數(shù)據加密外文翻譯_第1頁
已閱讀1頁,還剩10頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領

文檔簡介

1、<p>  Data encryption</p><p>  First Synopsis</p><p>  In the open correspondence and in the computer system, builds the safe reliable electronic commerce platform is very important. Usual

2、ly needs through the encryption method to the customer related information, like the password, the contract and so on to protect, causes it not to steal or the distortion. When the customer hands in the service applicati

3、on, must to the customer status validity, the text integrity carry on the confirmation.</p><p>  HMAC (Keyed-Hashing for Message Authentication) is a public agreement. It is one kind based on key's text

4、complete proof technique, its security is the establishment in the Hash algorithm foundation. It requests the correspondence both sides shared system key, the agreement algorithm, to carry on the Hash operation to the te

5、xt, like MD5, SHA, RIPEMD and so on, form the fixed length the authentication code. Correspondence both sides determine the text through the authentication code's verificatio</p><p>  This kind of struct

6、ure's leading role is:</p><p>  1. Does not need the revision to be possible to use the suitable hashing function. Moreover the hashing function displays in the software aspect is very good. And the soun

7、d code is public and general. </p><p>  2. Maintain the hashing function original performance, but does not cause its degeneration. </p><p>  3. Cause reasonably based on about first floor hashi

8、ng function supposition message discrimination mechanism encryption strength analysis. </p><p>  4. When discovers either needs the operating speed is quicker or the safer hashing function, may very easy rea

9、lize the first floor hashing function replace.</p><p>  [Annotation]: When comp book documents, MD5 and SHA-1 are use the most widespread encryption to use the hashing function.</p><p>  Second

10、 HMAC algorithm principles</p><p>  2.1 HMAC algorithm definition:</p><p>  Expresses as follows with the formula:</p><p>  HMAC=H(key or opad ,H(key or ipad,text))</p><

11、p>  H(X, Y) expression carries on one kind of Hash operation to X + Y news.</p><p>  Representative Ipad is redundant B time single byte hexadecimal system system constant OX36;</p><p>  Repr

12、esentative Opad is redundant B time single byte hexadecimal system constant OX5C; key represents 64 bytes strings of character, is composed of the key, insufficient makes up 0; </p><p>  Text represents the

13、random length text;</p><p>  Key length ≥L byte. When is bigger than B, passes through the Hash computation to form L byte Peru key (B is first in the Hash algorithm an iterative computation block data byte

14、count; L is the Hash algorithm forms the text abstract the byte count, in MD5 is in 16, SHA-1 is 20).</p><p>  2.2 Algorithm step</p><p>  (1) Increases behind key K 0 founds a word length is

15、the B string of character. (e.g., if the K word length is 20 bytes, B=60 byte, then after K, will join 44 zero byte 0x00), if the K length will be bigger than time B, should undergo hashing function processing.</p>

16、<p>  if (key_len > 64) </p><p>  { MD5_CTX tctx;</p><p>  MD5Init(&tctx);</p><p>  MD5Update(&tctx, key, key_len);</p><p>  MD5Final(tk, &tctx);

17、</p><p><b>  key = tk;</b></p><p>  key_len = 16;}</p><p>  (2) On one step will produce the B word length's string of character and ipad make the "or else&quo

18、t;. k_ipad[i] ^= 0x36;</p><p>  (3) Fills data stream text to the second step result string of character.</p><p>  (4) Affects with H in the data stream which third step produces. </p>

19、<p>  transfer hashing function (MD5, SHA-1)</p><p>  (5) The B word length string of character which and opad first step produces does the "or else". k_opad[i] ^= 0x5c;</p><p> 

20、 (6) Enters again the fourth step result packing in the fifth step result.</p><p>  (7) Affects with H in the data stream which sixth step produces, the output final outcome.</p><p>  2.3 MD5

21、 algorithm</p><p>  The MD5 algorithm by circulates many times to the random length news the iterative hash operation, forms 16 Byte text abstract finally. This abstract has uniqueness to the text, may take

22、the authentication code. Under target computer's computation speed, this abstract is difficulty with explains</p><p>  (1) the text fills</p><p>  The MD5 algorithm request carries on the pa

