Password Technology at the core of information security

Data Encryption principles and systems

Data Encryption

The Data Encryption implemented on the computer, its encryption orDecryptionThe conversion is fromKeyControl implementation. Keyword) is based onPasswordThe system is randomly selected. It is usually a random string and is the only parameter that controls plaintext and ciphertext conversion.

Digital Signature

In addition to providing encryption and decryption of information, cryptographic technology also provides functions such as identifying information sources, ensuring information integrity and non-repudiation. These three functions are implemented through digital signatures.

The principle of digital signature is that the plaintext to be transmitted is converted into a digest using a function operation Hash. Different plaintext values correspond to different message digests ), the message digest is encrypted and transmitted to the receiver together with the plain text. The receiver generates a new message digest for the received plaintext and decrypts the digest for the sent message. The comparison result indicates that the plaintext has not been changed, if they are inconsistent, the plaintext has been tampered.

Encryption System and Comparison

According to different key types, the modern cryptographic technology is divided into two types: symmetric encryption, secret key encryption, and public key encryption, asymmetric encryption.

The symmetric key encryption system uses the same secret key for encryption and decryption, and both parties must obtain the key and keep the key secret.

The security of symmetric cryptographic systems depends on the following two factors. First, the encryption algorithm must be strong enough. It is impossible to decrypt information only based on the ciphertext itself. Second, the security of the encryption method depends on the secret of the key, rather than the confidentiality of algorithms, we do not need to ensure the confidentiality of algorithms, but need to ensure the confidentiality of keys. The algorithm implementation speed of the symmetric encryption system is extremely fast. According to the test results of the AES Candidate algorithm, the software implementation speed reaches several megabytes or dozens of megabits per second. Symmetric cryptographic systems are widely used due to these features. Because algorithms do not need to be kept confidential, manufacturers can develop low-cost chips for data encryption. These chips are widely used in large-scale production.

The biggest problem with symmetric encryption systems is the complexity and high cost of key distribution and management. For example, for networks with n users, n (n-1)/2 keys are required. If the user group is not very large, the symmetric encryption system is effective. However, for large networks, when the user base is very large and the distribution is very wide, key distribution and storage become a big problem. Another disadvantage of symmetric encryption algorithms is that digital signatures cannot be implemented.

The public key encryption system uses the encryption key public key) and the decryption key private key) are different. Since encryption keys are public, key distribution and management are very simple. For example, for networks with n users, only 2n keys are required. The public key encryption system can also easily implement digital signatures. Therefore, it is most suitable for e-commerce applications.

In practical applications, the public key encryption system does not completely replace the symmetric key encryption system, because the public key encryption system is based on cutting-edge mathematical difficulties, and the computing is very complex and its security is higher, however, its implementation speed is far behind that of the symmetric key encryption system.

In practical applications, we can use their respective advantages to encrypt files using symmetric encryption systems and public key encryption systems to encrypt the key session keys for "encrypted files". This is a hybrid encryption system, it effectively solves the problem of computing speed and key allocation management. Therefore, the public key cryptography system is usually used to encrypt key and core confidential data, while the symmetric cryptography system is usually used to encrypt a large amount of data.

Symmetric encryption system

The most famous symmetric encryption system is the American Data Encryption Standard DES, AES (Advanced Encryption Standard) and European Data Encryption Standard IDEA.

In 1977, the US National Bureau of Standards and Regulations officially implemented the US Data Encryption Standard DES, disclosed its encryption algorithm, and approved the use of it for non-confidential organizations and commercial confidential communications. Then DES became the world's most widely used encryption standard. The encryption and decryption keys and processes are exactly the same. The difference is that the application order of the sub-Key sequence used for encryption and decryption is the opposite.

However, after more than 20 years of use, we have found many shortcomings in DES, and the method for cracking DES has become increasingly effective. AES will replace DES as the next-generation encryption standard.

For more information about Password Technology, see the Password Technology at the core of information security.

1. Generate and exchange pre-shared keys
2. How long does it take to crack your password?
3. Network threat defense UTM technical decryption illustration)
4. Network Security Classification Based on Wireless Network Encryption