Home teknologiaa encryption

encryption



Historicalsources

Thereasonwhyencryptionissafeisnotbecauseyoudon’tknowtheencryptionanddecryptionalgorithms,buttheencryptionkeyisabsolutelyhidden.PopularRSAandAESencryptionalgorithmsarebothFullypublic,ifonepartyobtainstheencrypteddata,evenifitknowstheencryptionalgorithm,ifthereisnoencryptionkey,itcannotopentheencryptedinformation.Theconcealmentofencryptionalgorithmstoprotectinformationhasbeendiscussedinacademiaandindustry,anditisgenerallyconsideredtobeinsecure.Thepublicencryptionalgorithmisforhackersandencryptionparentstoattackandtestovertheyears.Comparedwiththehiddenencryptionalgorithm,itismuchsafer.

Incryptography,encryptionistoconcealplaintextinformation,makingitunreadableintheabsenceofspecialinformation.Althoughencryptionhasexistedforcenturiesasameansofkeepingcommunicationsconfidential,onlythoseorganizationsandindividualswithparticularlyhighsecurityrequirementswilluseit.Inthemid-1970s,theuseofstrongencryption(StrongEncryption)begantoextendfromgovernmentsecretagenciestothepublicdomain,andhasnowbecomeamethodofprotectingmanywidelyusedsystems,suchasInternete-commerce,mobilephonenetworks,andbankATMs..

Encryptioncanbeusedtoensuresecurity,butothertechnologiesarestillnecessarytoensurecommunicationsecurity,especiallywithregardtodataintegrityandinformationverification;forexample,informationverificationcode(MAC)ordigitalsignature.Anotherconsiderationistocopewithtrafficanalysis.

EncryptionorCodeObfuscationisalsousedinsoftwarecopyrightprotectiontodealwithreverseengineering,unauthorizedprogramanalysis,crackingandsoftwarepiracy,anddigitalrightsmanagement(DRM)fordigitalcontentWait.

Althoughtheconceptofencryptionordecodinginformationforsecuritypurposesisverysimple,itstillneedstobeexplainedhere.Thebasicprocessofdataencryptionincludestranslatingtheoriginalreadableinformationcalledplaintextintoacodeformcalledciphertextorpassword.Thereverseofthisprocessisdecryption,thatis,theprocessoftransformingtheencodedinformationintoitsoriginalform.

Origin

Inancienttimes,encryptionwasaccomplishedbymanymethods.Itismore"popular"inChinatousestarchwatertowriteonpaper,andthensoakitiniodinewatertomakethewordsappear.Butforeigncountriesaredifferent.ThemostclassicisthePeloponnesianWar.In405BC,thePeloponnesianWarbetweenAthensandSpartahadcometoanend.TheSpartanarmygraduallygainedanadvantage,readytolaunchafinalblowtoAthens.Atthistime,thePersianEmpire,whichwasonthesideofSparta,suddenlychangeditsattitudeandstoppedassistingSparta.TheintentionwastomakeAthensandSpartalosebothintheongoingwarinordertoprofitfromit.Undersuchcircumstances,SpartaurgentlyneededtofigureoutthespecificactionplanofthePersianEmpireinordertoadoptanewstrategicapproach.Atthismoment,theSpartanarmycapturedanAthenianmessengerwhohadsentaletterbacktoAthensfromthePersianEmpire.TheSpartansoldierssearchedthemessengercarefully,buttheysearchedforalongtime,andfoundnothingbutanormalbeltfullofmessyGreeklettersfromhim.Whereistheinformationhidden?TheSpartanarmycommanderLysanderfocusedhisattentiononthatbelt,andtheintelligencemustbeinthosemessyletters.Herepeatedlyponderedandstudiedthesescripture-likecharacters,rearrangingandcombiningthelettersonhisbeltinvariousways,buthecouldn'tfigureitout.Intheend,Lysanderlosthisconfidence.Hefiddledwiththebeltwhilethinkingaboutotherwaystogetinformation.Whenheaccidentallytwistedthebeltaroundthescabbardinhishand,amiraclehappened.Itturnedoutthatthemessylettersonthebeltformedaparagraphoftext.ThisisthepieceofinformationsentbackbytheAthenianspy.IttoldAthensthatthePersianarmywaspreparingtoattacktheSpartanarmysuddenlywhentheSpartanarmylauncheditsfinalattack.Basedonthisinformation,theSpartanarmyimmediatelychangeditscombatplan,firstattackedthedefenselessPersianarmyatlightningspeed,anddefeateditinonefellswoop,alleviatingitsworries.Subsequently,theSpartanarmyreturnedtothearmytoconquerAthensandfinallywonthefinalvictoryofthewar.

