《計算機科學(xué)與技術(shù) 畢業(yè)設(shè)計 外文英文文獻 翻譯 數(shù)據(jù)加密》由會員分享，可在線閱讀，更多相關(guān)《計算機科學(xué)與技術(shù) 畢業(yè)設(shè)計 外文英文文獻 翻譯 數(shù)據(jù)加密（11頁珍藏版）》請在裝配圖網(wǎng)上搜索。

1、Data encryption First Synopsis In the open correspondence and in the computer system, builds the safe reliable electronic commerce platform is very important. Usually needs through the encryption method to the customer related information, like the password, the contract and so on to protect, cau

2、ses it not to steal or the distortion. When the customer hands in the service application, must to the customer status validity, the text integrity carry on the confirmation. HMAC (Keyed-Hashing for Message Authentication) is a public agreement. It is one kind based on keys text complete proof tech

3、nique, its security is the establishment in the Hash algorithm foundation. It requests the correspondence both sides shared system key, the agreement algorithm, to carry on the Hash operation to the text, like MD5, SHA, RIPEMD and so on, form the fixed length the authentication code. Correspondence

4、both sides determine the text through the authentication codes verification the validity. This agreement may use for to make the encryption, the digital signature, the text confirmation and so on. HMAC may with any iteration hashing function bundle use. MD5 and SHA-1 are this kind of hashing functio

5、ns. This kind of structures leading role is: 1. Does not need the revision to be possible to use the suitable hashing function. Moreover the hashing function displays in the software aspect is very good. And the sound code is public and general. 2. Maintain the hashing function original performa

6、nce, but does not cause its degeneration. 3. Cause reasonably based on about first floor hashing function supposition message discrimination mechanism encryption strength analysis. 4. When discovers either needs the operating speed is quicker or the safer hashing function, may very easy realize

7、the first floor hashing function replace. [Annotation]: When comp book documents, MD5 and SHA-1 are use the most widespread encryption to use the hashing function. Second HMAC algorithm principles 2.1 HMAC algorithm definition: Expresses as follows with the formula: HMAC=H(key or opad ,H(key

8、or ipad,text)) H(X, Y) expression carries on one kind of Hash operation to X + Y news. Representative Ipad is redundant B time single byte hexadecimal system system constant OX36; Representative Opad is redundant B time single byte hexadecimal system constant OX5C; key represents 64 bytes strings

9、 of character, is composed of the key, insufficient makes up 0; Text represents the random length text; Key length ≥L byte. When is bigger than B, passes through the Hash computation to form L byte Peru key (B is first in the Hash algorithm an iterative computation block data byte count; L is the

10、 Hash algorithm forms the text abstract the byte count, in MD5 is in 16, SHA-1 is 20). 2.2 Algorithm step (1) Increases behind key K 0 founds a word length is the B string of character. (e.g., if the K word length is 20 bytes, B=60 byte, then after K, will join 44 zero byte 0x00), if the K lengt

11、h will be bigger than time B, should undergo hashing function processing. if (key_len > 64) { MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); MD5Final(tk, &tctx); key = tk; key_len = 16;} (2) On one step will produce the B word lengths string of character and ipad

12、make the "or else". k_ipad[i] ^= 0x36; (3) Fills data stream text to the second step result string of character. (4) Affects with H in the data stream which third step produces. transfer hashing function (MD5, SHA-1) (5) The B word length string of character which and opad first step produce

13、s does the "or else". k_opad[i] ^= 0x5c; (6) Enters again the fourth step result packing in the fifth step result. (7) Affects with H in the data stream which sixth step produces, the output final outcome. 2.3 MD5 algorithm The MD5 algorithm by circulates many times to the random length ne

14、ws the iterative hash operation, forms 16 Byte text abstract finally. This abstract has uniqueness to the text, may take the authentication code. Under target computers computation speed, this abstract is difficulty with explains (1) the text fills The MD5 algorithm request carries on the packing

15、to the random length text, the constitution N64 Byte news grouping, N is an integer. And each grouping padding data is divided 2 steps. First, the packing causes the data position length exactly for (N64-8) the Byte number, namely in text valid data replacement 1 0x1, other makes up 0x0 to satisfy t

16、he above request. Then, again on replacement 8 bytes (64) before text data length (packing, byte count). Thus, the data by the packing is 64Byte (512bit) integral multiple. Also divides 16 4 byte sub-groupings. (2) initialization MD5 parameter The 4 4 byte shift quantity (A, B, C, D) use for to t

17、ake the text abstract the starting value: A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x76543210 (3) algorithm The MD5 algorithm is to the news grouping in turn iterative algorithm. 1st time operates the starting value is ABCD, each iterative computations result will replace later ABCD to take

