哈希加密_加密和哈希基础知识

哈希加密

Secrecy and privacy are crucial for people. Throughout history, humankind has been interested in conveying messages in a way that other people won’t be able to understand. People use different languages, slang words, nonverbal cues to get their messages across without other people knowing. While these offer privacy to some degree, they are not suited for confidential data. Whether it’s an army trying to protect their secret plans, or children trying to make a joke that their teacher will not be able to understand, they might feel the need to use some sort of encryption.

保密和隐私对人们至关重要。 在整个历史中,人类一直对以其他人无法理解的方式传达信息感兴趣。 人们使用其他语言,语,非语言暗示来传达信息,而其他人却不知道。 尽管它们在一定程度上提供了隐私,但它们不适合机密数据。 无论是想保护自己的秘密计划的军队,还是想开玩笑的老师都听不懂的孩子,他们可能会觉得需要使用某种加密技术。

In the age of computers and the internet, cryptography is way more important than ever. So much so that it is almost impossible to avoid cryptography. From your cellphones to your smart fridges and even when you are reading this article you are using an encrypted connection. Encryption even enables us to make our payments using digital currencies. So how does it work?

在计算机和互联网时代,加密比以往任何时候都更加重要。 如此之多,几乎避免加密是不可能的。 从手机到智能冰箱,甚至当您在阅读本文时,您都在使用加密连接。 加密甚至使我们能够使用数字货币付款。 那么它是怎样工作的?

It is possible to encrypt data in two ways:

可以通过两种方式加密数据:

  1. Encrypting and decrypting using the same secret key. (Symmetric)

    使用相同的密钥进行加密和解密。 (对称)
  2. Encrypting with a key and decrypting with a different key. (Asymmetric)

    使用密钥加密和使用其他密钥解密。 (不对称)

Before we move onto encryption, I would like to write about hashing. While the purpose of encrypting and decrypting the data is rather obvious, there are other subtle ways that we can use cryptography for. Knowing the legitimacy of the data is one of them. It is possible to use encryption algorithms to verify data. This process is called hashing and it doesn’t store the data itself but the summary of it. Hashes are also fixed in size, allowing people to transfer them easily. Their size depends on the algorithm. For example, a SHA1 hash is 40 characters long.

在进行加密之前,我想写一下散列。 尽管加密和解密数据的目的非常明显,但是我们可以使用加密的其他微妙方式。 知道数据的合法性就是其中之一。 可以使用加密算法来验证数据。 此过程称为哈希,它不存储数据本身,而是存储数据摘要。 哈希也固定大小,使人们可以轻松转移它们。 它们的大小取决于算法。 例如,SHA1哈希长度为40个字符。

Collisions are possible in some algorithms like md5. Collisions are highly problematic since they can lead to forgery. You should avoid using hashing algorithms with collisions.

在某些算法(例如md5)中可能会发生冲突 。 碰撞非常严重,因为它们可能导致伪造。 您应该避免将散列算法与冲突一起使用。

Keep in mind, hashing is not encrypting. It is not possible to reverse a hash using an algorithm or a key. However, it is possible to try different combinations with the same algorithm until you get the same hash. This requires an insane amount of computation power for complex data and it’s usually referred to as “Brute Forcing”.

请记住,哈希未加密。 无法使用算法或密钥来反向散列。 但是,可以使用相同的算法尝试不同的组合,直到获得相同的哈希值为止。 这需要复杂数据的疯狂计算能力,通常被称为“ 蛮力 ”。

To combat with computation cost of brute-forcing, people started to pre-compute hashes for common passwords and numbers. These pre-computed tables are called “Rainbow Tables”. Rainbow tables use storage instead of computation power as it is easier and cheaper to allocate disk space instead of increasing your processing power. You can even use a search engine to reverse some indexed hashes, try searching for “5f4dcc3b5aa765d61d8327deb882cf99”, it is an md5 hash of the word “password”.