23、cking to the random length text, the constitution N×64 Byte news grouping, N is an integer. And each grouping padding data is divided 2 steps. First, the packing causes the data position length exactly for (N×6

24、4-8) the Byte number, namely in text valid data replacement 1 0x1, other makes up 0x0 to satisfy the above request. Then, again on replacement 8 bytes (64) before text data length (packing, byte count). Thus, the data by

25、 the packing is 64Byte (512</p><p>  (2) initialization MD5 parameter </p><p>  The 4 4 byte shift quantity (A, B, C, D) use for to take the text abstract the starting value:</p><p>

26、;  A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x76543210</p><p>  (3) algorithm </p><p>  The MD5 algorithm is to the news grouping in turn iterative algorithm. 1st time operates the starting v

27、alue is ABCD, each iterative computation's result will replace later ABCD to take the next time starting value, altogether will undergo N time iterative computation, will obtain this news text abstract.</p>&l

28、t;p>  2.4 realize the step</p><p>  The first step: Increases fills</p><p>  Increases padding to cause the data length (bit is unit) the mold 512 is 448. If the data length happen to is the

29、 mold 512 is 448, increases 512 to fill bit, i.e. fills the integer is 1-512. First bit is 1, other are 0 completely.</p><p>  The second step: Makes up length</p><p>  The data length transform

30、ation is the 64bit value, if the length surpasses the data length scope which 64bit can express, the value retains finally 64bit, increases behind data which fills to front, causes the final data is the 512bit integral m

31、ultiple. Is also the 32bit 16 time of integral multiples. In RFC1321, 32bit is called word.</p><p>  The third step: Initialization variable </p><p>  With to 4 variables, respectively is A, B,

32、C, D, is 32bit is long. The initialization is: A: 01 23 45 67 B: 89 ab cd ef C: fe dc ba 98 D: 76 54 32 10</p><p>  The fourth step: Data processing </p><p>  First defines 4 auxiliary functions

33、: F(X, Y, Z) G(X, Y, Z) H(X, Y, Z) I(X, Y, Z) </p><p>  In which: X&Y expresses according to the position and, X | Y expressed that according to the position or, not(X) expressed takes according to the p

34、osition instead. xor expresses according to the position different or. in the function X, Y, Z are 32bit. defines the array which needs to use: The T(i), i value 1-64, T(i) was equal to that abs(sin(i)) 4294967296 time o

35、f integral part, i is a radian.</p><p>  After the supposition first three step processing data length is 32*16*Nbit</p><p>  The fifth step: Output: </p><p>  Obtains finally ABCD

36、is the output result, altogether 128bit. A is the low position, D is a top digit.</p><p>  Third Key</p><p>  Use in HMAC the key being possible to be the random length (key which will be longe

37、r than B first by the H processing). But when the key length is smaller than the L situation is disappointing, because like this will reduce the function the working strength. The length is bigger than L the key is accep

38、table, but the extra length cannot remarkable enhance the function the working strength. (if a stochastic key were considered that is unreliable, then chooses a long key is unwise). The key must se</p><p>  

39、Forth matters needing attention</p><p>  HMAC is may not revise the sound code according to the first floor hashing function to be possible to use this way to define. Especially it when uses the H function

40、must rely on the pre-definition initialization value IV (a definite value, by each iteration hashing function when initialization its compression function assigns). However, if you want, may revise the H function the sou

41、nd code to support invariable initialization value Ivs.</p><p>  This idea is this: The compression function the intermediate result which (K XOR opad) and (K XOR ipad) produces in the B word length block da

42、ta may when the key just produced in advance calculates well. Saves first these intermediate results, then when each time has the news needs to confirm produces the H function the initialization value IV. This method mus

43、t distinguish the news which has preserved the H compression function regarding two B word length block data (K XOR opad) and (K XOR ipad)</p><p>  The above choice realizes the result which the HMAC method

44、is local carries out, to internal operational has not affected</p><p>  Fifth safe</p><p>  Here will explain that the message discrimination mechanism the security is decided by the hashing fu

45、nction encryption characteristic which uses: 1. Anti-conflict attack capability (is restricted in initialization value is only stochastic, and secret, and function output to aggressor is not available situation) 2. Treat

46、s as uses when the single block data the H compression function the message discrimination attribute (in HMAC these block data is part unknown, when aggressor self-restraint inter</p><p>  In HMAC uses above

