Current location - Quotes Website - Personality signature - Technical document on information security
Technical document on information security
Cryptography and key management

Summary:

The two basic elements of encryption system are encryption algorithm and key management. Encryption algorithms are formulas and rules that specify the conversion mode between plaintext and ciphertext. Because of the repeated use of cryptographic system, it is difficult to ensure the security of information only by encryption algorithm. In fact, the security and reliability of encrypted information depend on the key system. Key is the key information to control encryption algorithm and decryption algorithm, and its generation, transmission and storage are very important.

Second keyword: Cryptographic security network key management

Three texts:

Cryptography is a technical science that studies cryptographic encoding and decoding. Studying the objective law of password change and applying it to compiling passwords to keep communication secrets is called coding; The act of obtaining communication information by deciphering passwords is called deciphering and cryptography.

Cryptography is an important secret means for communication parties to convert special information according to agreed rules. According to these laws, changing plaintext into ciphertext is called encryption transformation; Turning ciphertext into plaintext is called decryption transformation. In the early days, passwords only changed the encryption and decryption of characters or numbers. With the development of communication technology, voice, image and data can be encrypted and decrypted.

Cryptography is gradually developed in the practice of the struggle between encoding and decoding, and with the application of advanced science and technology, it has become a comprehensive frontier technology science. It is closely related to linguistics, mathematics, electronics, acoustics, information theory and computer science. Its actual research results, especially the encryption and decoding methods used by governments all over the world, are highly confidential.

Cryptography includes cryptography and cryptanalysis. The design of cryptographic system is the main content of cryptography, and the decryption of cryptographic system is the main content of cryptanalysis. Cryptographic coding technology and cryptanalysis technology are interdependent and inseparable. Cryptosystem includes symmetric key cryptosystem and asymmetric key cryptosystem. Symmetric key cryptosystem requires both encryption and decryption to have the same key. The asymmetric key cryptosystem is that the encryption and decryption parties have different keys, and the encryption key and decryption key cannot be calculated with each other without knowing the trap information.

In symmetric key cryptosystem, the encryption operation and decryption operation use the same key. The encryption algorithm used in this system is simple, efficient and fast, and the key is short and difficult to decipher, but there are problems in key transmission and storage. For example, the communication between Party A and Party B uses the same key for encryption and decryption. First of all, key distribution is a difficult problem, and it is obviously inappropriate to distribute keys on insecure networks. In addition, if either party leaks the key, everyone should re-enable the new key. The commonly used encryption algorithm is simple and efficient, with short key and extremely difficult to decipher. However, it is a serious problem to transmit and save keys safely on the open computer network. 1976, in order to solve the problem of key management, Diffie and Hellman put forward a key exchange protocol in their basic work "The New Direction of Cryptography", which allows both parties to exchange information on insecure media and reach a consistent key safely. It is a new scheme based on discrete exponential encryption algorithm: both parties still need to negotiate the key, but the beauty of discrete exponential algorithm is that both parties can publicly submit some data for operation. On the basis of this new idea, an "asymmetric key cryptosystem", that is, a "public key cryptosystem", appeared soon, in which the encryption key is different from the decryption key, the encryption key is public and can be used by anyone, and the decryption key is only known by the decryptor, which is called "public key" and "secret key" respectively. Because the public key algorithm does not need an online key server and the key distribution protocol is simple, the key management is greatly simplified. In addition to the encryption function, the public key system can also provide digital signatures. At present, the public key encryption algorithms mainly include RSA, Fertezza, EIGama and so on. We say that the sign that classical cryptography is different from modern cryptography is that since 1976, Duffy Herman has published an article entitled "The New Direction of Cryptography", which is of epoch-making significance; At the same time, the American Data Encryption Standard (DES) was released in 1977, which triggered an unprecedented study of cryptography. In the past, people thought that passwords were reserved for government, military, diplomatic and security departments. Since then, people have seen the research of cryptography from public to civilian, which has also led to the unprecedented development of cryptography. RSA is by far the most famous and widely used public key cryptosystem. RSA public key cryptosystem was proposed by three professors, R.Rivest, A.Shamir and L.Adleman, in 1977. RSA's name comes from the initials of these three inventors' surnames. The initial goal of RSA algorithm development is to solve the problem of transmitting and distributing DES algorithm keys through open channels. The actual results not only solve this problem well, but also can use RSA to complete the digital signature of the message to prevent the denial and negation of the message. At the same time, it can also use digital signature to easily find the attacker's illegal tampering with the message, thus protecting the integrity of data information.

