Typically, in order to protect sensitive data site, the application needs to encrypt the information, information encryption technology can be divided into three categories: single hash encryption, symmetric encryption and asymmetric encryption. Today, younger brother to introduce information about the three commonly used encryption technology: a one-way hash encryption, symmetric encryption, asymmetric encryption technology for learning exchanges .
A one-way cryptographic hashing
Encryption is one way hash calculation by a hash of information from different lengths of the input, the output to give a fixed length, the one-way hash calculation process, i.e. can not be calculated for a fixed length output to thereby obtain the input information.
When using the one-way hash encryption of this feature can be password protected and encrypted, password that is entered when a user registration is not saved to the database directly, but one-way hash of the password encryption, the ciphertext stored in the database, the user logs , password authentication, a password similarly calculated ciphertext, and the ciphertext and the database, and if the same, then the password verification is successful.
Two, symmetric encryption
The so-called encryption and symmetric encryption means use the same key to decrypt a key (or can be calculated from each other), usually used in symmetric encryption requires a secure exchange of information or storage applications, such as Cookie encryption, encryption communication.
Symmetric encryption algorithm has the advantage that simple, encryption and decryption efficiency, small system overhead, suitable for encrypting large amounts of data. The disadvantage is that encryption and decryption use the safe exchange with the case of a key, the key telecommunications is a problem, if the key is lost, then all the encrypted information there is no secret anymore.
Common symmetric algorithms are DES encryption calculation hair, RC algorithm. Symmetric encryption is - a traditional means of encryption is the most commonly used encryption methods, encryption is required for most occasions.
Three, asymmetric encryption
Differs from symmetric encryption, asymmetric encryption key and decryption key are not the same, wherein a disclosure to the outside world, is called the public key, and the other - a Only the owner knows, is called the private key. Encrypted with the public with the private key can unlock information must, on the contrary, with the private key encrypted with the public key can unlock information only. Theory says, it is impossible to obtain the private key public key is calculated. Asymmetric cryptography is typically used in transmission of information security, digital signatures and other occasions.
(1), symmetric encryption algorithm
commonly used algorithms include:
the DES (the Data Encryption Standard): Data Encryption Standard, fast, applicable to encrypt large amounts of data applications.
3DES (Triple DES): is based on DES, to encrypt a data three times with three different keys, higher strength.
AES (Advanced Encryption Standard): Advanced Encryption Standard, is the next generation of encryption algorithm standard, fast, high security level;
1, encryption and decryption party's use the same key.
2, faster encryption and decryption for data use relatively long.
3, the process of key transport unsafe, and easy to crack, key management too much trouble.
4, encryption algorithms: DES (Data Encryption Standard), 3DES, AES (Advanced Encryption Standard, encryption support 128,192,256,512 bit key), Blowfish.
5, encryption tools: openssl, gpg (pgp tool)
(2), asymmetric encryption algorithm
RSA: invented by RSA Security, is a variable support public key algorithm key length, block length of the file needs to be encrypted is also variable;
the DSA (Digital the Signature Algorithm): Digital Signature Algorithm , it is a standard DSS (digital signature standard);
the ECC (elliptic curves Cryptography): elliptic curve Cryptography.
ECC and RSA compared in many ways to absolute advantage, mainly in the following areas:
anti-attack and strong. The same key length, which is many times stronger anti-attack.
A small amount of calculation processing speed. ECC overall faster than RSA, DSA much faster.
Small memory footprint. ECC key size and system parameters with RSA, DSA compared to much smaller, meaning that it occupies a much smaller storage space. This has particular significance for the application of an encryption algorithm on the IC card.
Low bandwidth requirements. When a long message encryption and decryption, the same three types of cryptographic systems have bandwidth requirements, but when applied to short messages ECC bandwidth requirement is much lower. Low bandwidth requirements enable ECC has a wide range of applications in wireless networks.
1, each user owns a pair of encryption keys: a public key and a private key.
2, public key cryptography, private key to decrypt; private key encryption, public key decryption.
3, the process of transfer of public insecurity, theft and easily replaced.
4, since the public key length used is very long, the public key encryption is very slow, it is generally not used to encrypt.
5, a user with its private key encryption, decryption with other users of its public key digital signature role.
6, another effect is to achieve a public key encryption key exchange.
7, encryption and signature algorithms: RSA, ELGamal.
8, the public key signature algorithm: DSA.
9, encryption tools: gpg, openssl
Because of the speed asymmetric encryption algorithm is much slower than the speed of symmetric encryption algorithm, when we need to encrypt large amounts of data, we recommend using symmetric encryption algorithms to improve the speed encryption and decryption.
Symmetric encryption algorithm can not achieve the signature, signature and therefore can only asymmetric algorithms.
Since the encryption key management algorithm is a complex process symmetric key management directly determines his safety, so when the amount of data is small, we can consider using asymmetric encryption algorithm.
In actual operation, the way we generally employed is: an asymmetric encryption algorithm using the key management symmetric algorithm, symmetric encryption and data encryption algorithms, so that we integrate the advantages of the two types of encryption algorithm, encryption is achieved both the advantages of fast speed, but also realized the advantages of safe and convenient key management.
(3), one-way encryption (hash algorithm)
hash information is extracted, it is usually much smaller than the message, and is a fixed length. Cryptographically strong hash must be irreversible, which means that through the hash result, can not launch any part of the original information. Any changes in input information, even if only one, will lead to significant changes in the hash result, which is called avalanche effect. It should also be anti-collision hash, i.e. not find two messages have the same hash. A hash with these characteristics can be used to verify that the information is modified.
Usually way hash function for generating a message digest, encryption key, common are:
. 1, the MD5 (the Message Digest Algorithm. 5): a one-way hashing algorithm developed by RSA Data Security, non-reciprocal, the same plaintext produce the same ciphertext.
2, SHA (Secure Hash Algorithm) : 160 may generate a value for the length of any data operation;
Comparison of MD5 and SHA-1
as derived by both MD4, SHA-1 and MD5 is very similar to each other. Accordingly, their strength and other properties are also similar, but there are different following:
1, the safety of forcibly supplied: the most significant and most significant difference is the SHA-1 digest MD5 digest longer than 32 bits. Technology using force, a packet so that any given message digest is equal to the difficulty of MD5 digest 2128 is the number of stages of operation, while the SHA-1 is the order of 2160 operations. Thus, SHA-1 with a pair of force attack greater strength.
2, the security of cryptanalysis: Due to the design of MD5, vulnerable to cryptanalysis, SHA-1 appear to be less vulnerable to such attacks.
3, speed: on the same hardware, SHA-1 operation speed slower than MD5.
1, wherein: the avalanche effect, and a fixed-length output irreversible.
2, the role is: to ensure data integrity.
3, the encryption algorithm: md5 (standard 128-bit key length), SHA1 (standard 160-bit key), MD4, the CRC-32
. 4, encryption tools: md5sum, sha1sum, openssl dgst.
5, calculates the hash value of a file, for example: md5sum / shalsum FileName, openssl dgst -md5 / -sha1