ThebeltintelligencesentbackbytheAthensspyistheearliestcryptographicintelligenceintheworld.Thespecificmethodofuseisthatthecommunicatingpartiesfirstagreeonthepasswordinterpretationrules,andthencommunicate—thepartywrapsthebelt(orsheepskinandotherthings)Writeonwoodensticksofagreedlengthandthickness.Receivingletter-Afterreceivingtheletter,ifyoudon'twrapyourbeltaroundawoodenstickofthesamelengthandthickness,youwillonlyseesomeirregularletters.Later,thiscryptographiccommunicationmethodwaswidelycirculatedinGreece.Themodernciphertelegramissaidtohavebeeninspiredbyitandinvented.

Origin

Encryptionisawaytoensuredatasecurity.Itisnotunique.Ithasalonghistory.Itoriginatedin2000BC(Forcenturies),althoughitisnottheencryptiontechnologywearetalkingabout(notevencalledencryption),asaconceptofencryption,itwasindeedbornafewcenturiesago.Atthattime,theEgyptianswerethefirsttousespecialhieroglyphsasinformationcodes.Astimewenton,Babylon,Mesopotamia,andtheGreekcivilizationsallbegantousemethodstoprotecttheirwritteninformation.

Recently,encryptiontechnologyismainlyusedinmilitaryfields,suchastheAmericanWarofIndependence,theAmericanCivilWarandthetwoworldwars.ThemostwidelyknownencodingmachineistheGermanEnigmamachine,whichwasusedbytheGermanstocreateencryptedmessagesduringWorldWarII.Sincethen,thankstotheeffortsoftheAlanTuringandUltraprojectsandothers,theGermanpasswordwasfinallycracked.Atthebeginning,computerresearchwasaimedatcrackingGermanpasswords.Peopledidnotexpecttheinformationrevolutionbroughtaboutbycomputers.Withthedevelopmentofcomputersandtheenhancementofcomputingpower,passwordsinthepasthavebecomeverysimple,sopeoplecontinuetoresearchnewdataencryptionmethods,suchastheprivatekeyandpublickeygeneratedbytheRSAalgorithm.Producedon.

Introduction

Concept

ThebasicprocessofdataencryptionistoprocesstheoriginalplaintextfileordataaccordingtoacertainalgorithmtomakeitunreadableApieceofcode,usuallycalled"ciphertext",enablesittodisplayitsoriginalcontentonlyafterenteringthecorrespondingkey.Thisway,thepurposeofprotectingthedatafrombeingstolenandreadbyunauthorizedpersonsisachieved.

Thereverseprocessofthisprocessisdecryption,thatis,theprocessoftransformingtheencodedinformationintoitsoriginaldata.

Reasons

Intoday'snetworksociety,wehavenochoicebuttochooseencryption.Oneisthatweknowthattherearemanyinsecurefactorsinfiletransfersande-mailbusinesstransactionsontheInternet,especiallyItisforsomelargecompaniesandsomeconfidentialdocumentstobetransmittedonthenetwork.Moreover,thisinsecurityisthebasisoftheexistenceoftheInternet-inherentintheTCP/IPprotocol,includingsomeTCP/IP-basedservices;ontheotherhand,theInternethasbroughtunlimitedbusinessopportunitiestomanybusinesses,andtheInternetconnectstheworld.Together,goingtotheInternetmeansgoingtotheworld,whichisundoubtedlyagoodthingforcountlessbusinesses,especiallyforsmallandmedium-sizedenterprises.Inordertoresolvethiscontradictionandtoopenthedoortotheworldonasafebasis,wehadnochoicebuttochoosedataencryptionanddigitalsignaturesbasedonencryptiontechnology.

Theroleofencryptiononthenetworkistopreventusefulorprivatizedinformationfrombeinginterceptedandstolenonthenetwork.Asimpleexampleisthetransmissionofpasswords.Computerpasswordsareextremelyimportant.Manysecurityprotectionsystemsarebasedonpasswords.Inasense,thedisclosureofpasswordsmeansthecompletecollapseoftheirsecuritysystems.

Whenlogginginthroughthenetwork,thetypedpasswordistransmittedtotheserverincleartext,andeavesdroppingonthenetworkisextremelyeasy,soitisverylikelythathackerswillstealtheuser’spassword,IftheuserisaRootuseroranAdministratoruser,theconsequenceswillbeextremelyserious.