为了消除暴力破解的计算成本,人们开始预先计算常见密码和数字的哈希值。 这些预先计算的表称为“ 彩虹表 ”。 Rainbow表使用存储空间而不是计算能力,因为分配磁盘空间更容易且更便宜,而不是增加处理能力。 您甚至可以使用搜索引擎来反转一些索引的哈希,尝试搜索“ 5f4dcc3b5aa765d61d8327deb882cf99”,它是单词“ password”的md5哈希。

Nowadays it is a common practice to add some random data while hashing. This process is called salting. Using this process prevents people from using tables and forces them to use computational power. It usually is not fancy, for example, if you wanted to salt “password”, you could just hash “GDzv7tF9fjcmWnpassword” instead. You should save the salt for each hash, so you could salt the user input and hash it again to compare. If you are going to hash passwords do not forget to take people’s passwords with a grain of salt.

如今,一种常见的做法是在散列时添加一些随机数据。 此过程称为加盐。 使用此过程会阻止人们使用表格,并迫使他们使用计算能力。 例如,如果您想给“密码”加盐,则可以仅对“ GDzv7tF9fjcmWnpassword”进行哈希处理。 您应该为每个哈希值保存盐分,以便可以对用户输入盐分并再次对其进行哈希处理以进行比较。 如果要散列密码,请不要忘记使用别人的密码。

You can watch this video from 3Blue1Brown to understand how hard it is to reverse a “sha256” hash. 您可以从3Blue1Brown观看此视频,以了解反向“ sha256”哈希的难度。

Now that I got hashing out of the way, I can write move onto symmetric and asymmetric encryption. These algorithms are designed to store data. The recipients in a conversation must be able to decrypt the messages they receive, otherwise, it’s garbled data. Decrypting data requires a key, anyone with the key can decrypt the data.

现在,我已经摆脱了散列的麻烦,现在可以将代码写入对称和非对称加密了。 这些算法旨在存储数据。 对话中的收件人必须能够解密收到的消息,否则,它是乱码的数据。 解密数据需要密钥,拥有密钥的任何人都可以解密数据。

- Symmetric Encryption

-对称加密

Symmetric encryption is encryption with a single key. You can encrypt and decrypt the data with the same key. This is good for one-on-one conversations. Popular messaging apps such as WhatsApp, rely on this method.

对称加密是使用单个密钥进行的加密。 您可以使用相同的密钥加密和解密数据。 这对于一对一的对话很有用。 诸如WhatsApp之类的流行消息传递应用程序都依赖于此方法 。

For group chats, data for each member is encrypted, treating each member as a one-on-one chat with the sender. This is important because more people using the same key means a higher chance of a leak.

对于群聊,将加密每个成员的数据,并将每个成员视为与发送者的一对一聊天。 这很重要,因为更多的人使用相同的密钥意味着泄漏的可能性更高。

- Asymmetric Encryption

-非对称加密

A chain is only as strong as its weakest link. Asymmetric encryption allows people to send data without having the decryption key. Everything encrypted with the public key can be decrypted with the private key.

一条链只有最薄弱的一环才牢固。 非对称加密使人们无需解密密钥即可发送数据。 用公钥加密的所有内容都可以用私钥解密。

The most common asymmetric encryption algorithm is RSA. GPG (GNU Privacy Guard) is also used by many to secure personal communications.

最常见的非对称加密算法是RSA 。 许多人还使用GPG(GNU隐私卫士)来保护个人通信。

Both public and private keys of RSA can be used for encrypting and decrypting. You can encrypt data with one of the keys and decrypt it with the other. The same key cannot be used to decrypt the data, which allows people to share their public key without security risks. People can add their GPG keys on their profile, and receive encrypted messages from other people.

RSA的公钥和私钥均可用于加密和解密。 您可以使用其中一个密钥加密数据,而使用另一个密钥解密数据。 不能使用同一密钥来解密数据,这使人们可以共享其公共密钥而没有安全风险。 人们可以在个人资料上添加他们的GPG密钥,并从其他人接收加密的消息。

Asymmetric encryption is also used for SSH Authentication.

