The guardian of data security from ancient times to the present: the data security evolution journey of hash algorithm and encryption method

News 2023-06-19 12:27:52 views: null

1. History of Hash Algorithm Evolution

In today's digital world, data security and integrity are paramount. As a core cryptographic tool, hash algorithm is used to generate unique identification of data and verify the integrity of data. However, with the advancement of technology and the continuous evolution of security threats, early hash algorithms gradually exposed security problems. Therefore, hashing algorithms are also constantly developing and evolving to meet new challenges.

When it comes to hash algorithms, everyone will think of MD5 at the first time. Indeed MD5 is a very common hashing algorithm. Is there any other hash algorithm besides MD5 algorithm? This article will present the evolutionary history of hashing algorithms, focusing on the security evolution from MD5 and SHA-1 to SHA-3. We will discuss the characteristics, uses and important milestones of the algorithm at each stage to help readers understand the development of hashing algorithms.

1.1, MD5 algorithm

MD5 (Message Digest Algorithm 5) is a widely used hash function for generating 128-bit hash values. However, due to its collision vulnerability, that is, different inputs may generate the same hash value, MD5 is no longer recommended for scenarios with high security requirements. When it comes to MD5 insecurity, we will think of Professor Wang Xiaoyun in China, who proposed the MD5 cracking paper in 2004 (of course, Wang Xiaoyun's cracking of MD5 is still controversial, but it is a fact that MD5 is not safe).

Of course, people often misunderstand that "crackable and reversible are equal". It is an indisputable fact that MD5 is irreversible. The MD5 algorithm is vulnerable to collision attacks and cannot be cracked in a reversible way. A collision attack is when two different inputs are found which get the same hash after MD5 hashing. Everyone wants to decrypt the MD5 seen on the Internet. For example, the following website can decrypt MD5. In fact, it is not MD5 reversible. Its implementation principle is to make a very large dictionary and find out the plaintext through the ciphertext.

1.2. SHA-1 Algorithm

SHA-1 (Secure Hash Algorithm 1) is the follow-up algorithm of MD5, which generates 160-bit hash value. However, SHA-1 is also increasingly threatened by collision attacks and is no longer considered a secure hashing algorithm.

1.3. SHA-2 series algorithms

SHA-2 (Secure Hash Algorithm 2) is a series of hash algorithms, including SHA-224, SHA-256, SHA-384, and SHA-512. The SHA-2 algorithm is more reliable in terms of security and is widely used. SHA-256 and SHA-512 are the most commonly used variants, producing 256-bit and 512-bit hashes, respectively.

1.4. SHA-3 Algorithm

SHA-3 (Secure Hash Algorithm 3) is the latest member of the SHA algorithm family and was released in 2015. SHA-3 uses the Keccak algorithm as its core, which provides higher security and better performance. Compared to SHA-2, SHA-3 is resistant to collision attacks.

"Why is SHA-3 more secure and not popular?"

SHA-3 is a new family of hash functions that differ in design from the previous SHA-2 family. Although SHA-3 offers some unique advantages, there may be several reasons why SHA-3 is not commonly used in practical applications:

  1. Lack of standardization: Since SHA-3 is an emerging technology, there is currently no unified standard to define its implementation details and specifications. This leads to differences between different implementations, making it possible for compatibility issues to arise when using SHA-3 on different platforms.
  2. Performance issues: Although SHA-3 is faster than SHA-2, compared to traditional cryptographic hash functions (such as MD5, SHA-1, etc.), the calculation speed of SHA-3 is still slow. This makes SHA-3 not the best choice in some scenarios, such as scenarios that require efficient processing of large amounts of data.
  3. Lack of widespread application: Since SHA-3 is still in the development stage, it has not been widely used and verified yet. This has also led some enterprises and organizations to prefer to use proven traditional algorithms when using cryptographic hash functions.

1.5、Bcrypt

Bcrypt is a password hash function used when encrypting and storing passwords. It uses a one-way hash function to convert passwords into fixed-length hash values. bcrypt is mainly used for secure storage of passwords to prevent brute force cracking when passwords are leaked.