Also,ifyourcompanyisbiddingforabiddingproject,thestaffwillsendtheirunit’sbidtothebiddingunitbye-mail,ifatthistimeanothercompetitorisfromIfyoustealyourcompany’sbiddocumentsontheInternetandknowwhatyourcompany’sbidsare,whatwillbetheconsequences,Ibelieveyoucanunderstandwithoutsayingmore.

Therearetoomanyexampleslikethis.Thesolutiontotheabove-mentionedproblemsisencryption.Theencryptedpasswordisunreadableevenifitisobtainedbyhackers.Theencryptedtenderdoesnothavetherecipient’sprivatekey.Unabletounravel,thebiddingdocumentsbecamealotofgarbledcodeswithoutanypracticalsignificance.Inshort,whetheritisaunitoranindividual,inasense,encryptionhasalsobecomeasymboloftheeraforthesecuretransmissionoffilesoremailsintoday'sonlinesociety!

Digitalsignatureisbasedonencryptiontechnology,anditsfunctionistodeterminewhethertheuserisauthentic.Emailisthemostwidelyused.Forexample,whenauserreceivesanemail,theemailismarkedwiththesender’snameandmailboxaddress.Manypeoplemaysimplythinkthatthesenderisthepersonstatedintheletter,butinfactForgingane-mailisextremelyeasyforanordinaryperson.Inthiscase,adigitalsignaturebasedonencryptiontechnologymustbeusedtoconfirmtheauthenticityofthesender'sidentity.

Thereisalsoanidentityauthenticationtechnologysimilartodigitalsignaturetechnology.SomesitesprovideinboundFTPandWWWservices.Ofcourse,thesetypesofservicesthatusersusuallycontactareanonymousservices.Therightsofusersarelimited,buttherearealsoThistypeofserviceisnotanonymous.Forexample,acompanyprovidesnon-anonymousFTPservicesforusers’partnersforinformationexchange,oradevelopmentteamuploadstheirWebpagestotheuser’sWWWserver.Thequestionis,howdoestheuserdeterminethattheuserisaccessingtheuser?Thepersonoftheserveristhepersonthattheuserthinks,andtheidentityauthenticationtechnologyisagoodsolution.

Itshouldbeemphasizedherethatfileencryptionisnotonlyusedfore-mailorfiletransmissionontheInternet,butalsostaticfileprotectioncanalsobeapplied.Forexample,PIPsoftwarecanprotectThefileorfolderisencryptedtopreventothersfromstealingtheinformation.

Classification

Encryptionisbasedonmathematicalencodinganddecodingofinformation.Therearetwotypesofencryption,symmetricencryptionandasymmetricencryption.Bothpartiesofsymmetricencryptionuseacommonkey.(Ofcourse,thiskeyneedstobekeptsecret).Herewetalkaboutasymmetricencryption.Therearetwokeysforthisencryptionmethod.,Key-oneisapublickey(asitsnamesuggests,thisisakeyvaluethatcanbedisclosed),andtheotherisaprivatekey(secrettotheoutsideworld).Whenyousendinformationtous,usethepublickeytoencrypttheinformation.Oncewereceiveyourencryptedinformation,weusetheprivatekeytodeciphertheinformationpassword(theinformationencryptedbyourpublickeycanonlybedecryptedbyourprivatekey,sothatitistechnicallyguaranteedthatthisletterisonlyavailabletousInterpretation-becausesomeoneelsedoesnothaveourprivatekey).Theinformationencryptedwiththeprivatekeycanonlybedecryptedwiththepublickey(thisfunctionisappliedtothefieldofdigitalsignature,thedataencryptedbymyprivatekeycanonlybedecodedbymypublickey,andthespecificcontentreferstotheinformationofthedigitalsignature)andviceversaOfcourse,toensurethesecurityofyourinformation.

Standard

TheearliestandmostfamoussecretkeyorsymmetrickeyencryptionalgorithmDES(DataEncryptionStandard)wasdevelopedbyIBMinthe1970sandwasapprovedbythegovernment.Aftertheencryptionstandardwasscreened,itwasadoptedbytheUSgovernmentinNovember1976,andDESwassubsequentlyrecognizedbytheAmericanNationalStandardsInstituteandtheAmericanNationalStandardInstitute(ANSI).

