1, the encryption and decryption processes are different.
Symmetric encryption process and decryption process use the same key. Encryption process is equivalent to transmitting ciphertext with original text+key, while decryption process uses ciphertext-key to derive the original text. However, asymmetric encryption uses two keys, generally using public key encryption and private key decryption.
2. The encryption and decryption speeds are different.
Symmetric encryption and decryption is faster and suitable for long data. Asymmetric encryption and decryption takes a long time and is relatively slow, which is only suitable for small data.
3. The security of transmission is different.
In the process of symmetric encryption, the secure transmission of the key cannot be guaranteed, and the ciphertext may be intercepted by a third party during the transmission. If the password book is also intercepted by a third party, the transmitted password information will be cracked by a third party, and the security is relatively low.
In the asymmetric encryption algorithm, the private key generates different random numbers based on different algorithms, and the private key derives the public key through a certain encryption algorithm, but the derivation process from the private key to the public key is one-way, that is, the public key cannot derive the private key reversely. So the security is higher.
A, symmetric encryption algorithm
? Encryption algorithm that uses the same key for encryption and decryption. Symmetric encryption algorithm is used to encrypt sensitive data and other information. Commonly used algorithms are DES, 3DES, AES, DESX, Blowfish, RC4, RC5 and RC6.
? DES (Data Encryption Standard): A high-speed data encryption standard, which is suitable for encrypting a large amount of data.
? 3DES(Triple DES): Based on DES, a piece of data is encrypted three times with three different keys, which is more powerful.
? AES (Advanced Encryption Standard): Advanced encryption standard, which is the next generation high-speed and high-security encryption algorithm standard;
Secondly, asymmetric encryption algorithm.
? Refers to an encryption algorithm that uses different keys for encryption and decryption, also known as public-private key encryption. Suppose two users want to encrypt and exchange data, and both parties exchange public keys. When used, one party can encrypt with the other party's public key, and the other party can decrypt with its own private key. Common asymmetric encryption algorithms: RSA, DSA (for digital signature), ECC (for mobile devices), Diffie-Hellman and El Gamal.
RSA: Invented by RSA Company, it is a public key algorithm that supports variable-length keys, and the length of the file block to be encrypted is also variable.
DSA (Digital Signature Algorithm): Digital signature algorithm, which is a standard DSS (Digital Signature Standard);
ECC (Elliptic Curve Cryptography): Elliptic Curve Cryptography.
Compared with RSA, ECC has absolute advantages in many aspects, mainly in the following aspects:
(1) has strong anti-attack ability. With the same key length, it is many times more resistant to attack.
(2) The calculation amount is small and the processing speed is fast. The overall speed of ECC is much faster than RSA and DSA.
(3) The storage space is small. Compared with RSA and DSA, ECC has much smaller key size and system parameters, which means that it takes up much less storage space. This is of great significance to the application of encryption algorithm in IC card.
(4) Low bandwidth requirements. When encrypting and decrypting long messages, the three types of cryptosystems have the same bandwidth requirements, but when applied to short messages, the ECC bandwidth requirements are much lower. The low bandwidth requirement makes ECC have a broad application prospect in the field of wireless networks.
Three, hash algorithm (Hash algorithm- one-way encryption algorithm)
Hash is the refinement of information, and its length is usually much smaller than that of information, and it is a fixed length. A strongly encrypted hash must be irreversible, which means that no part of the original information can be inferred from the hash result. Any change of input information, even if there is only one bit, will lead to obvious change of hash result, which is called avalanche effect. Hash should also prevent conflicts, that is, two pieces of information with the same hash result cannot be found. Hash results with these characteristics can be used to verify whether the information has been modified.
Hash algorithm: What is special is that it is a one-way algorithm. Users can generate a unique hash value with a specific length for the target information through the hash algorithm, but they cannot obtain the target information again through this hash value. Therefore, hash algorithm is often used for irreversible password storage, information integrity check and so on.
One-way hash function is generally used to generate message digest, key encryption and so on. Common hash algorithms: MD2, MD4, MD5, HAVAL, SHA, SHA- 1, HMAC, HMAC-MD5, HMAC-SHA 1.
MD5 (Message Digest Algorithm 5): It is a one-way hash algorithm developed by RSA Data Security Company. It is irreversible, and the same plaintext produces the same ciphertext.
SHA (Secure Hash Algorithm): Data operation of any length can generate a value of 160 bits;
Comparison between SHA- 1 and MD5
SHA- 1 and MD5 are very similar because they are both derived from MD4. Accordingly, their strength and other characteristics are similar, but there are some differences:
(1) Security against forced power supply: The most significant and important difference is that SHA- 1 abstract is 32 bits longer than MD5 abstract. Using brute force technology, the difficulty of generating any message to make its digest equal to that of a given message is 2 (128) for MD5 and 2 (160) for SHA- 1. In this way, SHA- 1 is more powerful against forced attacks.
(2) Security of cryptanalysis: SHA- 1 is vulnerable to cryptanalysis due to the design of MD5.
Speed: On the same hardware, SHA- 1 runs slower than MD5.
Fourthly, the choice of encryption algorithm.
1. Because the speed of asymmetric encryption algorithm is much slower than that of symmetric encryption algorithm, when we need to encrypt a large amount of data, we suggest using symmetric encryption algorithm to improve the encryption and decryption speed.
2. Symmetric encryption algorithm can't realize signature, so the signature can only be asymmetric algorithm.
3. Because the key management of symmetric encryption algorithm is a complicated process, which directly determines its security, asymmetric encryption algorithm can be considered when the data volume is small.
4. In actual operation, we usually use asymmetric encryption algorithm to manage the key of symmetric algorithm, and then use symmetric encryption algorithm to encrypt data, so we combine the advantages of the two encryption algorithms, which not only realizes the advantages of fast encryption, but also realizes the advantages of safe and convenient key management.
? How many bits of key did you use?
? RSA suggests 1024 bits, ECC suggests 160 bits, and AES suggests 128 bits.