47、 the hashing function has or a stronger attribute generally. In fact, if a hashing function does not have above attribute that it not to be suitable regarding the majority encryption application procedure, including base

48、d on this function choice message discrimination plan. (see also [BCK1] to HMAC function principle detailed elaboration and complete analysis), so long as obtains about the candidate hashing function encryption intensity

49、 limited trust, then observes it to use in</p><p>  1. This kind of structure is the independence in the hashing function which concrete uses, and the latter is may encrypt the hashing function substitution

50、by any other securities</p><p>  2. The message discrimination was opposite in the encryption is one kind “the instant” the influence. Public can cause this plan to one kind of message discrimination plan

51、9;s destruction to replace, but it to has distinguished the information is actually helpless. This forms the sharp contrast with the encryption. If its encryption algorithm is explained. Today encrypts the data, can rece

52、ive in the future the threat which explains,</p><p>  To the HMAC known most powerful attack is based on the hashing function conflict frequency. (“birthday attack law” [PV, BCK2], but is not suitable comple

53、tely for the smallest rational hashing function.</p><p>  數(shù) 據 加 密</p><p><b>  一 簡介 </b></p><p>  在開放的通信和計算機系統(tǒng)中,建立安全可靠的電子商務平臺是十分重要的。通常需要通過加密的方法對客戶的有關信息,如密碼、合同等加以

54、保護,使之不被盜取或篡改。當客戶提出服務申請時,必須對客戶身份的合法性、報文的完整性進行確認。</p><p>  HMAC(Keyed-Hashing for Message Authentication)是一個公開的協(xié)議。它是一種基于密鑰的報文完整性的驗證方法,其安全性是建立在Hash算法基礎上的。它要求通信雙方共享密鑰、約定算法、對報文進行Hash運算,如MD5、SHA、RIPEMD等,形成固定長度的認證碼

55、。通信雙方通過認證碼的校驗來確定報文的合法性。這個協(xié)議可以用來作加密、數(shù)字簽名、報文驗證等。HMAC可以與任何迭代散列函數(shù)捆綁使用。MD5和SHA—1就是這種散列函數(shù)。</p><p>  這種結構的主要作用是:</p><p>  1. 不用修改就可以使用適合的散列函數(shù)。而且散列函數(shù)在軟件方面表現(xiàn)的很好。且源碼是公開和通用的。</p><p>  2. 可以保持散

56、列函數(shù)原有的性能而不致使其退化。</p><p>  3. 可以使得基于合理的關于底層散列函數(shù)假設的消息鑒別機制的加密強度分析。</p><p>  4. 當發(fā)現(xiàn)或需要運算速度更快或更安全的散列函數(shù)時,可以很容易的實現(xiàn)底層散列函數(shù)的替換。</p><p>  [注釋]:在寫本文檔時,MD5和SHA—1是使用最廣泛的加密用散列函數(shù)。</p><p&

57、gt;  二 HMAC的算法原理</p><p>  2.1 HMAC算法定義:</p><p><b>  用公式表示如下:</b></p><p>  HMAC=H(key or opad ,H(key or ipad,text))</p><p>  H(X,Y)表示對 X + Y的消息進行一種Hash運算。<

58、;/p><p>  Ipad代表重復B次的單字節(jié)十六進制常數(shù)OX36;</p><p>  Opad代表重復B次的單字節(jié)十六進制常數(shù)OX5C;</p><p>  key代表64字節(jié)的字符串,由密鑰組成,不足的補0;</p><p>  text代表任意長度文本;</p><p>  密鑰長度≥L字節(jié)。當大于B時,先經Ha

59、sh計算形成L字節(jié)的秘鑰 (B是Hash算法中一次迭代運算的數(shù)據塊字節(jié)數(shù);L是Hash算法形成報文摘要的字節(jié)數(shù),MD5中是16,SHA-1中是20)。</p><p><b>  2.2算法步驟</b></p><p>  (1)在密鑰K后面添加0來創(chuàng)建一個字長為B的字符串。(例如,如果K的字長是20字節(jié),B=60字節(jié),則K后會加入44個零字節(jié)0x00),如果K的長度

