Home Technique Password system

Password system



Overview

Abasicfunctionofcryptographictechnologyistorealizesecurecommunication,theclassicsecurecommunicationmodel

Note:OnlyonesecretisusedThecommunicationmodeltocompletelydescribethecryptographicsystemmaynotbecomprehensiveandaccurate,becausethecryptographicsystemdoesnotonlyprovideinformationconfidentialityservices.

Confidentialcommunicationisabasicfunctionofcryptography.

Plaintext

Generally,youcansimplythinkthatplaintextisameaningfulcharacterorbitset,oramessagethatcanbeobtainedthroughacertainpublicencodingstandard.Plaintextisoftenrepresentedbymorp.

Ciphertext(Ciphertext)

Theoutputafterapplyingsomekindofcamouflageortransformationtotheplaintextcanalsoberegardedasacharacterorbitsetthatcannotbedirectlyunderstood.Ciphertextisusuallyrepresentedbyc.

Encryption

Theinformationtransformationprocessofconvertingtheoriginalinformation(plaintext)intociphertext.

Decrypt

Theprocessofrestoringtheencryptedinformation(ciphertext)totheplaintextoftheoriginalinformation,alsoknownasdecryption.

CryptographyAlgorithm,alsoreferredtoasCipher,usuallyreferstotheinformationtransformationrulesusedintheencryptionanddecryptionprocess,andisamathematicalfunctionusedforinformationencryptionanddecryption.

Therulesusedtoencrypttheplaintextarecalledencryptionalgorithms,andtherulesusedtodecryptciphertextsarecalleddecryptionalgorithms.Theoperationsoftheencryptionalgorithmandthedecryptionalgorithmareusuallycarriedoutunderthecontrolofasetofkeys.

SecretKey

Avariableparameterinacryptographicalgorithm,usuallyasetofrandomsequencesthatmeetcertainconditions.

Theoneusedfortheencryptionalgorithmiscalledtheencryptionkey,andtheoneusedforthedecryptionalgorithmiscalledthedecryptionkey.Theencryptionkeyandthedecryptionkeymaybethesameordifferent.

Keysareoftenexpressedask.Undertheactionofthekeyk,theencryptiontransformationisusuallydenotedasEk(·),andthedecryptiontransformationisdenotedasDk(·)orEk-1(·).

Passwordsystem

Systemcomposition

Itcanhavethefollowingparts:

–MessagespaceM(alsoknownasplaintextspace):Thesetofallpossibleplaintextm;

–ciphertextspaceC:thesetofallpossibleciphertextc;

–keyspaceK:thesetofallpossiblekeysk,whereEachkeykiscomposedofanencryptionkeykeandadecryptionkeykd,thatis,k=(ke,kd);

–EncryptionalgorithmE:aclusterofencryptionkeyscontrolledfromMtoEncryptiontransformationofC;

–DecryptionalgorithmD:AclusterofdecryptiontransformationsfromCtoMcontrolledbythedecryptionkey.

Five-tuple{M,C,K,E,D}

ForeachplaintextmintheplaintextspaceM,theencryptionalgorithmEisunderthecontroloftheencryptionkeykeEncrypttheplaintextmintociphertextc;andthedecryptionalgorithmDdecryptstheciphertextcintothesameplaintextmunderthecontrolofthekeykd,namely:

Form∈M,(ke,kd)∈K,thereare:Dkd(Eke(m))=m

Fromamathematicalpointofview,acryptographicsystemisafamilyofmappings,whichunderthecontrolofthekeyMaptoanelementintheciphertextspace.Thisfamilyofmappingsisdeterminedbythecryptographicscheme,andwhichmappingisusedisdeterminedbythekey.

Intheabovecommunicationmodel,thereisalsoaciphertextcthatcanbeinterceptedbyapasswordattackerordecipherfromacommonchannel.ThegoalofitsworkistotrytoTheplaintextmorkeykisrecoveredfromtheciphertextc.

Ifthecryptanalystcanderivetheplaintextorkeyfromonlytheciphertext,orcanderivethekeyfrombothplaintextandciphertext,thenthecryptographicsystemissaidtobedecipherable.Onthecontrary,thecryptographicsystemissaidtobeunbreakable.

Decodingmethod

Themainmethodsforcryptanalyststodecipherorattackpasswordsareexhaustiveattackmethod,statisticalanalysismethodandMathematicalanalysisattackmethod.

