Foreword:

To tell you the truth, before I started to explore the secrets of the copper lock, I still retained the original concept of the password, which is the "password" we log in to QQ or WeChat. When the teacher told me that it was a password instead of a password, what the teacher said next successfully caught my attention. So out of curiosity, I went to the Internet to search what is cryptography? And then it presumably says so.

[Cryptography (in Western European languages, from Greek kryptós "to hide", and gráphein "to write") is the study of how to transmit information secretly. In modern times, it especially refers to the mathematical research on information and its transmission, which is often considered to be a branch of mathematics and computer science , and is also closely related to information theory . The famous cryptography scholar Ron Rivest explained: "Cryptography is about how to communicate in an environment where the enemy exists." From the perspective of engineering , this is equivalent to the similarities and differences between cryptography and pure mathematics. Cryptography is central to information security related topics such as authentication and access control. The primary purpose of cryptography is to hide the meaning of information , not to hide its existence. Cryptography also advances computer science, especially techniques used in computer and network security , such as access control and confidentiality of information . Cryptography has been applied in everyday life : including chip cards of automatic teller machines , computer user access codes, e-commerce and so on.

Password is an important means of confidentiality for the two parties in communication to carry out special transformation of information according to the agreed rules. According to these rules, changing plaintext into ciphertext is called encryption transformation; changing ciphertext into plaintext is called decryption transformation. In the early days, ciphers only performed encryption and decryption transformations on text or numbers. With the development of communication technology , encryption and decryption transformations can be implemented on voice, images, and data. ]

To be honest, this explanation adds another mystery to the password. So I was thinking, are the existing cryptographic algorithms really so rigorous and perfect? When I learned the SM3 hash algorithm, I was immediately very interested, because the SM3 hash algorithm is an irreversible algorithm, which means that it can only be encrypted and cannot be reversely decrypted. But when I got to know more about the SM3 hash algorithm, things seemed to get interesting.

1. First encounter with copper lock

Self summary:

When I saw the copper lock for the first time, I wanted to give up, but I was unwilling. It was very narrow at the beginning, but suddenly became brighter. It took almost half a day to build the copper lock environment, and then to fiddle with the C language that I almost forgot. I want to say that my lost youth seems to have returned. Back in the university classroom, the teacher took me to fiddle with C language, fiddle with single-chip microcomputers, etc.

1. Environment construction, an unforgettable experience

Open the manual, and the environmental description of the experiment at the beginning brought me back to the time when I used Little Red Riding Hood and centos to type commands. In fact, I personally like the linux system very much, and I also like Ubuntu very much. These systems start up very quickly, and the running programs are relatively safe and reliable. It's just that those commands are always a bit hard to remember, so I still prefer the graphical interface of Windows.

Because I saw that the process of installing a virtual machine can be realized by installing the Docker environment in Windows, I am ready to fiddle with it. To be honest, because the company doesn't use Docker very often, I just knew that Docker is a container before starting the learning camp, which is equivalent to an isolated virtual machine. Not only can you install a lot of fun across the system, but it doesn't take up a lot of resources like a virtual machine. In fact, I personally understand that docker is a simple process, as shown in the figure below, docker is a process level.

Docker is a black-box process. Different from traditional processes, Docker can create its own space independently, so that the behavior and variables in Docker will not overflow to the host. Therefore, the establishment of the Docker environment this time opened the door to a new world for me, and made me completely unforgettable about Docker.

2. Every command typed on the keyboard is the most beautiful note

As mentioned earlier, learning copper lock needs to use an environment similar to Docker, so I started to find a lot of information about Docker, such as what does Docker do? What is Docker for? Let me know why Docker is very popular among developers through illustrations similar to the ones below.

Although when installing Docker, I referred to the old tutorial and took some detours. For example, Docker does not need to enable Hyper-V. In fact, wls2 is more suitable for Docker. But every time I debug and tap on the keyboard, I realize that there is no end to learning, and if I don’t advance, I will retreat.

After installing Docker, I officially entered the study of Tongsuo, and started to practice step by step according to the manual, which allowed me to learn some principles of the actual SM4 encryption and decryption algorithm. But when I repeatedly input the " echo -n "hello tongsuo" | /opt/tongsuo/bin/tongsuo dgst -sm3 " command in PowerShell, I found that the results returned are the same every time. So I started to have a bold idea.