The characteristic of bcrypt is that its calculation cost is adjustable, which means that the strength of the hash function can be increased by increasing the calculation time. This is very useful for preventing brute force attacks, where an attacker would need to spend a lot of time and computing resources trying every possible password.

Compared with other traditional hash functions (such as MD5 and SHA), bcrypt is more secure because it uses a "salt" (salt) and an iterative hashing process. A salt is a randomly generated string that is hashed with a password to add randomness and complexity to the password hash. By iterating the hashing process multiple times, bcrypt can increase the computational cost of password verification, making it more difficult to crack passwords.

1.6, SM3 National Secret Hash Algorithm

The SM3 hash algorithm is a cryptographic hash function similar to SHA-256 and SHA-384. It is a block cipher hash function formulated by the State Cryptography Administration for digital signatures, message authentication and other security applications.

1.7. Summary

One of the most commonly used hashing algorithms today is SHA-256 (Secure Hash Algorithm 256 bits). SHA-256 is an algorithm in the SHA-2 family that generates a 256-bit hash value.

2. History of Data Encryption Evolution

2.1, Base64 encoding

I believe that Base64 is no stranger to everyone, no matter what development language you use, you will use Base64. The data changes from readable to a string of unreadable strings. So many people think that Base64 is an encryption algorithm. In fact, Base64 is only an encoding and not an encryption algorithm.

Base64 is a way of encoding binary data into ASCII characters. In Java, you can use the Base64 class for Base64 encoding and decoding operations. Base64 is mainly used for data transmission and storage, not an encryption algorithm.

2.2. Symmetric encryption algorithm

Symmetric encryption algorithms use the same key for encryption and decryption operations. In Java, common symmetric encryption algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard). Symmetric encryption algorithms are suitable for the encryption and decryption process of large amounts of data.

In addition to AES and DES, there is also a symmetric encryption algorithm SM4, also known as the National Secret SM4, which is a block encryption algorithm issued by the State Encryption Administration of China. SM4 is a symmetric key algorithm, meaning that the encryption and decryption processes use the same key.

The SM4 algorithm adopts the group encryption mode, which groups the plaintext data into blocks of fixed length, and then uses the key to encrypt and decrypt each data block. The block length of the SM4 algorithm is 128 bits, the key length is 128 bits, and it supports encryption modes such as ECB (electronic codebook mode) and CBC (cipher block chaining mode).

2.3. Asymmetric encryption algorithm

Asymmetric encryption algorithms use a pair of keys, including a public key and a private key. The public key is used to encrypt data and the private key is used to decrypt data. In Java, common asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Algorithm). Asymmetric encryption algorithms are commonly used in key exchange and digital signatures in data transmission.

In addition to RSA and DSA, there is also an asymmetric encryption algorithm SM2. The SM2 algorithm is an elliptic curve public key cryptosystem formulated by the State Cryptography Administration of China, which is used in secure communication scenarios such as digital signatures and key exchanges. It is based on the principle of elliptic curve cryptography and provides a safe and efficient asymmetric encryption method.

2.4. Digital envelope technology (symmetrical + asymmetrical)

Digital envelope technology is an encryption scheme that combines symmetric encryption and asymmetric encryption to protect the confidentiality and integrity of data. Its basic principle is as follows:

  • Generate a key pair: First, the receiver generates a pair of asymmetric keys, including a public key and a private key. The public key is used for encryption and the private key is used for decryption.
  • Generate symmetric key: The sender generates a random symmetric key for encrypting the data to be sent.
  • Encrypted data: The sender uses a symmetric key to encrypt the data to obtain the encrypted ciphertext.
  • Encrypted symmetric key: The sender uses the public key of the receiver to encrypt the symmetric key to obtain the encrypted ciphertext.
  • Create a digital envelope: The sender forms a digital envelope with the encrypted data and the encrypted symmetric key.
  • Send data: The sender sends a digital envelope to the receiver.
  • Decryption process: The recipient uses the private key to decrypt the encrypted symmetric key to obtain the original symmetric key.
  • Decrypted data: The recipient uses the decrypted symmetric key to decrypt the ciphertext to obtain the original data.

advantage:

