Interpretation of Google's breach of cyber security algorithm
Give all your friends (whether you understand information security, as long as you want to know) to popularize Google's breach of SHA-1 what happened.
(Feng Lisu @ han Bo information original, reproduced please specify)
When you publish an article, how do you prove that this article has not been tampered with? :
The computer uses an algorithm (a hashing algorithm, such as SHA) to perform operations on the contents of the entire article, obtains a short string of numbers (hashes), and encrypts the number string, along with the article to each other (this is called a digital signature).
After receiving this article, the other side of the same operation, and compared to the number string, if consistent, it proves that the article has not been tampered with. (Of course, these are done automatically by the computer and you don't need to participate).
The hashing algorithm ensures that the same article is given the same value for each calculation, and that the probability of getting the same value in different articles is extremely low. (1/9,223,372,036,854,775,808)
The key is that it is mathematically guaranteed that the content of the article cannot be extrapolated backwards through the hash value. (This function has no inverse function.) So you can take x into the function to figure out Y, but you have no way to calculate x based on the value of Y. Do you remember this concept? )
So, the hash value that the other party computes again if it matches the hash you sent with the article, you can prove that the article has not been tampered with.
What Google scientists do this time is to try to find a way to easily generate another article with the same hash value as an article.
There are two ways, one is to mathematically find the problem of hashing algorithm, this we can confirm that does not work, mathematically proved no problem.
The second method is called brute force, and that's what I tried I tried. Try, always find another article with the same hash value. This theory is feasible, but from the practice, to try to count tens of millions of years, only the early evening is far from enough.
Google's work this time, is to find some rules and algorithms, at the same time, with the help of cloud computing capabilities, so that the original thought tens of thousands of years to crack the matter, overnight between. (100,000 times times faster than brute force)
To ensure information security, specific details of the algorithm Google will not be released until 90 days, so that the information security field can respond.
Google publishes the documentation for this technology in Chinese, see Http://mp.weixin.qq.com/s/07pyiX6LAZxasKRYkBz6KA.
Description
1. The hashing algorithm itself is not a problem mathematically, so Google's response is only recommended by SHA-1 to more complex SHA-256 and so on.
2. This is my (Feng Lisu) on the high-speed rail to pass time to a friend circle of Popular science, in order to ensure that all the friends will be able to read, not to ensure technical and terminology rigor.
3. "An article" for example, in fact, can be any information, such as Web pages, bank information, ID card chip and so on.
4. Thumb typing hard, reproduced please indicate the source:)
Interpretation of Google's breach of cyber security algorithm