Bruteforceattackmethod

Bruteforceattackmethodisalsocalledbruteforceattack.Thisattackmethodistotrytotraverseallpossiblekeysontheinterceptedciphertext,untilanunderstandableconversionfromciphertexttoplaintextisobtained;ortoencryptallpossibleplaintextwithaconstantkeyuntilitisobtainedItisconsistentwiththeinterceptedciphertext.

Statisticalanalysismethod

Statisticalanalysisattackreferstoamethodusedbyacryptanalysttodecipherthepasswordaccordingtothestatisticallawofplaintext,ciphertextandkey.

Password system

Mathematicalanalysismethod

Mathematicalanalysisattackreferstoacryptanalystattackingthemathematicalfoundationofencryptionanddecryptionalgorithmsandcertaincryptographiccharacteristics,usingmathematicalsolutionstodecipherthepassword.Mathematicalanalysisattacksarethemainthreattovariouscryptographicalgorithmsbasedonmathematicalpuzzles.

Attacktype

Assumingthatthecryptanalystknowsalltheencryptionalgorithmsused,accordingtothecryptanalyst’smasteryofplaintext,ciphertextandotherdataresources,theThetypesofcryptanalysisattacksagainstencryptionsystemsaredividedintothefollowingfourtypes:

①Ciphertext-onlyattack

(Ciphtext-onlyattack)

Inaciphertextonlyattack,thecryptanalystdoesnotknowthecryptographicalgorithm,butcanonlyanalyzetheinterceptedciphertexttogettheplaintextorkey.Sincethedataresourceavailabletothecryptanalystisonlyciphertext,thisisthemostunfavorablesituationforthecryptanalyst.

②Theknownplaintextattack

(Plaintext-knownattack)

Theknownplaintextattackmeansthatinadditiontointerceptedciphertext,thecryptanalystalsoTherearesomeknown"plaintext-ciphertextpairs"todecipherthepassword.Thegoalofthecryptanalystistoderivetheencryptionkeyoranalgorithmthatcandecryptanynewmessageencryptedwiththekey.

③Chosen-plaintextattack

(Chosen-plaintextattack)

Chosen-plaintextattackmeansthatthecryptanalystcannotonlygetsome"plaintext-ciphertextpairs",Youcanalsoselecttheencryptedplaintextandgetthecorrespondingciphertext.Atthistime,thecryptanalystcanselectaspecificplaintextdatablocktoencrypt,andcomparetheplaintextwiththecorrespondingciphertext,andhasanalyzedandfoundmorekey-relatedinformation.

Themissiongoalofthecryptanalystisalsotointroduceakeyforencryptionoranalgorithmthatcandecryptanynewmessageencryptedwiththekey.

④Chooseciphertextattack

(Chosen—ciphenextattack)

Chosen-ciphenextattackmeansthatthecryptanalystcanchoosesomeciphertextandgetthecorrespondingTheplaintext.Thegoalofthecryptanalystistoderivethekey.Thiskindofcryptanalysisismostlyusedtoattackpublickeycryptosystems.

Attackevaluation

Tomeasurethecomplexityofacryptographicsystemattack,threefactorsaremainlyconsidered:

Datacomplexity

(DataComplexity)

Theamountofdatarequiredtoenterapasswordattack;

ProcessingComplexity

(ProcessingComplexity)

CompletetheattackThetimeittakes;

StorageRequirement

(StorageRequirement)

Theamountofdatastoragespacerequiredfortheattack.

Thecomplexityoftheattackdependsontheminimumcomplexityoftheabovethreefactors.Intheactualimplementationoftheattack,thecompromiseofthesethreecomplexityisoftenconsidered.Forexample,thegreaterthestoragerequirement,thefastertheattackmaybe.

Security

SecurityFactors

Thesecurityofacryptographicsystemismainlyrelatedtotwofactors.

(1)Oneisthesecuritystrengthofthecryptographicalgorithmused.Thesecuritystrengthofacryptographicalgorithmdependsonthelevelofcryptographicdesign,decipheringtechnology,etc.Itcanbesaidthatthesecuritystrengthofthecryptographicalgorithmusedbyacryptographicsystemisthetechnicalguaranteeforthesecurityofthesystem.

(2)Anotheraspectisinsecurefactorsoutsidethecryptographicalgorithm.

Therefore,theconfidentialitystrengthofthecryptographicalgorithmisnotequivalenttotheoverallsecurityofthecryptographicsystem.-Acryptographicsystemmustimprovethetechnicalandmanagementrequirementsatthesametimetoensurethesecurityoftheentirecryptographicsystem.Thistextbookonlydiscussesthetechnicalfactorsthataffectthesecurityofacryptographicsystem,thatis,thecryptographicalgorithmitself.

