The difference and explanation of the cipher and password

Source: Internet
Author: User
Tags hash rar

We often use the password in life, especially in this era of information explosion, such as the password of the bank card consists of six digits, Alipay's password is composed of several characters, but these so-called passwords is "real" password? or what is the nature of them? In fact, these numbers and letters and symbols are just as a voucher for personal withdrawals, it is essentially an authentication mechanism, only you lose the password to get money, the wrong can not take money, right and wrong is only the difference between the string of characters, so, they are not the real meaning of the password, the strict name should be called "password", The corresponding English words are password, passcode and PIN.

The so-called password, is some evidence of clearance, by which to determine whether the individual can pass a certain test, such as in the past during the anti-Japanese War code and password and so on. The password is not really confidential, except for you, the bank itself knows your card's password. Also, the password can be bypassed without knowing the password, for example, a hacker or a computer master can invade an enterprise's internal, access to some valuable confidential information, etc., theoretically is completely feasible; or we can compare the password to a treasure-house key, only when you get the key, you can open the door of the Treasury, However, even if we do not have the key, we can use the tool to pry open or open the door, so we can get the jewels inside. Now it seems that the password is actually a door to the destination.

Now for the password. What is the password? The corresponding English is "cryptography", which means a kind of complex and huge information processing system. In layman's terms, a password is a way of conveying information. Now let's take a few simple examples to illustrate what a password is.

First look at the following passwords:

1.Windows System Login Password,

2.WinRAR compressed Password,

3. Router Management login password,

4. Wireless network password,

5.Word document open Permission password,

6. Website email password,

7.QQ password.

For these passwords, what are passwords (cryptography) and what are passwords (password)? The correct answer is: 1367 is the password, 245 is the password. First look at the Windows login password, it is a way to enter the system authentication, although it is encrypted storage, but by the win system login Process Control, when you enter the password, LSASS and Winlogon process will be responsible for the password you entered and decrypted the original system password for comparison, If the same is allowed to enter the system, otherwise it is not allowed to enter the system. At this point, the system process is aware of the user's password, and it knows how to encrypt it and how to decrypt or restore it.

Similarly, this password can also be bypassed, such as using a U disk into the PE system, in another operating system down to clear the original system password file (SAM) data. Therefore, the Windows system login password is actually a password.

Look at the rar password, when you want to unzip a RAR or zip file with a password, WinRAR will prompt you to enter the password, then if you enter a bad password, rar next what will do? Does it judge whether the password you typed is correct or wrong? The answer is no, Because WinRAR does not know that the password you entered is correct or wrong, because in the world in addition to the person who set the password, theoretically no one knows the password of this file. RAR After receiving the password does not care about it, it will always decompression, until the decompression after the restoration of clear text, it began to test the clear text of the CRC32, if the WinRAR before the reconciliation of the original file to save the CRC, indicating that there may be a password error caused, when it will prompt a "checksum failure, File corruption or password error "message, because the decompression failure is not necessarily caused by a password error, it is possible that the data itself is incomplete or missing part of the content caused.

So, even if you use the tracking method to bypass the RAR password authentication mechanism, such as the unequal jump instructions to the equivalent jump instructions, cheat winrar Let it think you entered the password is correct, such a result is only winrar no longer prompt password error message, However, the extracted data is not the original data, but a heap of garbage characters, there is no meaningful information in the file. WinRAR's password is equivalent to a coding method, it will be encoded in some way, this way by the algorithm and password together to determine, so as to transform into a kind of people do not understand the meaningless information, so you lose the wrong password, the way to restore will be wrong, the natural restoration of the data will certainly be wrong.

This is the difference between password and password, the password is not a door, but the jewelry itself, only when the password is correct, jewelry is jewelry, wrong password, jewelry is not jewelry, but scrap metal. Password can be removed, but the password can only be brute force, brute force to break the need for time, theoretically any password will one day be cracked, in addition to a one-time password, this will be mentioned below.

Thus, we should be able to clearly see the next password, for example, the router login password, the wrong password will be prompted to error, this is the characteristics of the password, passwords are generally the wrong password, and passwords generally do not prompt, of course, is not absolute, such as the previous winrar will be prompted, or my own design of the password key tool ( Keymanager), the password error will also prompt, this does not mean that it is a password, the reason is prompted because the clear text of the one-way hash value and the original plaintext of the hash value inconsistent, it will be prompted password errors, in fact not necessarily a password error, may be file corruption, And the Cipher key This tool uses encryption method is so-called one-time password this technology, theoretically can never crack, because even if someone claims to crack the file, but how does he know he cracked out of the original data? Or is it a completely deranged data? Does he never know whether he cracked it or failed? This is a paradox. The method used in one-time cryptography is XOR (exclusive OR) operation, the principle is very simple, but can never be cracked, but because the method security is strong but not flexible, so it is not widely used.

and wireless network password and router login password is completely different, you in the transmission of wireless network password even if the wrong can also be linked to the router, but not on the network. Because the wireless network encryption is the signal, whether you lose the wrong it will restore, but if you lose the wrong it will not be able to restore the real network data, so you connect is actually a dead end.

Office password We have encountered more, the network has some software to remove Office passwords, a few seconds to quickly remove the password, tried the next really can, this is what principle? In fact, the word "remove" is not used accurately, it should be used to crack the word more appropriate, Word default encryption method of the password range is 256^ 5, which is 5 bytes. Someone will 5 bytes of data traversal, generate a total of several terabytes of files, placed on the server, and then cracked the program first from the local access to Doc or xls files of several bytes of data, and then sent to the server to find the key, found back with the key to unlock the file.

Note that this found key is not necessarily the original password of the file, but it can also open the encrypted file because the password may be duplicated and two passwords may point to the same key. No matter how long your password is set, the key to the password will always be found in this 256^5. The last two mailbox password and QQ password are needless to say, they are passwords.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.