Security Testing 简明教程

Security Testing - Cryptography

What is Cryptography?

加密学是一门加密和解密数据的学科,它使用户能够存储敏感信息或通过不安全的网络传输它们,以便只有预期的接收者才能读取这些信息。

Cryptography is the science to encrypt and decrypt data that enables the users to store sensitive information or transmit it across insecure networks so that it can be read only by the intended recipient.

无需任何特殊措施即可读取和理解的数据称为 plaintext ,而为了隐藏其内容而伪装明文的方法称为 encryption

Data which can be read and understood without any special measures is called plaintext, while the method of disguising plaintext in order to hide its substance is called encryption.

加密的明文称为密文,将加密数据还原回明文的过程称为 decryption

Encrypted plaintext is known as cipher text and process of reverting the encrypted data back to plain text is known as decryption.

  1. The science of analyzing and breaking secure communication is known as cryptanalysis. The people who perform the same also known as attackers.

  2. Cryptography can be either strong or weak and the strength is measured by the time and resources it would require to recover the actual plaintext.

  3. Hence an appropriate decoding tool is required to decipher the strong encrypted messages.

  4. There are some cryptographic techniques available with which even a billion computers doing a billion checks a second, it is not possible to decipher the text.

  5. As the computing power is increasing day by day, one has to make the encryption algorithms very strong in order to protect data and critical information from the attackers.

How Encryption Works?

加密算法与密钥(可以是单词、数字或短语)结合使用,对明文进行加密,并且相同的明文使用不同的密钥加密为不同的密文。

A cryptographic algorithm works in combination with a key (can be a word, number, or phrase) to encrypt the plaintext and the same plaintext encrypts to different cipher text with different keys.

因此,加密数据完全依赖几个参数,例如加密算法的强度和密钥的秘密性。

Hence, the encrypted data is completely dependent couple of parameters such as the strength of the cryptographic algorithm and the secrecy of the key.

Cryptography Techniques

Symmetric Encryption - 常规加密,也称为传统加密,是仅使用一个密钥进行加密和解密的技术。例如,DES、Triple DES 算法、IBM 的 MARS、RC2、RC4、RC5、RC6。

Symmetric Encryption − Conventional cryptography, also known as conventional encryption, is the technique in which only one key is used for both encryption and decryption. For example, DES, Triple DES algorithms, MARS by IBM, RC2, RC4, RC5, RC6.

Asymmetric Encryption - 公钥加密使用一对密钥进行加密:公钥用于加密数据,私钥用于解密。公钥向人们公开,同时对私钥保密。例如,RSA、数字签名算法 (DSA)、Elgamal。

Asymmetric Encryption − It is Public key cryptography that uses a pair of keys for encryption: a public key to encrypt data and a private key for decryption. Public key is published to the people while keeping the private key secret. For example, RSA, Digital Signature Algorithm (DSA), Elgamal.

Hashing - 哈希是一种单向加密,它会创建一个无法恢复或至少无法轻松恢复的加密输出。例如,MD5 算法。它用于创建数字证书、数字签名、存储密码、验证通信等。

Hashing − Hashing is ONE-WAY encryption, which creates a scrambled output that cannot be reversed or at least cannot be reversed easily. For example, MD5 algorithm. It is used to create Digital Certificates, Digital signatures, Storage of passwords, Verification of communications, etc.