Evaluationmethod

Therearethreemainmethodsforevaluatingthesecurityofacryptographicsystem:

(1)Unconditionalsecurity

ThisevaluationmethodTheconsiderationistoassumethattheattackerhasunlimitedcomputingresources,butstillcannotdecipherthecryptographicsystem.

(2)Computingsecurity

Thismethodreferstotheuseofthebestmethodtobreakit.Thecalculationrequiredfarexceedstheattacker'scomputingresourcelevel,youcandefinethisThecryptosystemissafe.

(3)Demonstrablesecurity

Thismethodistoreducethesecurityofthecryptographicsystemtosomein-depthresearchedmathematicalproblem(suchaslargeintegerprimefactorization,calculationDiscretelogarithm,etc.),mathematicalproblemsprovedtobedifficulttosolve.Theproblemwiththisevaluationmethodisthatitonlyshowsthatthesecurityofthiscryptographicmethodisrelatedtoadifficultproblem,anddoesnotfullyprovethesecurityoftheproblemitself,andgivesaproofoftheirequivalence.

Forcryptographicsystemsinpracticalapplications,becausethereisatleastonedecipheringmethod,thatis,bruteforceattack,itcannotsatisfyunconditionalsecurityandonlyprovidescomputationalsecurity.Toachieveactualsecurityinacryptographicsystem,thefollowingcriteriamustbemet:

(1)Theactualamountofcalculation(includingcalculationtimeorcost)todecipherthecryptographicsystemissohugethatYuZaiisactuallyimpossibletoachieve.

(2)Thecalculationtimerequiredtodecipherthecryptographicsystemexceedstheusefullifecycleoftheencryptedinformation.Forexample,thecombatorderforacombatattackinawaronlyneedstobekeptsecretbeforethebattlebegins;thetimeforimportantnewsinformationtobekeptsecretbeforeitispubliclyreportedisoftenonlyafewhours.

(3)Thecostofdecipheringthecryptographicsystemexceedsthevalueoftheencryptedinformationitself.

Ifapasswordsystemcanmeetoneoftheabovecriteria,itcanbeconsideredtomeetactualsecurity.

Furtherreading

Kerckhoffsprinciple

EvenifthealgorithminthecryptosystemisdeterminedbythecryptanalystKnowing,itisalsodifficulttoderivetheplaintextorkeyfromtheinterceptedciphertext.

Inotherwords,thesecurityofthecryptosystemshouldonlydependonthesecrecyofthekey,notonthesecrecyofthealgorithm.

Onlyiftheattackerhassufficientresearchonthecryptographicalgorithmandhassufficientcomputingresources,asecurepasswordisasecurecryptographicsystem.

Onesentence:"Allsecretsareinthekey"

Forcommercialcryptographicsystems,theadvantagesofpubliccryptographicalgorithmsinclude:

①Conducivetopublictestingandevaluationofthesecurityofcryptographicalgorithms;

②Preventingcryptographicalgorithmdesignersfromhidingbackdoorsinthealgorithm;

③EasytoimplementcryptographicalgorithmsStandardization;

④Itisconducivetothelarge-scaleproductionofcryptographicalgorithmproductstoachievelowcostandhighperformance.

Butitmustbepointedoutthattheopenprincipleofpassworddesigndoesnotmeanthatallpasswordsmustdisclosethecryptographicalgorithmwhentheyareapplied.Forexample,themilitaryandpoliticalcoreciphersofallcountriesintheworlddonotdisclosetheirencryptionalgorithms.

Tosumup,acryptographicsystemthatprovidesconfidentialityservicesisactuallyusableandmustBasicrequirementstobemet:

①Theconfidentialityofthesystemdoesnotdependontheconfidentialityoftheencryptionsystemoralgorithm,butonlyonthesecurityofthekey."Allsecretsresideinthekey"isanimportantprincipleinthedesignofcryptographicsystems.

②Tomeettheactualsecurity,itiscomputationallyinfeasibletodeterminethekeyorthecorrespondingplaintextwithintheeffectivetimeandcostrangeafterthedecipherobtainstheciphertext.

③Theencryptionanddecryptionalgorithmsshouldbeapplicabletoallelementsintheplaintextspaceandthekeyspace.

④Theencryptionanddecryptionalgorithmscanbecalculatedefficiently,andthecryptographicsystemiseasytoimplementanduse.

This article is from the network, does not represent the position of this station. Please indicate the origin of reprint
TOP