DESusesa56-bitkeytoencrypta64-bitdatablockandperforms16roundsofencodingonthe64-bitdatablock.Witheachroundofencoding,a48-bit"per-round"keyvalueisderivedfroma56-bitcompletekey.DESusessoftwaretodecodeittakesalongtime,andhardwaredecodingspeedisveryfast.Fortunately,atthetime,mosthackersdidnothaveenoughequipmenttomakesuchhardwaredevices.In1977,itwasestimatedthatitwouldcost20millionU.S.dollarstobuildaspecialcomputerforDESdecryption,anditwouldtake12hourstogettheresult.Atthattime,DESwasconsideredaverypowerfulencryptionmethod.

Withtheincreasingspeedofcomputerhardware,thecostofmanufacturingsuchaspecialmachinehasdroppedtoaboutonehundredthousanddollars,anditisobviouslynotenoughtouseittoprotectabillion-dollarbankInsured.Ontheotherhand,ifyouonlyuseittoprotectanordinaryserver,thenDESisindeedagoodway,becausehackerswillneverspendsomuchmoneytocrackDESciphertextjusttoinvadeaserver.

AnotherveryfamousencryptionalgorithmisRSA.TheRSA(Rivest-Shamir-Adleman)algorithmisapublickeysystembasedontheassumptionthatlargenumberscannotbedecomposedbyprimefactors.Simplyput,itistofindtwoverylargeprimenumbers.Oneisthe"Publickey"(Publickey),andtheotheriscalledthe"Privatekey"withouttellinganyone.Thetwokeysarecomplementary,whichmeansthattheciphertextencryptedwiththepublickeycanbedecryptedwiththeprivatekey,andviceversa.

SupposeuserAwantstosendalettertouserB,andtheyknoweachother’spublickey.AusesB’spublickeytoencryptthemailandsendsitout.AfterBreceivesit,hecanusehisprivatekeytodecrypttheoriginaltextofA.SinceothersdonotknowB'sprivatekey,evenAhimselfcannotdecrypttheletter,whichsolvestheproblemofconfidentialityoftheletter.Ontheotherhand,sinceeveryoneknowsB'spublickey,theycanallsendalettertoB,sohowcanBbesurethatitisaletterfromA?Thenweneedtousedigitalsignaturebasedonencryptiontechnology.

Auseshisownprivatekeytoencryptthecontentofthesignature,attachesittotheemail,andthenusesB'spublickeytoencrypttheentireemail(notetheorderhere,ifyouencryptandthensign,otherscansignAfterremovingit,signyourownsignature,therebytamperingwiththesignature).Inthisway,aftertheciphertextisreceivedbyB,Buseshisprivatekeytodecrypttheemail,obtainsA’soriginaltextanddigitalsignature,andthenusesA’spublickeytodecryptthesignature,sothattwoaspectsofsecuritycanbeensured.

Encryptiontechnology

Definition

Encryptiontechnologyisthemostcommonlyusedmeansofsecurityandconfidentiality,usingtechnicalmeanstotransformimportantdataintogarbled(encrypted)transmission,andthenAfterthedestination,usethesameordifferentmeanstorestore(decrypt).

Encryptiontechnologyincludestwoelements:algorithmandkey.Algorithmisthestepofcombiningordinaryinformationorunderstandableinformationwithastringofnumbers(keys)toproduceincomprehensibleciphertexts.Thekeyisanalgorithmusedtoencodeanddecryptdata.Insecurityandconfidentiality,thesecurityofnetworkinformationcommunicationcanbeensuredthroughappropriatekeyencryptiontechnologyandmanagementmechanisms.

Application

Theapplicationofencryptiontechnologyismany,butthemostwidelyusedistheapplicationofe-commerce,VPNanddatasecurity,whicharebrieflydescribedbelow.

E-commerce

E-business(E-business)requirescustomerstoconductvariousbusinessactivitiesonlinewithoutworryingabouttheircreditcardbeingstolen.Inthepast,inordertopreventthenumberofthecreditcardfrombeingstolen,theusergenerallyplacedanorderbyphoneandthenusedtheuser'screditcardtomakethepayment.PeoplebegantouseRSA(apublic/privatekey)encryptiontechnologytoimprovethesecurityofcreditcardtransactions,makingitpossiblefore-commercetobecomepractical.

ManypeopleknowthatNETSCAPEisaleadingtechnologyproviderinInternetcommerce.ThecompanyprovidesatechnologybasedonRSAandsecretkeysthatisappliedtotheInternet,whichiscalledtheSecureSocketLayer(SecureSocketLayer).SocketsLayer,SSL).

