preface

When we were doing Java project development, in the separation mode of front and back end interfaces, interface information needed to be encrypted, signature authentication, and user login information and password also needed to be encrypted. Information encryption is now almost all projects need to use technology, identity authentication, single sign-on, information communication, payment and other scenarios often need to use encryption algorithm, the so-called encryption algorithm, is the original plaintext through a series of algorithm operations into ciphertext.

  1. BASEStrictly speaking, belongs to the encoding format, not the encryption algorithm

Message Digest Algorithm (MD) Secure Hash Algorithm (SHA) Hash Message Authentication Code (HMAC)

  1. The encryption algorithms include SHA1, SHA-224, SHA-256, SHA-384, and SHA-512. Sha-224, SHA-256, SHA-384, and SHA-512 are collectively referred to as SHA2 encryption algorithms

  2. The SHA encryption algorithm is more secure than MD5, and the SHA2 encryption algorithm is more secure than SHA1. The number after SHA indicates the length of the encrypted string, and SHA1 produces a 160-bit summary by default.

MD5

MD5 message-digest Algorithm (MD5 message-digest Algorithm) is a widely used password hash function that produces a 128-bit (16-byte) hash value to ensure that information is transmitted consistently.

The MD5 algorithm has the following features:

  1. Compressibility: The calculated MD5 values have the same length regardless of the data length

  2. Computability: It is easy to calculate the MD5 value from the original data

  3. Modifiability: Even if a byte is modified, the calculated MD5 value will be significantly different

  4. Collision resistance: Knowing the data and MD5 value, it is very unlikely to find the original data with the same MD5 value

To be precise, MD5 is not an encryption algorithm, but a digest algorithm. MD5 can output a string of 128bits in plaintext, which cannot be converted to plaintext. Some MD5 decryption websites on the Internet only save the CORRESPONDING MD5 strings of some strings, and find out the original text through the MD5 strings that have been recorded.

In several projects I’ve worked on, I’ve often seen MD5 used for encryption. For example, for password encryption, after a password is generated, MD5 is used to generate a 128-bit string and save it in the database. After the user enters the password, MD5 string is generated first and then compared in the database. Therefore, we cannot retrieve the original password when retrieving it, because the plaintext password is not saved at all.

SHA series

  1. Secure Hash Algorithm (SHA) is a family of password Hash functions certified by FIPS. An algorithm that computes a fixed – length string (also called message digest) corresponding to a numeric message. And if the input messages are different, there is a high probability that they will correspond to different strings.
  2. At the end of CRYPTO conference on August 17, 2005, Wang Xiaoyun, Yao Qizhi and Yao Chufeng once again published a more efficient SHA-1 attack method, which can find collisions in 2 to 63 computational complexity.

This means that the sha-1 encryption algorithm has the possibility of collision, albeit small.

HMAC

  1. HMAC is short for hash-based Message Authentication Code. It is named after H. krawezyk, M.Bellare, and A method of message authentication based on Hash functions and keys proposed by r. canetti in 1996, published as RFC2104 in 1997, and used in IPSec and other network protocols (e.gSSL), has become the de facto Internet security standard. It can be bundled with any iteration hash function.
  2. The HMAC algorithm is more of aThe encryption algorithmIt introducesThe key, its security is not entirely dependent on the Hash algorithm used

To use encryption, you are advised to use SHA256, SHA384, SHA512, and HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.

Symmetric encryption algorithm

  1. Symmetric encryption algorithm is a relatively early algorithm, which uses the same key in data encryption and decryption, which causes the difficulty of key management. Common symmetric encryption algorithms include DES, 3DES, AES128, AES192, and AES256. (The JDK installed by default does not support AES256. You need to install the corresponding JCE patch to upgrade JCE1.7 and JCE1.8.) The number after AES represents the key length. Symmetric encryption algorithms have low security and are suitable for encryption and decryption on the Intranet.

  2. Symmetric encryption means that encryption with a key can be decrypted with a key. A state-owned enterprise I have contacted is using AES to realize integrated login internally. The third-party system provides an interface for receiving user information. The STATE-OWNED enterprise encrypts the user information through the AES and sends the user information to the third-party system through this interface. The third-party system performs login operations by itself. It is important to note that the key is very important. If the key is lost, information may be leaked.

Encryption of salt

  1. Encryption salt is also a common concept. Salt is a random string used for encryption after concatenation with our encryption string.

  2. Salt is added primarily to provide security for encrypted strings. If there is an encrypted string with salt added, the hacker can get the plaintext through the encrypted string by some means, instead of the string before encryption, but the string before encryption and the string combined with salt, which relatively increases the security of the string.

Online encrypted sites

  1. Webmaster tools
  2. Online encryption
  3. Java development encryption and decryption tool class see my article

conclusion

Several encryption algorithms are recommended:

  1. Irreversible encryption: SHA256, SHA384, AND SHA512 and HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512

  2. Symmetric encryption algorithms: AES and 3DES

  3. Asymmetric encryption algorithm: RSA

reference

  1. Common encryption algorithms
  2. Analysis of the five most commonly used Java encryption algorithms
  3. Juejin. Cn/post / 684490…