  • Guarantee data confidentiality: Encrypt data through symmetric encryption algorithm to ensure that only the recipient with the correct symmetric key can decrypt the data.
  • Efficiency advantage of public key encryption: Use asymmetric encryption algorithm to encrypt symmetric key. Asymmetric encryption algorithm is usually more secure than symmetric encryption algorithm, but the calculation complexity is higher. Through combined use, the advantages of the asymmetric encryption algorithm can be fully utilized while improving efficiency.
  • Digital signature: Digital envelope technology can be used in combination with digital signature to ensure data integrity and identity verification by digitally signing the encryption of the digital envelope.

shortcoming:

  • Complexity of key management: The digital envelope technology involves multiple keys, including symmetric keys and asymmetric keys. The generation, distribution, and management of keys need to be carefully handled, which increases the complexity of key management.
  • Performance overhead: Since the digital envelope technology uses both symmetric encryption and asymmetric encryption, there is a certain overhead on computing and storage resources, especially in the case of large amounts of data encryption and decryption.

2.5. Custom encryption algorithm

Encryption algorithms can include operations such as data transformation, substitution, obfuscation, diffusion, and iteration. Attention should be paid to the complexity and security of the algorithm during design to ensure that the algorithm can resist common attack methods.

3. Digital certificate

3.1, MD5 is replaced

The use of MD5 in the world of digital certificates has been deprecated for many years. Specifically, the use of MD5 as a signature algorithm in digital certificates has been declared unsafe in 2004 and has been gradually replaced.

In 2004, a study called "MD5 Collision Attack" (MD5 Collision Attack) showed that two different inputs could be generated in a specific way, but their MD5 hash values ​​were the same. This means a malicious attacker can forge a digital certificate and use the same MD5 hash to trick the system. This has led to widespread concern and caution over the use of MD5 in digital certificates.

Subsequently, various certification authorities (CA) and browser vendors have taken action to stop using MD5 as the signature algorithm for digital certificates. For example, Microsoft announced in 2008 that it would stop accepting MD5-signed digital certificates, and Mozilla, Google, Apple, etc. followed up one after another, prohibiting or restricting the trust of MD5-signed digital certificates.

3.2, SHA-1 is replaced

The use of SHA-1 in the field of digital certificates is gradually being abandoned, and has different timetables in different stages. The following are important time nodes when SHA-1 is gradually abandoned in digital certificates:

  • 2011: NIST (National Institute of Standards and Technology) issued a report pointing out that the SHA-1 algorithm has security risks, and suggested that SHA-1 should no longer be used as the signature algorithm for digital certificates.
  • 2014: Google announced that from January 1, 2017, the Chrome browser will gradually reduce support for SHA-1 signed certificates, and will no longer trust certificates signed with SHA-1 after 2017.
  • 2015: Microsoft announced that starting January 1, 2017, the Windows operating system will gradually stop trusting SHA-1 signed certificates.
  • 2016: Mozilla announced that starting January 1, 2017, the Firefox browser will no longer trust certificates signed with SHA-1.
  • 2017: The world's major browser manufacturers (including Chrome, Firefox, Edge, Safari, etc.) have successively stopped or restricted trust in SHA-1 signature certificates since 2017.

3.3, RSA1024 is replaced

The use of RSA 1024-bit keys is also gradually being deprecated, with different schedules in different fields and organizations. Here are some important dates for the deprecation of RSA 1024-bit keys:

  • 2010: The National Security Agency (NSA) released a report recommending phasing out the use of 1024-bit RSA keys starting in 2010 and moving to more secure key lengths.
  • 2011: The National Institute of Standards and Technology (NIST) released the "FIPS 186-3" standard, recommending that the minimum RSA key length be 2048 bits.
  • 2013: The CA/Browser Forum, an organization of browsers and certificate authorities, decided not to issue certificates with a 1024-bit RSA key length valid beyond 2014 from 2013.
  • 2014: Microsoft announced that it will no longer accept digital certificates signed with 1024-bit RSA keys starting in 2016.
  • 2017: Mozilla announced that it will no longer trust digital certificates signed with 1024-bit RSA keys starting January 1, 2017.

=============================================

If the article is helpful to you, please don't forget to add attention and like it! ! !

Guess you like

Origin blog.csdn.net/citywu123/article/details/131121771
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com