18、the next time starting value, altogether will undergo N time iterative computation, will obtain this news text abstract. 2.4 realize the step The first step: Increases fills Increases padding to cause the data length (bit is unit) the mold 512 is 448. If the data length happen to is the mold 512

19、 is 448, increases 512 to fill bit, i.e. fills the integer is 1-512. First bit is 1, other are 0 completely. The second step: Makes up length The data length transformation is the 64bit value, if the length surpasses the data length scope which 64bit can express, the value retains finally 64bit, i

20、ncreases behind data which fills to front, causes the final data is the 512bit integral multiple. Is also the 32bit 16 time of integral multiples. In RFC1321, 32bit is called word. The third step: Initialization variable With to 4 variables, respectively is A, B, C, D, is 32bit is long. The initi

21、alization is: A: 01 23 45 67 B: 89 ab cd ef C: fe dc ba 98 D: 76 54 32 10 The fourth step: Data processing First defines 4 auxiliary functions: F(X, Y, Z) G(X, Y, Z) H(X, Y, Z) I(X, Y, Z) In which: X&Y expresses according to the position and, X | Y expressed that according to the position or, n

22、ot(X) expressed takes according to the position instead. xor expresses according to the position different or. in the function X, Y, Z are 32bit. defines the array which needs to use: The T(i), i value 1-64, T(i) was equal to that abs(sin(i)) 4294967296 time of integral part, i is a radian. After t

23、he supposition first three step processing data length is 32*16*Nbit The fifth step: Output: Obtains finally ABCD is the output result, altogether 128bit. A is the low position, D is a top digit. Third Key Use in HMAC the key being possible to be the random length (key which will be longer tha

24、n B first by the H processing). But when the key length is smaller than the L situation is disappointing, because like this will reduce the function the working strength. The length is bigger than L the key is acceptable, but the extra length cannot remarkable enhance the function the working streng

25、th. (if a stochastic key were considered that is unreliable, then chooses a long key is unwise). The key must select (or use stochastically formidable based on stochastic seeds pseudo-random production method), and wants the periodic renewal. (the present attack has not pointed out an effective repl

26、acement keys frequency, because these attacks are not in fact feasible. However, the periodic renewal key is one latent defect basic security measure which copes with the function and the key exists, and may reduce divulges the harm which the key brings. ) Forth matters needing attention HMAC is

27、may not revise the sound code according to the first floor hashing function to be possible to use this way to define. Especially it when uses the H function must rely on the pre-definition initialization value IV (a definite value, by each iteration hashing function when initialization its compressi

28、on function assigns). However, if you want, may revise the H function the sound code to support invariable initialization value Ivs. This idea is this: The compression function the intermediate result which (K XOR opad) and (K XOR ipad) produces in the B word length block data may when the key just

29、 produced in advance calculates well. Saves first these intermediate results, then when each time has the news needs to confirm produces the H function the initialization value IV. This method must distinguish the news which has preserved the H compression function regarding two B word length block

30、data (K XOR opad) and (K XOR ipad) the application for each. When distinguishes the short data stream, preserves such information is important. What we must stress: Treats these intermediate results to treat the key to be the same likely, and wants same to carry on the security. The above choice re

31、alizes the result which the HMAC method is local carries out, to internal operational has not affected Fifth safe Here will explain that the message discrimination mechanism the security is decided by the hashing function encryption characteristic which uses: 1. Anti-conflict attack capability (i

32、s restricted in initialization value is only stochastic, and secret, and function output to aggressor is not available situation) 2. Treats as uses when the single block data the H compression function the message discrimination attribute (in HMAC these block data is part unknown, when aggressor sel

33、f-restraint interior H functional calculus result, and aggressor cannot full choice) In HMAC uses above the hashing function has or a stronger attribute generally. In fact, if a hashing function does not have above attribute that it not to be suitable regarding the majority encryption application p

34、rocedure, including based on this function choice message discrimination plan. (see also [BCK1] to HMAC function principle detailed elaboration and complete analysis), so long as obtains about the candidate hashing function encryption intensity limited trust, then observes it to use in the message d

35、iscrimination the security and the following HMAC structure two kind of attributes is very important. 1. This kind of structure is the independence in the hashing function which concrete uses, and the latter is may encrypt the hashing function substitution by any other securities 2. The message di

36、scrimination was opposite in the encryption is one kind “the instant” the influence. Public can cause this plan to one kind of message discrimination plans destruction to replace, but it to has distinguished the information is actually helpless. This forms the sharp contrast with the encryption. If

37、its encryption algorithm is explained. Today encrypts the data, can receive in the future the threat which explains, To the HMAC known most powerful attack is based on the hashing function conflict frequency. (“birthday attack law” [PV, BCK2], but is not suitable completely for the smallest rationa

