Symmetric-key cryptography 不严格分类:
1) 分组密码 block ciphers
DES (Data Encryption Standard) 是 AES (Advanced Encryption Standard) 的前身。
2) 流密码 stream ciphers
例如 RC4
3) 密码哈希函数
MD4 MD5 都已经被破解了,SHA (Secure Hash Algorithm)系列,SHA-0 (有缺陷),SHA-1, SHA-2
Public-key cryptography:
elliptic curve cryptography ECC
RSA
Cryptographic hash function (Wikipedia)
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest.
密码哈希函数和密码系统的区别是,哈希函数的单向的,没有解密的过程。
它有四个特性
* it is easy to compute the hash value for any given message,
* it is infeasible to find a message that has a given hash,
* it is infeasible to modify a message without changing its hash,
* it is infeasible to find two different messages with the same hash.
哈希函数的应用
Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables; as fingerprints, to detect duplicate data or uniquely identify files; or as checksums to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for functions with rather different properties and purposes.
常用的哈希
md5 我们经常看到的。
数字签名:
用了非对称密码和哈希。有一点不明白,左边图的 certificate 是指什么?data 是不加密传的吗?数字签名不是把一个手写签名数字化,并验证签名的有效性;而是确认数据的完整,真实,不可抵赖。数据可以是一个合同。
数据和签名是一起发送的,以为着数据是可见的。为什么要用哈希函数,因为- 保证数据完整性
- 数据可能很长,公钥体系加解密很慢,就不实用了,而哈希message digest 很短。
SSL and TLS
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
0 comments:
Post a Comment