Cryptography Knowledge Popularization

<title>Cryptography Knowledge Popularization</title> Cryptography Knowledge universal Table of Contents

• Encryption
• One-way encryption
• Information Authentication Code
• Digital signatures
• PKI for Public Key Infrastructure
• Random number

Encryption

Symmetric password: The secret and decryption keys are the same, so the key must be shipped to the recipient
Public key (asymmetric password): No need to distribute the key to the recipient for decryption

Symmetric cipher algorithm: DES, 3DES, AES (Rijndael)
Public Key cryptography algorithm: RSA, ELGamal, Rabin, Elliptic curve

Encryption key and decryption key are different

The recipient first sends the encryption key to the sender (in this process, even if the encryption key is known by the eavesdroppers), the sender encrypts the communication content with the encryption key and sends it to the receiver, and only the person who owns the decryption key (i.e. the receiver himself) can decrypt the cryptographic password called the public key Pubilc key. Decryption password is called private key

Man-in-the-middle attack:

Pretending to be a receiver, giving the sender its own public key, and then encrypting the content with a false public key, the intermediary can decrypt the

Symmetric passwords are not replaced by public key passwords:

The public key password processing speed is only a few 1% of the symmetric password, so the public key password is not suitable for encrypting long message content

Hybrid cipher System:

Increase speed with a symmetric password, protect the answering key with a public key password

Dec and DEC3 encryption can be solved by a certain time, the better algorithm is AES
AES also has the ECB CBC CFB OFB CTR and other modes, the ECB mode is not recommended, CBC and CTR are better – "Practical cryptography"

Encrypt OpenSSL enc-des3-a-salt-in in_file_name-out out_file_name decrypt OpenSSL enc-d-des3-a-salt-in in_file_name-out OU T_file_nameopenssl enc-aes-xxx-a salt-in in_file_name-out out_file_nameopenssl enc-d-aes-xxx-a salt-in IN_FILE_NAM E-out Out_file_name

One-way encryption

Computed signature for data, feature one-way (Collision-free)

Algorithm:

MD5       has been compromised SHA1      has been compromised sha256sha512

OpenSSL dgst [-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1][-out filename]/path/to/somefile

Information Authentication Code

One-way encryption extension Application message authentication code MAC

Data integrity inspection, communication both sides authentication

Algorithm:

CBC-MACHMAC: Using MD5 and SHA1 algorithms

Applications for MAC

1. SWIFT Global Bank Financial Telecommunications Association
   
2. Ipsec
   A way to increase the security of the Internet Basic Communication Protocol (– IP) protocol, the authentication and integrity check of the communication content is using the message authentication code
   
3. SSL/TLS
   Https
   

Digital signatures

1. Behavior of generating message signatures
   done by the sender of the message (known as signing the message) means "I acknowledge the content of the message"
   
2. Verifying the behavior of a message signature
   Recipient or third-party agency Verifier completes the verification success means that the signature is correct, and failure means that the message is forged
   

In a digital signature, both generating and validating signatures require a different key to complete.

Signature key is only sent to have (private key) authentication key is a third party or recipient owned (public key) using private key to digitally sign, others cannot generate the same signature (ciphertext)

The opposite of the public key password is

Digital signatures use private key encryption to generate signatures, and public key decryption to verify signatures

In fact, because the message is generally very long, the message is not signed, and the hash value of the message is signed

Signature application:

For example, make sure the published webpage is not tampered with by a third party

Man-in-the-middle attack:

Disguised as a receiver, the sender of the data sent to receive, and then sent to the receiver as the sender, the recipient mistakenly think he is the sender, it is OK to receive, then the middleman can send spam, such as tampering with the Web page

Certificate, which is public key

Certification authority, CA Certification body (is a third party organization, used to confirm that public key is not true) VeriSign Corporation: The most famous certification company

Standard specification for certificatesX.509

PKI for Public Key Infrastructure

Assuming that a accesses B, B to prove that he is true, it is necessary to prove to the CA that he is true.

1. Generate a key pair
   
2. A request is then sent to the CA to generate a certificate (containing public key information) to be saved to the CA repository
   
3. CA provides certificate in warehouse to a, let a download get B's public key
   

Random number

Pseudo-random numbers, for example, you can use the time () function and then modulo a number so that it is susceptible to attack
A true random number that accumulates random bit sequences in a file called a pool of random numbers in advance, when the cipher software needs a pseudo-random number seed,
Can be used from this random number pool to remove the desired length of the random bit sequence to use (the current random pool contents to be kept secret, otherwise meaningless)

Cryptography Knowledge Popularization