I saw an example on the Internet where a person sent an 8-digit password from an e-mail box to a user administrator. He thought: how can an 8-digit password be cracked and can't be cracked? So I never change. After using it for several years, there was no problem, and I was complacent and thought my safety was first-class. Just when he was most proud, the person who should slap his mouth appeared. One of his colleagues actually cracked his 8-digit password with the lowest and most effective exhaustive method. Fortunately, they are familiar with each other, otherwise the company information will be lost, and he will go home with a quilt. Afterwards, he asked his colleague how he cracked his password, and replied: Just because every time I watched him type the password, his hand movements were exactly the same, so I knew his password was the same and never changed. It was taken as a warning by him. In the future, the password will be set separately, with 10 digits, which will be changed once every six months. The lesson I learned from it is that network security should put password security first. Because the password is the key, if others have the key to your house, they can openly steal from your house, and the neighbors will not suspect anything. My suggestion is that for important users, the password should be at least 8 digits, and there should be symbols such as English letters and numbers. Don't bother, it's even more troublesome after the password is cracked.

The harder the password is set, the better the security will not be. On the contrary, it is more difficult to remember, even a few days before the change, because of the slow input, it is remembered by others or forgotten by yourself. All this is terrible, but it is a prerequisite to ensure security that passwords are hard to exhaust. Contradictions can be transformed into each other, so how to make the system password difficult to exhaust and easy to remember is a science. Of course, if you can do the following, the security of the password is still guaranteed.

1, password exceeding 10 digits.

Generally speaking, 8-digit passwords are enough, such as passwords for general online communities and e-mail addresses. But for the password of system management, especially the password of super user, it is best to have more than 10 digits, and 12 digits is best. First of all, there are many 8-digit passwords. Generally, the starting dictionary for exhaustive work uses a 6-bit dictionary or an 8-bit dictionary, regardless of the 10 or 12-bit dictionary. Secondly, a full-code 8-bit dictionary needs to occupy about 4G space, and a full-code dictionary with 10 or 12 bits is even more astronomical. If you crack it with an ordinary desktop, it may be that in the next Millennium, there is still hope for using a medium-sized computer. Thirdly, even an English word with the letter 12 is enough to deter hackers.

2. Use irregular passwords.

For conventional passwords, such as alb2c3d4e5f6, although it is 12 bits, it is also very easy to crack. Because this password is very popular now, dictionaries are flying all over the sky, and using this password is tantamount to suicide.

3. Don't choose obvious information as the password.

Words, birthdays, anniversaries and names should not be used as the contents of passwords. The above are the basic precautions for password setting. Setting the password does not mean that everything is all right, but the key is to use and save the password correctly. Enter the password skillfully to ensure that the password is entered quickly. Losing slowly is for others to see, and it is better to have good skills. Don't write down the password. The password should be kept in mind and never written out. Do not save the password in a file on your computer. Don't let anyone know. Do not use the same password on different systems. When entering the password, it is best to ensure that no one and the monitoring system peep. Change your password regularly, at least once every six months. This is particularly important and the key to password security. Don't be too confident in your password, you may accidentally reveal it. Changing the password regularly will reduce the possibility of password cracking to a very low level. 4. Multi-party key agreement problem

At present, the existing key agreement protocols include two-party key agreement protocol, two-party non-interactive static key agreement protocol, two-round key agreement protocol, two-party verifiable key agreement protocol and three-party corresponding types of protocols. How to design multi-party key agreement protocol? Is there a multivariate linear function (the generalization of bilinear pairs)? If it exists, we can construct a round of multi-party key agreement protocol based on multivariate linear function. Moreover, if this function exists, there will definitely be more password applications. However, until now, in cryptography, this problem is far from being solved.

References:

Information technology research center. Practical handbook of new technologies and standards for network information security [M]. Version 1. Beijing: Electronic Information Publishing House. 2004

[2] Zhou Xueguang. Information security [M]. Version 1. Beijing: Machinery Industry Press. 2003

[3] Chen. Network information security [M]. Version 1. Wuhan: Wuhan University of Technology Press. 2005

[4] Ning Meng. Network information security and prevention technology [M]. Version 1. Nanjing: Southeast University Press. 2005