a hash value . ----Here is the key point, any length of input, fixed length of output [email protected]
This conversion is a compression mapping, that is, the space of the hash value is usually much smaller than the space of the input, different inputs may be hashed into the same output, and it is impossible to uniquely determine the input value from the hash value. ----- So the same output may come from different inputs, but the probability is extremely small [email protected] Simply put , it is a function that compresses a message of any length into a fixed-length information summary.
HASH is mainly used for encryption algorithms in the field of information security. It converts some information of different lengths into messy 128-bit codes , called HASH values. It can also be said that hash is to find a data content and data storage address. mapping relationship .
The application of Hash algorithm in information security is mainly reflected in the following three aspects:
1) File verification
The check algorithms we are more familiar with include parity check and CRC check. These two checks have no ability to resist data tampering. They can detect and correct channel errors in data transmission to a certain extent, but they cannot prevent data from being tampered with. Malicious destruction of data.
The "digital fingerprint" feature of the MD5 Hash algorithm makes it the most widely used file integrity checksum (Checksum) algorithm at present. Many Unix systems provide commands to calculate the md5 checksum.
About Parity
Parity Check (Parity Check) is a method to verify the correctness of code transmission . Checking is performed according to whether the number of "1" in a group of transmitted binary codes is odd or even. The odd parity is called odd parity , and the reverse is called even parity.
Which calibration to use is specified in advance. Usually a parity bit to make the number of "1" in this group of codes odd or even. If odd parity is used, when the receiving end receives this group of codes, it will check whether the number of "1" is an odd number, so as to determine the correctness of the transmitted code.
Odd parity check : It is to make the number of 1 in the original data sequence (including the one you want to add) an odd
number 1000110 (0), you must add 0, so there are three 1s that are already odd, so after you add 0 The number of 1 is still an odd number.
Even check : It is to make the number of 1 in the original data sequence (including the one you want to add) an even number. Even check is actually a special case of cyclic redundancy check. 1 is obtained by polynomial x + 1 bit CRC . 1000110 (1) you have to add 1, so there are 3 1s, and if the number of 1s is an even number, you can only add 1.
About CRC check
Cyclic redundancy check (English: Cyclic redundancy check , commonly referred to as " CRC ") is a hash based on data such as online data packets or computer files , and is mainly used to detect or verify Check for errors that may occur after data transmission or saving. The resulting number is calculated and appended to the data before transmission or storage, and the receiver checks to see if the data has changed. Generally, the value of the cyclic redundancy check is a 32-bit integer. This function is widely used because it is easy to use with binary computer hardware, easy to perform mathematical analysis, and especially good at detecting errors caused by transmission channel disturbances. This method was published by W. Wesley Peterson in 1961. CRC is a kind of checksum , which is the remainder obtained by dividing two byte data streams by binary division (no carry, using XOR instead of subtraction). Among them, the dividend is the binary representation of the information data stream that needs to calculate the checksum; the divisor is a predefined (short) binary number with a length of (n+1), usually represented by the coefficient of a polynomial. Before doing division, add n 0s after the information data.
2) Digital signature
Hash algorithm is also an important part of modern cryptosystem. Due to the slow operation speed of the asymmetric algorithm , the one-way hash function plays an important role in the digital signature protocol. Digitally signing the Hash value, also known as "digital digest", is statistically equivalent to digitally signing the file itself. And such an agreement has other advantages. ----The advantage of digital signature over asymmetric encryption algorithm is its speed
3) Authentication protocol
The following authentication protocol is also called "challenge-authentication mode: it is a simple and secure method in the case that the transmission channel can be intercepted but cannot be tampered with.
MD5
View the introduction of Baidu entry
MD5 Message-Digest Algorithm (English: MD5 Message-Digest Algorithm), a widely used cryptographic hash function , can generate a 128-bit (16- byte ) hash value (hash value), used to ensure information transmission Completely consistent. MD5 was designed by American cryptographer Ronald Linn Rivest and published in 1992 to replace the MD4 algorithm. The procedure for this algorithm is specified in the RFC 1321 standard. After 1996, the algorithm was proved to be weak and could be cracked. For data requiring high security, experts generally recommend using other algorithms, such as SHA-2 . In 2004, it was proved that the MD5 algorithm cannot prevent collision (collision) , so it is not suitable for security certification , such as SSL public key certification or digital signature .
As can be seen above, MD5 generates a hash value of 16 bytes based on a string , and at the same time, it can be seen that MD5 cannot prevent collisions . That is, there is still a probability of this happening in a very small range: the same hash value may derived from different strings.
There are many talented people in the country, and the lowest probability of collision can refer to the following content [email protected]
SHA
According to MD5, SHA is a technology used to replace MD5.
Secure Hash Algorithm (English: Secure Hash Algorithm, abbreviated as SHA) is a family of cryptographic hash functions and is a secure hash algorithm certified by FIPS. An algorithm that can calculate a fixed-length string (also known as a message digest) corresponding to a digital message . And if the input messages are different, there is a high probability that they correspond to different strings. ----But there is still a probability of data collision, but the probability is much smaller than MD5 [email protected]
The five algorithms of the SHA family, namely SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, were designed by the US National Security Agency (NSA) and developed by the US National Institute of Standards and Technology (NIST); is a U.S. government standard. The latter four are sometimes collectively referred to as SHA-2 . SHA-1 is widely used in many security protocols, including TLS and SSL, PGP, SSH, S/MIME and IPsec, and was once regarded as the successor of MD5 (an earlier widely used hash function). But the security of SHA-1 is now seriously questioned by cryptographers ; although there has not been an effective attack on SHA-2 so far, its algorithm is still basically similar to SHA-1; so some people began to develop other alternative hash algorithms.
example
SHA example: https://blog.csdn.net/Alian_1223/article/details/117443522