1 Introduction
1.1 The role of
cryptographic algorithms
Confidentiality: Sensitive information will not be disclosed to unauthorized entities.
Integrity: to ensure that the information will not be modified during storage and transmission. Such as the use of hash function verification.
Reality: The identity of the remote user or system can be determined.
Non-repudiation: Prove that a unique user made a transaction request. It is impossible for a user to deny his or her behavior.
1.2 Commonly used cryptographic algorithms
Symmetric encryption algorithm
Asymmetric encryption algorithm
Hash algorithm
2. Random Number
The generation of keys, key materials, salt values, and IVs in cryptographic algorithms all use random numbers, and cryptographically secure random number generators should be used to generate them.
Which secure random number generators can be used?
If the product supports the hardware random number interface, try to use the hardware interface to generate random numbers. If not, use the following secure random number generators or interfaces:
RAND_bytes() of the OpenSSL library;
CRYPT_random() of Chinasoft iPSI component;
Java.security.SecureRandom() of JDK;
/Dev/random files for Unix-like platforms;
RtlGenRandom() on Windows platform;
The cciRand() function of the CCI component of the VxWorks platform.
Before using RAND_bytes() and CRYPT_random(), call RAND_seed() and CRYPT_randSeed() to set the random number seed when the program is initialized. You can use system time or program running time (in milliseconds) as a seed.
Note: The random numbers generated by the C standard library functions random( ), rand() and Java's java.util.Random class are not secure random numbers and are forbidden for security purposes.
3. Symmetric
encryption algorithm
Symmetric encryption algorithm is used to encrypt sensitive data and other information.
The encryption key and the decryption key are the same or can be easily mutually determined.
Block cipher algorithm: divide the plaintext into fixed-length blocks, such as a group of 64bit or 128bit, encrypt each block with the same key and algorithm, and the output is also a fixed-length ciphertext.
Stream cipher algorithm: a type of symmetric cipher algorithm that encrypts plain text bit by bit (bit by bit) and correspondingly.
Best Practices:
When using a symmetric block cipher algorithm for encryption, the AES algorithm (Advanced Encryption Standard) is recommended.
(All stream cipher algorithms have structural weaknesses)
Key points: Correct generation of keys, selection of cipher algorithm working mode (select GCM or CBC mode when block cipher algorithm), IV generation (secure random number).
4. Asymmetric encryption algorithm
Also known as public key cryptographic algorithm. It uses two keys, a public key and a private key. The public key can be disclosed to all users, and the private key needs to be kept secret.
Asymmetric cryptographic algorithms are widely used in security fields such as key agreement, digital signatures, and digital certificates.
4.1 RSA algorithm
The RSA algorithm is the first algorithm that can be used for both asymmetric data encryption and digital signature. application:
Key pair generation: generate public and private keys
Asymmetric encryption: public key encryption and private key decryption
Digital signature: The private key encrypts the message digest, and the public key verifies the signature
Best Practices:
For asymmetric encryption, when the RSA algorithm is selected, the key length should be 2048 bits.
When the RSA algorithm performs asymmetric encryption, the OAEP filling method is preferred.
4.2 Digital signature
Role: data integrity, identity authentication, non-repudiation.
Digital signature process
signature:
The sender of the information uses a hash function (such as SHA-256) to generate a digest of the information;
The sender of the information uses its own private key to asymmetrically encrypt (sign) the digest value;
The information sender encapsulates the information and the encrypted digest value into a signature result and sends it to the receiver.
Verification:
The receiver first uses the sender’s public key to decrypt the digital signature and derive the digest value;
The receiver uses the same hash function to recalculate the digest value of the information;
Compare the digest value decrypted in (step 1) with the digest value calculated in (step 2). If they are the same, the signature is verified, otherwise the signature is invalid.
Best Practices:
Digital signature algorithm selection, it is recommended to use RSA (2048bits) or ECDSA (256bits) signature algorithm.
The signature algorithm should be used in conjunction with a secure hash algorithm.
Only sign data from trusted sources.
When encrypting and signing at the same time, use the method of signing first and then encrypting.
5. Hash Algorithm
Hash algorithm is also called message digest algorithm, one-way hash, digital fingerprint algorithm. Generate a fixed-length summary for any given data.
In cryptography, hash algorithms are often used to construct MAC or extract digital fingerprints in digital signature schemes. They are also commonly used for input comparison, software integrity protection, key derivation, password storage, and random number generation.
Commonly used secure hash algorithms: SHA-256, SHA-384, SHA-512.
Insecure hash algorithms: MD2, MD4, MD5, SHA-1.
Common misuse 1: The password is stored in a reversible way, and the attacker may obtain the password to log in as a user.
Password refers to a character string used for identity authentication, authentication, or derivation of encryption keys, and can be composed of letters, numbers, and symbols. The password is not a key.
For scenarios that do not need to restore the password, the one-way hash value of the password must be saved.
Common misuse 2: The password uses a hash algorithm, but does not add salt, and cannot resist rainbow table attacks.
Rainbow table: It is a huge collection of pre-calculated hash values for various possible letter combinations.
Salt: By inserting a string at any position in the password, the hashed result does not match the hashed result of the original password. This process is called "salting". This string is the salt value.
Best practice: The PBKDF2 algorithm is recommended in the scenario of one-way password hashing.
A simple password hash value cannot prevent rainbow table attacks. Hash and salt can prevent rainbow table attacks, but cannot prevent brute force attacks, and the security is still insufficient. The standard password-based key derivation algorithm considers rainbow table attacks and brute force attacks, which is more secure.
The PBKDF2 algorithm is a key derivation algorithm, which can be used to derive keys and save passwords. The calculation formula:
DK = PBKDF2(Password, Salt, count, dkLen).
Key points: The hash algorithm recommends using SHA256 and above, the minimum number of iterations is 10,000, the salt value is at least 8 bytes of secure random numbers, and the output length is not less than 256 bits.