60、大于B時,則應經過散列函數(shù)處理。</p><p>  if (key_len > 64) </p><p>  { MD5_CTX tctx;</p><p>  MD5Init(&tctx);</p><p>  MD5Update(&tctx, key, key_len);</p><p>

61、  MD5Final(tk, &tctx);</p><p><b>  key = tk;</b></p><p>  key_len = 16;}</p><p>  (2)將上一步生成的B字長的字符串與ipad做異或運算。</p><p>  k_ipad[i] ^= 0x36;</p>&l

62、t;p>  (3)將數(shù)據流text填充至第二步的結果字符串中。</p><p>  (4)用H作用于第三步生成的數(shù)據流。</p><p>  調用散列函數(shù)(MD5,SHA-1)</p><p>  (5)將第一步生成的B字長字符串與opad做異或運算。</p><p>  k_opad[i] ^= 0x5c;</p>&l

63、t;p>  (6)再將第四步的結果填充進第五步的結果中。</p><p>  (7)用H作用于第六步生成的數(shù)據流,輸出最終結果。</p><p><b>  2.3 MD5算法</b></p><p>  MD5算法以對任意長度消息多次循環(huán)迭代的散列運算,最終形成16 Byte報文摘要。這摘要對文本具有唯一性,可作為認證碼。在目標計算機的

64、計算速度下,這個摘要是難于破解的。</p><p><b>  (1)報文填充</b></p><p>  MD5算法要求對任意長度報文進行填充,構成N×64 Byte消息分組,N為整數(shù)。其中每一分組填充數(shù)據分2步。首先,填充使得數(shù)據位長度恰好為(N×64-8)Byte的數(shù),即在報文有效數(shù)據后補1個0x1,其它補0x0至滿足上述要求。然后,再后補上

65、8字節(jié)(64位)的報文數(shù)據長度(填充前字節(jié)數(shù))。這樣,數(shù)據就被填充為64Byte(512bit)的整數(shù)倍。又劃分16個4字節(jié)子分組。</p><p> ?。?)初始化MD5參數(shù)</p><p>  4個4字節(jié)位變量(A、B、C、D)用來作為報文摘要的初始值:</p><p>  A=0x01234567 B=0x89abcdef C=0xfedcba98

66、 D=0x76543210</p><p><b>  ( 3 ) 算法</b></p><p>  MD5算法是對消息分組依次迭代算法。第1次運算的初始值為ABCD,以后每一次迭代運算的結果都替換ABCD作為下一次的初始值,共經過N次的迭代運算,就得到該消息的報文摘要. </p><p><b>  2.4實現(xiàn)步驟</b&g

67、t;</p><p><b>  第一步:增加填充 </b></p><p>  增加padding使得數(shù)據長度(bit為單位)模512為448。如果數(shù)據長度正好是模512為448,增加512個填充bit,也就是說填充的個數(shù)為1-512。第一個bit為1,其余全部為0。 </p><p><b>  第二步:補足長度 </b&g

68、t;</p><p>  將數(shù)據長度轉換為64bit的數(shù)值,如果長度超過64bit所能表示的數(shù)據長度的范圍,值保留最后64bit,增加到前面填充的數(shù)據后面,使得最后的數(shù)據為512bit的整數(shù)倍。也就是32bit的16倍的整數(shù)倍。在RFC1321中,32bit稱為一個word。 </p><p>  第三步:初始化變量 </p><p>  用到4個變量,分別為A、B

69、、C、D,均為32bit長。初始化為: </p><p>  A: 01 23 45 67 B: 89 ab cd ef </p><p>  C: fe dc ba 98 D: 76 54 32 10 </p><p><b>  第四步:數(shù)據處理 </b></p><p>  首先

70、定義4個輔助函數(shù): </p><p>  F(X,Y,Z) G(X,Y,Z) </p><p>  H(X,Y,Z) I(X,Y,Z) </p><p>  其中:X&Y表示按位與,X | Y表示按位或,not(X)表示按位取反。xor表示按位異或。 </p><p>  函數(shù)中的X、Y、Z均為32bit。 <

71、;/p><p>  定義一個需要用到的數(shù)組:T(i),i取值1-64,T(i)等于abs(sin(i))的4294967296倍的整數(shù)部分,i為弧度。 </p><p>  假設前三步處理后的數(shù)據長度為32*16*Nbit </p><p><b>  第五步:輸出 </b></p><p>  最后得到的ABCD為輸出結果