2. Enhancement and transformation of SM3 hash algorithm

As we mentioned earlier, when I encrypted the same piece of SM3 hash algorithm and found that the result returned was the same every time, I was curious from the beginning and fell into contemplation. Because in a large number of project practices, I realized that people's commonly used passwords are like 123456, abc123 and the like. Because I use the computer to remember the hash encryption values of common passwords such as 123456 and abc123. Then have the database query permission of the user profile, and then you can brute force the user's account.

At this point, I was thinking that if I were a business owner, I definitely don't want my employees to know the passwords of the company's customers. Therefore, I hope that even if different users set the same password in the database. But the value saved to the database is also different. So I started my bold guesses and enhancements.

3. Art comes from life

The inspiration for SM3 hash algorithm enhancement is the smart lock at home. The smart lock has a mode that no matter how many passwords you enter, you only need to press the * key and then enter the correct password to open the door. In this way, even if the password entered is different every time, the smart door can be successfully opened every time.

Therefore, I added a few random numbers to the SM3 hash algorithm, such as splicing 4 random numbers in the first 4 digits of the SM3 hash encryption value, and splicing 5 random numbers in the 16-20 digits. Then save it to the database, so that even with the same password, the values saved in the database are different. Therefore, even if you can get the query value of the database, it is difficult to brute force enumeration to crack the user's password. Therefore, the SM3 hash algorithm has been modified, and the source code of similar parts is as follows.

#include <openssl/evp.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
static int sm3(const unsigned char *in, size_t inlen, unsigned char *out)
{
 EVP_MD_CTX *mctx = NULL;
 if ((mctx = EVP_MD_CTX_new()) == NULL
 || !EVP_DigestInit_ex(mctx, EVP_sm3(), NULL)
 || !EVP_DigestUpdate(mctx, in, inlen)
 || !EVP_DigestFinal_ex(mctx, out, NULL)) {
 EVP_MD_CTX_free(mctx);
 return 0;
 }
 EVP_MD_CTX_free(mctx);
 return 1;
}
int main()
{
//增加4位随机数，保存至数据库的SM3值时，将生成的4位随机数拼接在SM3杂凑值前面，其他的类似
int num[4], cnt = 0, n;
srand(clock()); // 设置随机数种子
while (cnt < 4)
{
n = rand() % 4; // 生成4以内随机数，这样更利于测试
for (int i = 0; i < cnt; i++)
if (num[i] == n) // 遍历数组，有相同的重新生成随机数
continue;
num[cnt++] = n;
}
for (int i = 0; i < cnt; i++) // 打印随机数数组
printf("%d ", num[i]);
return 0;

 unsigned char in[] = "hello tongsuo";
 unsigned char out[EVP_MAX_MD_SIZE];
 int ret;
 ret = sm3(in, strlen(in), out);
 assert(ret == 1);
 for (int i = 0; i < EVP_MD_size(EVP_sm3()); i++)
 printf("%x", out[i]);
 printf("\n");
 return 0;
}
// gcc sm3.c -I/opt/tongsuo/include -L/opt/tongsuo/lib64 -lcrypto -Wl,-rpa
th=/opt/tongsuo/lib64

Through the code base, I submitted my own ideas and codes, and I also contributed a little to learning open source. Therefore, in this training camp study, I learned new tools and expressed my new ideas, which is really nice!

4. Feelings about the Open Atom Open Source Foundation

As a well-known open source foundation in China, I still look forward to it, because in the IT industry, other countries always hold the new IT technology, the standards and the right to speak of new technology. We can't completely learn from the old American way of playing. We need to establish an open source foundation with Chinese characteristics. China's IT personnel are very large, and I personally suggest that the Open Source Foundation can start from the following aspects.

1. Establish the herd effect of the leaders of the open source foundation, and establish several excellent open source projects and open source contributors.

2. Carry out in-depth cooperation with enterprises and schools, so that enterprises or schools can deeply apply open source products. And continue to iterate open source projects.

3. Regularly hold corresponding open source foundation activities and activate the foundation.

4. Increase the publicity of the foundation through self-media, let more people know about the open source foundation and join in.

Finally, I wish the Open Atom Open Source Foundation can become the top foundation in China and even in the world.

Open Atom Training Camp (Season 1) Brass Lock Detective, SM3 hash algorithm enhanced to pro version