Definition of PBKDF2 function
DK = PBKDF2(PRF, password, Salt, c, dkLen)
? PRF is a pseudo-random function, such as HASH_HMAC function, which outputs the result with the length of hLen.
? Password is the original password used to generate the key.
? Salt is the salt value used for encryption.
? C is the number of repeated calculations.
? DkLen is the expected length of the key.
? DK is the last generated key.
blogs.com/fishou/p/420645 1.html
/questions/90 169/RSA- length of public key and private key
/questions/292 1508/trying-to-understand-Java-RSA-key-size & gt;
/Cryptography/RSA-big integer-Keys-Generated-by-RSA key generator-Java . html
Update () adds data to the internal buffer of the password, and then returns all currently fully encoded blocks. If there are any remaining coded blocks, they will remain in the password buffer until the next call or call to doFinal (). This means that if you call update () to encrypt a four-byte array and the buffer size is eight bytes, you will not receive the encoded data when you return (you will get a null). If you pass 5 bytes of data in the next call to update (), you will get an 8-byte (block size) array, which contains 4 bytes passed in the last call, the first 4 bytes are from the current call-the remaining bytes of the current call are left in the password buffer.
DoFinal (), on the other hand, is much simpler: it encrypts the passed data, fills it to the required length, and then returns it. Passwords are essentially stateless.
From/a/11900006931511
Man-in-the-middle attack of DH algorithm
In the initial description, Diffie-Herman key exchange itself does not provide authentication services for both parties, so it is vulnerable to man-in-the-middle attacks. A middleman can successfully pretend to be Bob to Alice by exchanging Diffie-Herman keys twice in the center of the channel, once with Alice and once with Bob, and vice versa. An attacker can decrypt (read and store) anyone's information and re-encrypt it, and then pass it on to another person. Therefore, a mechanism that can verify the identities of both parties is usually needed to prevent such attacks.
Advantages and disadvantages:
1. keys are only generated when needed, which reduces the probability of long-term storage keys being attacked.
2. Except for the agreement on global parameters, the key exchange does not need pre-existing infrastructure.
However, this technology also has many disadvantages:
1. No information about the identities of both parties was provided.
2. It is computationally intensive, so it is vulnerable to blocking attacks, that is, opponents request a large number of keys. The attacked person spends relatively much computing resources to solve useless power coefficients instead of doing actual work.
There is no way to prevent another attack.
4. Easily attacked by middlemen. The third party C plays the role of B when communicating with A; When communicating with B, play A, A and B all negotiate a key with C, and then C can monitor and transmit traffic. The man-in-the-middle attack is as follows:
(1) B sends his public key in a message to a.
(2) C intercepts and analyzes the message. C saves B's public key and sends a message to A, which has B's user ID, but uses C's public key YC and is still sent as if it came from B. After receiving the message from C, A stores YC and B's user ID together. Similarly, C uses YC to send a message to B that seems to come from A. ..
(3) B calculates the secret key K 1 according to the private keys XB and YC. A calculates the secret key K2 according to the private keys XA and YC. C uses private keys XC and YB to calculate K 1, and uses XC and YA to calculate K2.
(4) From now on, C can forward the message sent by A to B or the message sent by B to A, and modify their ciphertext as needed on the way. So that neither A nor B knows that they are enjoying the communication with C***.