Encoding, encryption and decryption, signature, and hash

Source: Internet
Author: User
Tags md5 hash asymmetric encryption

At work, I will hear a variety of words, such as base64, URL, sha256, RSA, and hash. Can you tell these words well?

This time I want to describe them in a unified manner:

I. Encoding

Encoding is the process of converting information from one form or format to another, so they are reversible and cannot be called encryption.

Below are several common examples (refer to coding ):

HTML Entity encoding (decimal and hexadecimal ):
For example, encode the angle brackets in [<] -----> HTML decimal: & #60; hexadecimal format of HTML: & # x3c;
The octal and hexadecimal formats of javascript:
For example, encode the angle brackets in [<] -----> JS octal: \ 74 JS hexadecimal: \ x3c
Jsunicode encoding:
For example, encode the angle brackets [<] -----> jsunicode: \ u003c
URL encoding base64 encoding:
For example, encode the angle brackets in [<] -----> URL: % 3C base64: Pa =

 

You can quickly identify the conversion of meaningless characters based on their encoded features and try to convert them back. Baidu has a conversion tool: XSS transcoding Tool

As follows:


 

Encoding type Feature (starting with a feature character) Take the character "<" as an Example
HTML Entity encoding in decimal format &# & #60
HTML Entity encoding in hexadecimal notation & # X & # X3c
Javascript octal \ \ 74
Hexadecimal Javascript \ X \ X3c
Jsunicode Encoding \ U \ U003c
URL Encoding % % 3C
Base64 encoding None Pa =


For base64 encoded content, refer to the base64 related blog here.

Ii. encryption and decryption

The purpose of encryption is to make the ciphertext irreversible, unless you have mastered the relevant key.

Encryption and decryption algorithms include symmetric encryption algorithms and asymmetric encryption algorithms.

Symmetric encryption algorithm:

 

Algorithm

Type

Group Length

Key Length

Des

Group

64

64 (56)

3DES

Group

64

64 (56) * 3

AES

Group

128

128 \ 192/256

SM1

Group

128

128

Sm4

Group

128

128

RC4

Stream

   

Different algorithms can be used for different encryption purposes. If the algorithm is used for grouping, we recommend that you use aes256, which is secure.

Asymmetric encryption algorithm:

 

RSA

1024/2048

Encryption/Signature

ECC

128/256

Encryption/Signature

SM2

256

Encryption/Signature

Asymmetric encryption algorithms include public and private keys. Rsa2048 is recommended for use. This is safe (rsa1024 is currently secure, but it is hard to say that with the development of technology)

If the private key is used to encrypt the information, it is used for encryption, that is, making the ciphertext uncracked.

If the public key is used to encrypt the information, it is used for signature. The purpose of the signature is to make the process tamper-resistant, non-repudiation, and non-counterfeit. The signature is described below:

Signature: take Sha encoding encryption on Baidu as an example (1) the sent file is encrypted using Sha encoding to generate a-bit digital digest (see the previous section ).

Digital Abstract

(2) The sender uses its own private key to re-encrypt the digest, which forms a digital signature. (3) send the original text and encrypted summary to the other party at the same time. (4) The recipient decrypts the digest with the sender's public key, and encrypts the received file with Sha encoding to generate another digest. (5) Compare the decrypted summary with the digest generated after the received file is re-encrypted on the receiver. If the two are the same, the information in the transfer process has not been damaged or tampered. Otherwise.

 

Iii. Hash

Refer to the article on freebuf: How to securely store users' passwords

What is hash?

hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

The hash algorithm is a one-way function. It can convert any amount of data into a fixed-length "fingerprint", which is irreversible. And as long as the input changes, even if there is only one bit, the output hash value will be very different. This feature is suitable for saving passwords. Because we want to use an irreversible algorithm to encrypt and save the password, and at the same time, we need to verify that the password is correct during user login.

Note that the hash function used to protect the password is not exactly the same as the hash function used in the data structure class. For example, the purpose of implementing the hash function design for a hash table is fast, but not complete. Only the encryption hash function (cryptographic hash functions) can be used to hash passwords. Such functions include:Sha256, sha512, ripemd, whirlpoolSha256 is recommended.


Hash, which we usually hear most, refers to the hash value. The most common is the MD5 hash value. There are also many websites on the Internet that crack the MD5 plaintext.


If you are preparing to write the authentication system, I will make the following recommendations by referring to the article on freebuf:

Store a password:

1. Use csprng to generate a long random salt. (The length of the salt is the same as that of the hash value, 256 bits)

2. concatenate the password and salt, and use standard encryption hash functions such as sha256 for hash.

3. Record the salt and hash in the user database.

Verify a password:

1. Retrieve the user's salt and hash from the database

2. concatenate the password and salt entered by the user in the same way and use the same hash function for hash.

3. Check whether the calculated hash is the same as the stored hash. If the password is the same, the password is correct. Otherwise, the password is incorrect.

Encoding, encryption and decryption, signature, and hash

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.