The strength of encryption mainly depends on what

The strength of encryption mainly depends on the encryption method and key complexity. The key is a parameter that is input during the use of a cryptographic algorithm. It is an important parameter that determines whether the ciphertext is secure. Usually, the longer the key, the more difficult it is to crack.

The operating environment of this tutorial: Windows 7 system, Dell G3 computer.

The strength of encryption mainly depends on the encryption method and key complexity.

Key

The key is a parameter that is entered during the use of the cipher algorithm. The same plaintext will produce different ciphertexts under the same cryptographic algorithm and different key calculations. Many well-known cryptographic algorithms are public, and the key is an important parameter that determines whether the ciphertext is secure. Usually, the longer the key, the more difficult it is to crack. For example, an 8-bit key can have up to 256 situations. Using poor It can be cracked very easily. The well-known DES algorithm uses a 56-bit key. It is no longer a safe encryption algorithm. The main reason is that the 56-bit key is too short and can be cracked within a few hours. . Keys are divided into symmetric keys and asymmetric keys.

Plaintext/Ciphertext

Plaintext is the original data before encryption, and ciphertext is the result obtained after cipher operation to become ciphertext

Symmetric key

Symmetric-key algorithm is also called shared key encryption. The key used in the encryption and decryption process of the symmetric key is the same. Common symmetric encryption Algorithms include DES, 3DES, AES, RC5, and RC6. The advantage of a symmetric key is that it is fast in calculation, but it also has disadvantages. The key needs to be shared at both ends of the communication, so that each other knows what the key is so that the other party can decrypt it correctly. If all clients share the same key, then this The key is like a master key. You can use one key to crack everyone's ciphertext. If each client and server maintain a separate key, then the server will need to manage thousands of keys. This can cause nightmares on the server side.

The following is a simple symmetric encryption to encrypt plaintext into ASCII.

# 加密的方式：在ASCII的基础上 + 密钥的值
def encipher(plain_text, key):  
   # 加密
cipher_text = []
for c in plain_text:
cipher_text.append(str(ord(c) + key))
return ' '.join(cipher_text)
def decipher(cipher_text, key):
   # 解密    
plain_text = []
for c in cipher_text.split(" "):
plain_text.append(chr(int(c)+key))
return "".join(plain_text)if __name__ == '__main__':
print "cipher_text:", encipher("abcdef", 0)
print "plain_text:", decipher("97 98 99 100 101 102", 0)

Asymmetric key

Asymmetric key (public-key cryptography), also known as public key encryption, the server will generate a pair of keys, and a private key is stored in On the server side, only it knows that the other is the public key, which can be freely released for anyone to use.

The client's plaintext is encrypted with the public key and the ciphertext needs to be decrypted with the private key. Asymmetric keys use different keys in the encryption and decryption processes. Encryption and decryption are asymmetric, so it is called asymmetric encryption.

Compared with symmetric key encryption, asymmetric encryption does not require sharing keys between the client and the server. As long as the private key is not sent to any user, even if the public key is intercepted online, it cannot be For decryption, only the stolen public key is of no use. Common asymmetric encryption is RSA. The process of asymmetric encryption and decryption:

• The server generates the paired public key and private key

• Private The key is saved on the server, and the public key is sent to the client

• The client uses the public key to encrypt the plain text and transmits it to the server

• The server uses The private key decrypts the ciphertext and obtains the plaintext

Digital signature

When data is transmitted between the browser and the server, the content may be stolen by a thief pretending to be a thief during the transmission process. Replaced, then how to ensure that the data is sent by the real server without being transferred, and how to ensure that the transmitted data has not been tampered with. To solve these two problems, digital signatures must be used. Digital signatures are just like in daily life. Just like the signature in the contract, once your name is put on the contract, it is legally determined to be your signature. No one can copy it because it is your exclusive handwriting. Man cannot be created.

So what happens to the digital signature in the computer? Digital signatures are used to verify whether the transmitted content is the data sent by the real server and whether the sent data has been tampered with. It does these two things and is an application scenario of asymmetric encryption. But he instead uses the private key to encrypt and decrypts it through the paired public key.

Step 1: The server processes the message through Hash to generate the digest information Digest. The digest information is encrypted using the private key private-key to generate a signature. The server sends the signature together with the message to the client.

Step 2: After the client receives the data, it extracts the signature and uses public-key to decrypt it. If Digest2 can be decrypted normally, it can be confirmed that it was sent by the other party.

Step 3: The client extracts the text of the message and performs the same hash processing. The obtained digest information Digest1 is compared with the previously decrypted Digist2. If the two are equal, it means that the content has not been tampered with. , otherwise the content has been changed. Because as long as there is any slight change in the text content, a completely different summary information will be hashed out.

Digital Certificate

Digital certificate is referred to as CA. It is a recognized certificate issued by an authoritative organization to a certain website. This certificate is recognized by everyone (browsers). Why is it necessary to use a digital certificate? Isn’t digital signature not secure enough? ?

There is a situation where the browser cannot determine whether all real servers are really real. Here is a simple example: Manufacturer A installs a lock on your home and gives you the key at the same time. , as long as the key can open the lock, you can be sure that the key and the lock are matched. If someone changes the key or changes the lock, and you cannot open the door, you will know that it must have been stolen, but if someone changes the lock Replace the key with another set that looks similar on the surface, but is of much poorer quality. Although the key and lock match, you are not sure whether it is really given to you by manufacturer A. At this time, you can contact the quality inspection Let the department check whether this set of locks really comes from manufacturer A. The quality inspection department is an authoritative organization, and what he says can be recognized by the public (haha).

Similarly, because if someone (Zhang San) replaces the public key sent by the real server to the browser with his own public key, then Zhang San uses his own private key to perform the same steps to text Hash, There is nothing wrong with the final result of the digital signature, but in fact what the browser sees is not from the real server, but has been changed by Zhang San from the inside out (public key to private key).

So how to ensure that the public key you are using now is the one sent to you by the real server? We use digital certificates to solve this problem. Digital certificates are generally issued by a digital certificate authority (Certificate Authority). The certificate contains the public key of the real server and some other information about the website. The digital certificate authority encrypts it with its own private key and sends it to the browser. The browser uses the digital certificate The public key of the organization is decrypted to obtain the public key of the real server. This process is based on the public key obtained from a certificate authority recognized by everyone, so it is a safe method.

For more computer-related knowledge, please visit the FAQ column!

The above is the detailed content of The strength of encryption mainly depends on what. For more information, please follow other related articles on the PHP Chinese website!