Java security mechanism and various encryption algorithms

Various encryption implementations
Http://www.blogjava.net/stone2083/archive/2012/09/02/168113.html

Java> classloader> File Checker> Security Manager
Brief description:
Purpose of the validator: Check whether the class file is complete
Security Manager: controls whether an operation is permitted.
User Authentication
Digital Signature
Encryption
The digital signature is used to verify whether the information has been modified. Encryption completely prevents others from seeing the information.

1. Language-level security
The original Java (jdk1.2) platform adopted the sandbox security model. The basic security model was undertaken by three components, which constitute three security components of the Java Runtime Environment: class Loader, file validator, and security manager.
1.1 class loaders are an important part of Java security mechanisms. They can be divided into four types, start the class loader, standard extension class loader, path loader, and network class loader.
1.1.1 adopts the "two-parent delegation chain" Mode"
1.1.2 The Class Loader provides different namespaces for the loaded classes
1.1.3 The Class Loader provides the type check function module. The Class LoaderProgramIn the execution cycle
Checks related to row semantics, type matching, type conversion, and throw exceptions to ensure program robustness.
The 1.2 File Checker's File Checker is responsible for checking the apparently destructive tasks that cannot be executed
Operation
1.3 security manager is a class responsible for controlling whether an operation is allowed to be executed,

2. Security features at the enterprise level

 

SHA-1 and MD5Algorithm

 

Strictly speaking, they are not encryption algorithms, but abstract algorithms.
SHA-1 algorithm: Security Hash Algorithm Security Hash algorithm. It can convert 64-point information with a length not greater than 2 to a 160-bit (20-byte) Long hash value.

MD5 Algorithm: message digest information digest algorithm. The hash length is 128 bits and 16 bytes. It groups the input in 512 bits, and the output is a cascade of 4 32 bits.

CRC algorithm: cyclic redundancy check, high collision probability

| Comparison type | SHA-1 | MD5 |
| ---------------- + ---------- + --------- |
| Group length | 512 bits | 512 bits |
| Digest length | 160 bits | 128 bits |
| Steps in the loop | 80 | 60 |
| Maximum message length | 2 ^ 64-1 | infinity |
| Basic logical functions | 4 | 4 |
| Structure | large end | Small End |

Since MD5 and SHA-1 are developed from md4, their structure and strength have many similarities. Table (1) compares the MD5 and SHA-1 structures. The biggest difference between SHA-1 and MD5 is that its digest is 32 bits longer than the MD5 Digest. For forcible attacks, it is difficult to generate any message so that the digest is equal to the given message digest: MD5 is an operation of 2 ^ 128 orders of magnitude, and SHA-1 is an operation of 2 ^ 160 orders of magnitude. It is difficult to generate two messages with the same Digest: MD5 is an operation of 2 ^ 64 and SHA-1 is an operation of 2 ^ 80. Therefore, SHA-1 is more powerful in forcible attacks. However, because SHA-1 has more cyclic steps than MD5 (80: 64) and the cache to be processed is large (160 bits: 128 bits), SHA-1 is slower than MD5.

MD5 and SHA-1 are typical examples of a single hash function.

 

DSA (Data signature algorithm digital signature)

Generate a pair of public and private keys, and send the public key to the person who needs to obtain the message. Encrypt the message to be sent with its own private key, and then send it to the receiver. The receiver obtains the file and verifies it with the public key. The main function is to verify the sender's identity and information integrity. It is a digital signature algorithm, a standard DSS (Digital Signature Standard), not an encryption algorithm strictly.

 

RSA public key cryptography

 

RSA public key encryption algorithm
The RSA algorithm is based on a very simple number theory fact: it is very easy to multiply two large prime numbers, but at that time it is extremely difficult to break down the product, so the product can be published as an encryption key.

RSA is the first algorithm that can be used for both data encryption and digital signature. The security of RSA depends on the decomposition of large numbers, but it is not clear whether it is equivalent to the decomposition of large numbers.

Because big data computing is carried out, RSA is slower than DES in the fastest case, whether it is software or hardware implementation. Speed has always been a defect of RSA. Generally, it is used only for a small amount of data encryption. Is a public key algorithm that supports variable-length keys. The length of the file block to be encrypted is also variable. asymmetric algorithms

 

Symmetric encryption algorithms for DES and AES single-key algorithms

Des: Data Encryption Standard
The DES algorithm is symmetric and can be used for encryption and decryption. It is an ancient 56-bit password.
The DES algorithm is outdated because it can be cracked by brute force.