CRYPTOJS encryption (network security)

Cryptojs (Crypto.js) provides a variety of cryptographic algorithms for JavaScript.

Des symmetric encryption

In symmetric encryption algorithm, the sender of the data sends the plaintext and the encryption key together after the special encryption algorithm processing, causes it to become the complex cipher cipher to send out. After receiving the ciphertext, if you want to interpret the original text, it is necessary to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm, so that it can be restored to readable plaintext.

<script src= "Core.js" ></script><script src= "enc-base64.js" ></script><script src= " Cipher-core.js "></script><script src=" tripledes.js "></script><script src=" Mode-ecb.js " ></script><script>//Encrypt  functionencryptbydes (message, key) {varKeyhex =CryptoJS.enc.Utf8.parse (key); varencrypted =CryptoJS.DES.encrypt (Message, Keyhex, {Mode:CryptoJS.mode.ECB, padding:CryptoJS.pad.Pkcs7}); returnencrypted.tostring (); }  //decryption  functiondecryptbydes (ciphertext, key) {varKeyhex =CryptoJS.enc.Utf8.parse (key); vardecrypted =CryptoJS.DES.decrypt ({ciphertext:CryptoJS.enc.Base64.parse (ciphertext)}, Keyhex, {MODE:CR    YptoJS.mode.ECB, PADDING:CRYPTOJS.PAD.PKCS7}); returndecrypted.tostring (CryptoJS.enc.Utf8); }</script>

Grab Bag

　　packet capture is the transmission and reception of network packets to intercept, re-send, edit, dump and other operations , also used to check the network security. Grab packets are also often used for data interception and so on. Using the Grab tool, you can monitor the status of the network, the flow of data, and the information transmitted over the network. When the information is transmitted in clear text on the network, it is possible to use the network listening method to attack. The network interface is set in the listening mode, you can intercept the stream of information transmitted online. Hackers often use it to intercept users ' passwords.

Https

the Hypertext Transfer Protocol HTTP protocol is used to pass information between a Web browser and a Web server. The HTTP protocol sends content in plaintext, does not provide data encryption in any way , and if an attacker intercepts a transmission message between a Web browser and a Web server, it can read the information directly, so the HTTP protocol is not suitable for transmitting sensitive information, such as credit card numbers, passwords, and so on . to address this flaw in the HTTP protocol, you need to use a different protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS. for the security of data transmission, HTTPS joins the SSL protocol on the basis of HTTP, SSL relies on the certificate to verify the identity of the server, and encrypts the communication between the browser and the server . under the HTTP protocol, the data is transmitted in plaintext, and the network sniffer can get the data directly in the transmission process. If the user's password and credit card related information, once acquired by the middleman, will bring great security risks to users. On the other hand, during non-encrypted transmissions, attackers can change data or execute malicious code. The birth of HTTPS is to solve the problem of man-in-the-middle attack. slowing down a certain amount of encryption slows down the user experience, which is one of the reasons why some sites do not have HTTPS enabled. But because our front-end encryption is only used for infrequently used logins and registrations, it does not affect the overall experience of the site. Symmetric and asymmetric encryption
The symmetric encryption algorithm uses the same secret key when encrypting and decrypting, while the asymmetric encryption algorithm requires two keys for encryption and decryption, both public and private keys. Public key and private key is a pair, if the data encrypted with public key, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only the corresponding public key can be decrypted. (1) Advantages and disadvantagesAsymmetric encryption is more secure than symmetric encryption: Both sides of symmetric encrypted communication use the same secret key, and if one party's secret key is compromised, the whole communication will be cracked; The advantage of symmetric encryption is that it is faster to encrypt the large amount of data. The disadvantage of asymmetric encryption is that encryption and decryption take a long time and are slow, and are only suitable for encrypting small amounts of data. In practical applications, asymmetric encryption is often used in conjunction with symmetric encryption, for example, a symmetric key encryption system is used to store large amounts of data, while a public key encryption system is used for encryption keys. (2) Asymmetric encryption working process1. Party B generates a pair of keys (public and private) and exposes the public key to other parties. 2. Party a WHO obtains the public key uses the key to encrypt the confidential information before sending it to party B. 3, Party B again with their own save another private key (private key) to decrypt the encrypted information. Party B can only use its private key (private key) to decrypt the information encrypted by the corresponding public key. In the transmission process, even if the attacker intercepts the transmitted ciphertext and obtains the public key of B, the ciphertext cannot be cracked, because only the private key of B can decrypt the text. Similarly, if B to reply to the encrypted information to a, then need to publish a public key to B for encryption, a self-preservation of a private key for decryption.

CRYPTOJS encryption (network security)