Encoding, encryption and decryption, signature, and hash

At work, I will hear a variety of words, such as base64, URL, sha256, RSA, and hash. Can you tell these words well?

This time I want to describe them in a unified manner:

I. Encoding

Encoding is the process of converting information from one form or format to another, so they are reversible and cannot be called encryption.

Below are several common examples (refer to coding ):

HTML Entity encoding (decimal and hexadecimal ):

For example, encode the angle brackets in [<] -----> HTML decimal: & #60; hexadecimal format of HTML: & # x3c;

The octal and hexadecimal formats of javascript:

For example, encode the angle brackets in [<] -----> JS octal: \ 74 JS hexadecimal: \ x3c

Jsunicode encoding:

For example, encode the angle brackets [<] -----> jsunicode: \ u003c

URL encoding base64 encoding:

For example, encode the angle brackets in [<] -----> URL: % 3C base64: Pa =

 

You can quickly identify the conversion of meaningless characters based on their encoded features and try to convert them back. Baidu has a conversion tool: XSS transcoding Tool

As follows:

 

Encoding type	Feature (starting with a feature character)	Take the character "<" as an Example
HTML Entity encoding in decimal format	&#	& #60
HTML Entity encoding in hexadecimal notation	& # X	& # X3c
Javascript octal	\	\ 74
Hexadecimal Javascript	\ X	\ X3c
Jsunicode Encoding	\ U	\ U003c
URL Encoding	%	% 3C
Base64 encoding	None	Pa =

For base64 encoded content, refer to the base64 related blog here.

Ii. encryption and decryption

The purpose of encryption is to make the ciphertext irreversible, unless you have mastered the relevant key.

Encryption and decryption algorithms include symmetric encryption algorithms and asymmetric encryption algorithms.

Symmetric encryption algorithm:

 

Algorithm	Type	Group Length	Key Length
Des	Group	64	64 (56)
3DES	Group	64	64 (56) * 3
AES	Group	128	128 \ 192/256
SM1	Group	128	128
Sm4	Group	128	128
RC4	Stream

Different algorithms can be used for different encryption purposes. If the algorithm is used for grouping, we recommend that you use aes256, which is secure.

Asymmetric encryption algorithm:

 

RSA	1024/2048	Encryption/Signature
ECC	128/256	Encryption/Signature
SM2	256	Encryption/Signature

Asymmetric encryption algorithms include public and private keys. Rsa2048 is recommended for use. This is safe (rsa1024 is currently secure, but it is hard to say that with the development of technology)

If the private key is used to encrypt the information, it is used for encryption, that is, making the ciphertext uncracked.

If the public key is used to encrypt the information, it is used for signature. The purpose of the signature is to make the process tamper-resistant, non-repudiation, and non-counterfeit. The signature is described below:

Signature: take Sha encoding encryption on Baidu as an example (1) the sent file is encrypted using Sha encoding to generate a-bit digital digest (see the previous section ).

Digital Abstract

(2) The sender uses its own private key to re-encrypt the digest, which forms a digital signature. (3) send the original text and encrypted summary to the other party at the same time. (4) The recipient decrypts the digest with the sender's public key, and encrypts the received file with Sha encoding to generate another digest. (5) Compare the decrypted summary with the digest generated after the received file is re-encrypted on the receiver. If the two are the same, the information in the transfer process has not been damaged or tampered. Otherwise.

 

Iii. Hash

Refer to the article on freebuf: How to securely store users' passwords

What is hash?

hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

The hash algorithm is a one-way function. It can convert any amount of data into a fixed-length "fingerprint", which is irreversible. And as long as the input changes, even if there is only one bit, the output hash value will be very different. This feature is suitable for saving passwords. Because we want to use an irreversible algorithm to encrypt and save the password, and at the same time, we need to verify that the password is correct during user login.

Note that the hash function used to protect the password is not exactly the same as the hash function used in the data structure class. For example, the purpose of implementing the hash function design for a hash table is fast, but not complete. Only the encryption hash function (cryptographic hash functions) can be used to hash passwords. Such functions include:Sha256, sha512, ripemd, whirlpoolSha256 is recommended.

Hash, which we usually hear most, refers to the hash value. The most common is the MD5 hash value. There are also many websites on the Internet that crack the MD5 plaintext.

If you are preparing to write the authentication system, I will make the following recommendations by referring to the article on freebuf:

Store a password:

1. Use csprng to generate a long random salt. (The length of the salt is the same as that of the hash value, 256 bits)

2. concatenate the password and salt, and use standard encryption hash functions such as sha256 for hash.

3. Record the salt and hash in the user database.

Verify a password:

1. Retrieve the user's salt and hash from the database

2. concatenate the password and salt entered by the user in the same way and use the same hash function for hash.

3. Check whether the calculated hash is the same as the stored hash. If the password is the same, the password is correct. Otherwise, the password is incorrect.

Encoding, encryption and decryption, signature, and hash