PerhapsmanypeopleknowthatSocketisaprogramminginterfaceanddoesnotprovideanysecuritymeasures.SSLnotonlyprovidesaprogramminginterface,butalsoprovidesasecureservice.SSL3.0hasbeenappliedtotheserverandOnthebrowser,SSL2.0canonlybeappliedtotheserverside.

AfterSSL3.0usesanelectriccertificatetoverifyidentity,bothpartiescanusethesecretkeytoconductasecureconversation.Itusesboth"symmetric"and"asymmetric"encryptionmethods.Duringthecommunicationbetweenthecustomerandthee-commerceserver,thecustomergeneratesaSessionKey,andthenthecustomerencryptstheSessionKeywiththeserver-sidepublickey,andthensendsittoOntheserverside,afterbothpartiesknowtheSessionKey,thetransmitteddataisencryptedanddecryptedbytheSessionKey,butthepublickeysentbytheservertotheusermustfirstapplytotherelevantissuingauthorityfornotarization.

BasedonthesecurityprovidedbySSL3.0,userscanfreelyordergoodsandgivecreditcardnumbers,andtheycanalsoexchangebusinessinformationwithpartnersonlineandallowsupplierstoorderandreceiveordersfromSenditonline,whichcansavealotofpaperandsavethecompanyalotofphoneandfaxcosts.Inthepast,electronicinformationexchange(ElectricDataInterchange,EDI),informationtransaction(informationtransaction)andfinancialtransaction(financialtransaction)wereallcompletedonaprivatenetwork,andthecostofusingaprivatenetworkwasmuchhigherthanthatoftheInternet.Itisthishugetemptationthatmakespeoplebegintodevelope-commerceontheInternet,butdon'tforgetaboutdataencryption.

VPN

Moreandmorecompaniesaregoinginternational.Acompanymayhaveofficesorsalescentersinmultiplecountries.EachorganizationEachhasitsownlocalareanetworkLAN(LocalAreaNetwork),butintoday'snetworksociety,people'srequirementsarenotonlythat.UserswanttoconnecttheseLANstogethertoformacompany'sWAN,whichisnotdifficult.

Infact,manycompanieshavealreadydonethis,buttheygenerallyuseleaseddedicatedlinestoconnecttheselocalareanetworks.Whattheyconsideristhesecurityofthenetwork.Routerswithencryption/decryptionfunctionsareeverywhere,whichmakesitpossibleforpeopletoconnecttotheselocalareanetworksthroughtheInternet.ThisiswhatweusuallycallVirtualPrivateNetwork(VPN).Whenthedataleavesthelocalareanetworkwherethesenderislocated,thedataisfirstlyencryptedbyhardwarebytherouterconnectedtotheInternetattheuserend.ThedataistransmittedinencryptedformontheInternet.WhenitreachestherouterofthedestinationLAN,therouterwillDecryptthedatasothatusersinthedestinationLANcanseetherealinformation.

Datasecurity

Computershaveenteredthousandsofhouseholds,andtheyplayanirreplaceableroleincommercialoffices.Thesecurityofimportantandconfidentialdatastoredincomputershasbecomeanissuethatallcomputerusersattachgreatimportanceto.Whetheritispersonalcomputerdataorcompanycomputerdata,ifthesecretsareleaked,thelossandimpactwillbehuge.

Relatedinformation

Relatedsoftware

Encryptionorsoftwarecodeobfuscation(CodeObfuscation)isalsointhesoftwarecopyrightprotection,whichisusedtodealwithreverseengineering.Authorizedprogramanalysis,crackingandsoftwarepiracyanddigitalrightsmanagement(DRM)ofdigitalcontent,etc.

ThiskindofencryptionserviceisespeciallyobviousinAndroidapplications.Duetotheincreaseinpackagingparties,manyespeciallyAndroidapplicationshavebeendecompiled,reverseanalyzed,andre-packaged.Therefore,manyAndroiddevelopershavetoperformonAndroidapplications.Encryption,however,sincemostdevelopersfocusonAppdevelopmentandoperation,theydon’thavemuchtimeandenergytodevelopeffectiveAppencryptionmethodsontheirown,sothethird-partyAndroidapplicationencryption,LoveEncryption,wasborn.Serviceproviders,accordingto36Krreports,AiEncryptionisathird-partyAppencryptionplatformbasedontheSaaSdeliverymodel,allowingdeveloperstocompletetheadvancedreinforcementoftheApponlineinonly5-10minutes,addingaprotectiveshelltotheApp.ItcaneffectivelypreventtheAppfrombeingimplantedwithmaliciouscode,secondarypackaging,andcopycatpiracyduringtheoperationprocess,anditcanalsohelpdeveloperssavedevelopmenttimeandcosts.