非对称加密也用于SSH身份验证

Here’s how it works:

运作方式如下:

  1. If you want to use key-based authentication, you should have a list of authorized keys. The default location for this file is in `~/.ssh/authorized_keys`. In this file, there are public keys that are allowed to connect to the server. Public keys in this file are separated with line breaks.

    如果要使用基于密钥的身份验证,则应具有授权密钥的列表。 该文件的默认位置在“〜/ .ssh / authorized_keys”中。 在此文件中,存在允许连接到服务器的公共密钥。 此文件中的公钥用换行符分隔。
  2. When someone tries to connect to the server, they send their public key.

    当有人尝试连接到服务器时,他们发送其公钥。
  3. If the public key is in the authorized_keys file, the server encrypts a random data with the public key and sends it to the user.

    如果公用密钥在authorized_keys文件中,则服务器使用公用密钥对随机数据进行加密并将其发送给用户。
  4. The user decrypts the data with their private key and hashes the decrypted data, then sends the hash back.

    用户使用其私钥解密数据并哈希解密的数据,然后将哈希发送回去。
  5. The server compares the hash with the original data hash. If it is a match, the authentication process is successful.

    服务器将哈希与原始数据哈希进行比较。 如果匹配,则认证过程成功。

Every encryption algorithm requires a key exchange as long as there is a recipient. Handing the keys over in person would be secure, but it is not always viable. For example, NIST only delivers keys by US mail or FAX. As I mentioned earlier, even to read this post you must be able to decrypt the data, which means you must perform an exchange.

只要有接收者,每种加密算法都需要密钥交换。 亲自交出钥匙是安全的,但并不总是可行的。 例如, NIST仅通过美国邮件或FAX交付密钥 。 如前所述,即使要阅读这篇文章,您也必须能够解密数据,这意味着您必须执行交换。

Illustration of the idea of the Diffie-Hellman key exchange. Diffie-Hellman密钥交换的想法的插图。

Without encryption, your data is not secure. Exchanging keys requires an unencrypted channel, yet other people listening should not be able to acquire the secret key. Diffie–Hellman key exchange comes into play here. Using Diffie-Hellman it is possible to share secret keys using an insecure channel.

没有加密,您的数据将不安全。 交换密钥需要未加密的通道,但是其他正在收听的人也将无法获取该密钥。 Diffie-Hellman密钥交换 在这里发挥作用。 使用Diffie-Hellman,可以使用不安全的通道共享秘密密钥。

Here’s how it works:

运作方式如下:

  1. Two participants (Alice and Bob) agree to use a public key (Key B). Any eavesdropper can see this key.

    两个参与者(爱丽丝和鲍勃)同意使用公共密钥(密钥B)。 任何窃听者都可以看到此密钥。
  2. They both create their own private key. Alice creates Key A and Bob creates key B.

    它们都创建自己的私钥。 爱丽丝创建密钥A,鲍勃创建密钥B。
  3. They combine their private key with the public key (Key P) and then sends it over. Alice sends AP, while Bob sends BP.

    他们将其私钥与公钥(密钥P)结合在一起,然后将其发送出去。 爱丽丝发送AP,鲍勃发送BP。
  4. Each participant combines the key they have received with their own private key. This results in each participant having the same key, a combination of A, P, and B. The eavesdroppers can only see AP, BP, and P, so they cannot create APB.

    每个参与者将自己收到的密钥与自己的私钥结合在一起。 这导致每个参与者具有相同的密钥,即A,P和B的组合。窃听者只能看到AP,BP和P,因此他们无法创建APB。

Diffie-Hellman Wikipedia page has a mathematical explanation.

Diffie-Hellman Wikipedia页面具有数学解释。

Computerphile has a great video on Diffie-Hellman with visualization. Computerphile在Diffie-Hellman上有一个具有可视化效果的精彩视频。

翻译自: https://blog.mono.net.tr/basics-of-encryption-and-hashing-b9d925672c46

哈希加密

你可能感兴趣的:(java,哈希表,python,https,md5)