I am participating in the Mid-Autumn Festival Creative Submission contest, please see: Mid-Autumn Festival Creative Submission Contest for details

Chang ‘e flying to the moon is our familiar myths and legends, we will pass chang ‘e and Houyi’s myth story as the background theme, and we share the basic knowledge of information security technology. Suppose: Chang ‘e wants to tell Hou Yi that she will make an appointment with him to see a movie on September 20th. Let’s send the message to Hou Yi through the Internet. How can we ensure the safe transmission of the message?

The first questions we need to consider are:

  1. How to ensure the security of the message, only Houyi can decrypt, read the encrypted content?
  2. How to ensure that the message is complete and cannot be tampered with? What if the date or place is changed and Hou Yi cannot find Chang ‘e?
  3. How can you be sure that the message is from Chang ‘e, and not the jade Rabbit’s mischievous impersonation of Chang ‘e?

The network can be a medium for information, but if all information is transmitted in clear text, if our network is monitored, or hijacked. If our chat records, call information is leaked, our life will lose privacy; If our account password is stolen then our property security will not be guaranteed. So it is necessary to learn the basic knowledge of safety.

Symmetric encryption

Common symmetric encryption algorithms:

  1. DES: replace + shift, 56 – bit key, 64 – bit data block, high speed, easy key generation.

    3DES (Triple DES) : two 64-bit keys K1 and K2 encryption: K1 encryption > K2 decryption > K1 decryption: K1 decryption > K2 encryption > K1 decryptionCopy the code
  2. Rc-5: RSA Data Security uses RC-5 in many of its products

  3. IDEA algorithm: 128 bit key, 64 bit data block, better encryption than DES, low requirements for computer functions, PGP.

  4. AES algorithm: Advanced Encryption Standard, also known as Rijndael encryption, is a block encryption standard adopted by every government.

Defect:

  1. Encryption strength is not high, but very efficient
  2. Key distribution difficulty

Features: The encryption and decryption keys are the same

Asymmetric encryption

Common asymmetric encryption algorithms are:

  1. RSA: 2048 bits (or 1024 bits) key. It is computation-intensive and difficult to crack
  2. Elgamal: Security depends on the problem of discrete logarithms over finite fields on computers
  3. ECC: Elliptic curve calculation algorithm

Disadvantages: Slow encryption speed

  1. Public keys can be made public, but private keys cannot.
  2. Public key encryption private key decryption, private key encryption public key decryption.

The message digest

Information Summary:A one-wayHash functions, fixed length hash values.

The commonly used message digest algorithms include MD5 and SHA. MD5 and SHA are widely used in the market and have hash lengths of 128 and 160 bits respectively. SHA is more secure than MD5 because of its long encryption length.

For example, when we download “image file” from a website, it will also give the MD5 digest value. After downloading, we can compare the MD5 value of the file with the official MD5 value.Check that the files are complete and correctTo avoid safety installation errors.

A digital signature

Digital signature (also known as public key digital signature) is a digital string that can only be generated by the sender and cannot be forged by others. This digital string is also an effective proof of the authenticity of the message sent by the sender. It is a common physical signature similar to writing on paper, but implemented using techniques from the field of public key encryption, used to authenticate digital information. A set of digital signatures typically defines two complementary operations, one for signing and one for verification. Digital signature is the application of asymmetric key encryption technology and digital digest technology.

Let’s take chang ‘e’s message to Houyi, “Let’s go to the movies on September 20,” as an example to describe the process of digital signature. The overall process is shown in the figure below:Graphic interpretation:

  1. Chang ‘e needs to send the message “We are going to the movies on September 20” to Hou Yi via the Internet. The message first generates an encrypted message “V7btGj2ZhQsdada /….. T1Ram6AzforA== “, ciphertext is sent.
  2. Then in the generated from the original message digest “2 d43abe9ec71c90952101bc0d8241fba”;
  3. Finally, Chang ‘e encrypts the message digest through her private key to generate a digital signature. “EDadada3432f # CC1”. The digital signature is then sent.
  4. After receiving the ciphertext, Houyi decrypts it, obtains the original text, calculates the summary, and decrypts the summary using the digital signature. Finally, the two abstract messages are compared. If they are the same, it means that the message was sent by Chang ‘e (to prevent denial) and the message was not tampered with.
  5. This example we are very good message encryption, message digest, digital signature and other technologies together, and achieve message security transmission.

Comprehensive practice

The requirements for designing a secure email system are as follows: The email is transmitted in encrypted mode, the maximum attachment content of the email can be up to 2G, and the sender cannot deny it. If the email is intercepted by three parties, the three parties cannot tamper with it. Answer: Refer to the implementation of the previous case.