Categories

Encryptionalgorithmscanbedividedintotwocategories:symmetricencryptionandasymmetricencryption

encryptiontechniques

thefollowingtechniquescanbestrengthenedEncryptionsecurity:

1.Donotuseoldencryptionalgorithms

EnterprisesshouldstopusingoldencryptionalgorithmssuchasDES,anddonotusetheirrelatives3DES(TripleDataEncryptionStandard).

2.Usethelongestencryptionkeysupportedbytheenterprise

Itisrecommendedthatenterprisesusethelongestkeyasmuchaspossible,whichcanmakethosewhocannotaccessItisdifficultforbackdoorcompaniestocrackthecompany’sencryption.Today,AES128isrobust,butifpossible,useAES512orlongerkeys.

3.Multi-layerencryption

Itisrecommendedthatenterprisesusemulti-layerencryptionasmuchaspossible,whichcanincreasethedifficultyofattackers.Ifpossible,encrypteveryfield,everytable,andtheentiredatabaseinthedatabase.

4.Safelystoreencryptionkeys

ThebiggestproblemfacingenterprisesmaynotbetheencryptionalgorithmleftbehindbytheUSNationalSecurityAgency,butthepasswordItisonlypartoftheencryptionscheme.Forotherelementsoftheinfrastructure,suchaskeymanagementsystems,companiesmustalsoensuretheirsecurity.Attackersarewillingtodealwiththeweakestlinkofthesecuritysystem.Ifanattackercaneasilystealthekey,whybothertocracktheencryptionalgorithm?

Somecompaniesgivethekeytoprotecttheirdatatoathirdparty,especiallywhenthecompanystoresthedatainapubliccloudandisencryptedandprotectedbythecloudprovider.Theproblemhereisthatthecompanyhasnocontroloverthekeys,butmusttrustthecloudprovider’semployeestokeepthekeyssecurely.

Ifanenterprisecanimplementanencryptionsystemthatcancontrolthekeyinthecloud,itwillbemuchsafer.Cloudencryptiongatewaysthatautomaticallyhandleencryptioncanhelpcompaniesachievethiskindofsecurity.

5.Ensuringthecorrectimplementationofencryption

Infact,implementinganencryptionsystemisnoteasybecauseithasmanydynamiccomponents,andanyoneofthemispossibleBecomeaweaklink.Youmustconductextensiveinvestigationstoensurethatencryptionisimplementedcorrectly.

Intheprocessofimplementingencryption,whichaspectsarepronetoerror?Inadditiontothevulnerabilityofthekeytoattack,thereisalsotheimplementationofCBC(CipherBlockChaining).UsingCBC,arandomtextblock(alsocalledaninitializationvector)ofthesamelengthcanbeusedtoperformanexclusiveORoperationontheplaintext,andthenencryptittogenerateanencryptedtextblock.Then,thepreviouslygeneratedciphertextblockisusedasaninitializationvectortoperformanXORoperationonthenextplaintextblock.

ThecorrectimplementationofCBCrequiresanewinitializationvectoratthebeginningofeachprocess.AcommonmistakeistoimplementCBCwithanunchangedstaticinitializationvector.IfCBCisimplementedcorrectly,thenifweencryptthetextblockontwodifferentoccasions,theproducedciphertextblockwillnotbethesame.

6.Don'tignoreexternalfactors

Externalfactorsthatthecompanycanhardlycontrolmaydestroythesecurityoftheencryptionsystem.Forexample,SSLreliesondigitalcertificates,andthesefactorsdependontheintegrityoftherootcertificationauthorityembeddedinthebrowser(suchasIE,Firefox,Chrome,etc.).Buthowdoweknowifitiscredible,orifthesecertificationauthoritiesarenotundertheguiseofaforeignintelligenceagency?Doyouthinkthissoundsfar-fetched,butitmaybetrue.

Inaddition,DNSisalsoaweaknessthathastobepaidattentionto.AslongasDNSiscompromised,attackerscanusephishingtechniquestobypassencryption.

Ofcourse,thevariouspossibilitiesofencryptionareemphasizedhere.Aproperlyimplementedencryptionsystemcanonlybeovercomeinonecase,thatis,thekeyistested.Itisnotimpossibletoguessthekeyinashorttime,butthepossibilityisverysmall.

This article is from the network, does not represent the position of this station. Please indicate the origin of reprint
TOP