72、,共128bit。A為低位,D為高位。</p><p><b>  三 密鑰</b></p><p>  用于HMAC的密鑰可以是任意長度(比B長的密鑰將首先被H處理)。但當密鑰長度小于L時的情況時非常令人失望的,因為這樣將降低函數(shù)的安全強度。長度大于L的密鑰是可以接受的,但是額外的長度并不能顯著的提高函數(shù)的安全強度。(如果一個隨機的密鑰被認為是不可靠的,那么選擇一

73、個較長的密鑰是明智的)。 密鑰必須隨機選取(或使用強大的基于隨機種子的偽隨機生成方法),并且要周期性的更新。(目前的攻擊沒有指出一個有效的更換密鑰的頻率,因為那些攻擊實際上并不可行。然而,周期性更新密鑰是一個對付函數(shù)和密鑰所存在的潛在缺陷的基本的安全措施,并可以降低泄漏密鑰帶來的危害。)</p><p><b>  四 注意事項 </b></p><p>  HM

74、AC是按底層散列函數(shù)可以不修改源碼就可使用這種方式定義的。尤其是它在使用H函數(shù)時還要依賴于預定義的初始化值IV(一個定值,由每個迭代散列函數(shù)在初始化它的壓縮函數(shù)時指定).然而,如果你愿意的話,可以修改H函數(shù)的源碼來支持可變的初始化值Ivs.</p><p>  這個想法是這樣的:壓縮函數(shù)作用于B字長數(shù)據塊(K XOR opad)和(K XOR ipad)所產生的中間結果可以在密鑰剛剛生成時就預先計算好的。先將這些

75、中間結果存儲,然后在每次有消息需要驗證時來生成H函數(shù)的初始化值IV。這種方法為每個要鑒別的消息保存了H 的壓縮函數(shù)對于兩個B字長數(shù)據塊(K XOR opad)和(K XOR ipad)的應用。當鑒別短數(shù)據流,保存這樣的信息是重要的。我們要強調的是:對待這些中間結果要象對待密鑰一樣,并且要同樣的進行保密。</p><p>  上述的選擇實現(xiàn)HMAC的方法是本地執(zhí)行的結果,對內部操作性沒有影響。 </p>

76、;<p><b>  五 安全</b></p><p>  這里將說明消息鑒別機制的安全性取決于所采用的散列函數(shù)的加密特性:1??箾_突攻擊能力(只限于初始化值是隨機且秘密的,且函數(shù)的輸出對攻擊者來說是不可用的情況)2。當作用于單數(shù)據塊時H的壓縮函數(shù)的的消息鑒別屬性(在HMAC中這些數(shù)據塊是部分未知得,當攻擊者自制內部H函數(shù)計算結果,并且攻擊者是不能充分的選擇得)</p&g

77、t;<p>  HMAC中使用的散列函數(shù)一般都具有以上或更強的屬性。實際上,如果一個散列函數(shù)不具有以上的屬性那么它對于大多數(shù)的加密應用程序是不適用的,包括基于該函數(shù)的選擇消息鑒別方案。(對HMAC函數(shù)原理詳細闡述和完整的分析參見[BCK1])只要得到關于候選散列函數(shù)的加密強度有限的信任,那么觀察它用于消息鑒別的安全性及以下HMAC結構的兩種屬性是很重要的。</p><p>  1.這種結構是獨立于具

78、體所使用的散列函數(shù)并且后者是可以被任何其它安全加密散列函數(shù)替代</p><p>  2.消息鑒別相對于加密來說是一種“瞬時”影響。公開的對一種消息鑒別方案的破壞會導致該方案被替換,但是其對已鑒別過的信息卻無能為力,。這就與加密形成鮮明對比。如果其加密算法被破解的話。今天加密的的數(shù)據,在未來都會受到被破解的威脅, </p><p>  對HMAC已知最有力的攻擊是基于散列函數(shù)的沖突頻率。(“

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經權益所有人同意不得將文件中的內容挪作商業(yè)或盈利用途。
  • 5. 眾賞文庫僅提供信息存儲空間,僅對用戶上傳內容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
  • 6. 下載文件中如有侵權或不適當內容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論