38、l hashing function. 數(shù) 據(jù) 加 密 一 簡介 在開放的通信和計算機系統(tǒng)中，建立安全可靠的電子商務(wù)平臺是十分重要的。通常需要通過加密的方法對客戶的有關(guān)信息，如密碼、合同等加以保護，使之不被盜取或篡改。當(dāng)客戶提出服務(wù)申請時，必須對客戶身份的合法性、報文的完整性進行確認(rèn)。 HMAC（Keyed-Hashing for Message Authentication）是一個公開的協(xié)議。它是一種基于密鑰的報文完整性的驗證方法，其安全性是建立在Hash算法基礎(chǔ)上的。它要求通信雙方共享密鑰、約定算法、對報文

39、進行Hash運算，如MD5、SHA、RIPEMD等，形成固定長度的認(rèn)證碼。通信雙方通過認(rèn)證碼的校驗來確定報文的合法性。這個協(xié)議可以用來作加密、數(shù)字簽名、報文驗證等。HMAC可以與任何迭代散列函數(shù)捆綁使用。MD5和SHA—1就是這種散列函數(shù)。 這種結(jié)構(gòu)的主要作用是： 1. 不用修改就可以使用適合的散列函數(shù)。而且散列函數(shù)在軟件方面表現(xiàn)的很好。且源碼是公開和通用的。 2. 可以保持散列函數(shù)原有的性能而不致使其退化。 3. 可以使得基于合理的關(guān)于底層散列函數(shù)假設(shè)的消息鑒別機制的加密強度分析。 4. 當(dāng)發(fā)現(xiàn)或需要運算速度更快或更安全的散列函數(shù)時，可以很容易的實現(xiàn)底層散列函數(shù)的替換。 [注釋]

40、：在寫本文檔時，MD5和SHA—1是使用最廣泛的加密用散列函數(shù)。 二 HMAC的算法原理 2.1 HMAC算法定義： 用公式表示如下： HMAC=H(key or opad ,H(key or ipad,text)) H(X,Y)表示對 X + Y的消息進行一種Hash運算。 Ipad代表重復(fù)B次的單字節(jié)十六進制常數(shù)OX36; Opad代表重復(fù)B次的單字節(jié)十六進制常數(shù)OX5C; key代表64字節(jié)的字符串，由密鑰組成，不足的補0; text代表任意長度文本; 密鑰長度≥L字節(jié)。當(dāng)大于B時，先經(jīng)Hash計算形成L字節(jié)的秘鑰 （B是Hash算法中一次迭代運算的數(shù)據(jù)塊字節(jié)數(shù)；L是

41、Hash算法形成報文摘要的字節(jié)數(shù),MD5中是16，SHA-1中是20）。 2.2算法步驟 (1)在密鑰K后面添加0來創(chuàng)建一個字長為B的字符串。(例如，如果K的字長是20字節(jié)，B＝60字節(jié)，則K后會加入44個零字節(jié)0x00)，如果K的長度大于B時，則應(yīng)經(jīng)過散列函數(shù)處理。 if (key_len > 64) { MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); MD5Final(tk, &tctx); key = tk; key_len = 16;} (2)將上一步生成的B字長的字

42、符串與ipad做異或運算。 k_ipad[i] ^= 0x36; (3)將數(shù)據(jù)流text填充至第二步的結(jié)果字符串中。 (4)用H作用于第三步生成的數(shù)據(jù)流。 調(diào)用散列函數(shù)（MD5,SHA-1） (5)將第一步生成的B字長字符串與opad做異或運算。 k_opad[i] ^= 0x5c; (6)再將第四步的結(jié)果填充進第五步的結(jié)果中。 (7)用H作用于第六步生成的數(shù)據(jù)流，輸出最終結(jié)果。 2.3 MD5算法 MD5算法以對任意長度消息多次循環(huán)迭代的散列運算，最終形成16 Byte報文摘要。這摘要對文本具有唯一性，可作為認(rèn)證碼。在目標(biāo)計算機的計算速度下，這個摘要是難于破解的。

43、 （1）報文填充 MD5算法要求對任意長度報文進行填充，構(gòu)成N64 Byte消息分組，N為整數(shù)。其中每一分組填充數(shù)據(jù)分2步。首先，填充使得數(shù)據(jù)位長度恰好為（N64-8）Byte的數(shù)，即在報文有效數(shù)據(jù)后補1個0x1，其它補0x0至滿足上述要求。然后，再后補上8字節(jié)（64位）的報文數(shù)據(jù)長度（填充前字節(jié)數(shù)）。這樣，數(shù)據(jù)就被填充為64Byte（512bit）的整數(shù)倍。又劃分16個4字節(jié)子分組。 （2）初始化MD5參數(shù) 4個4字節(jié)位變量（A、B、C、D）用來作為報文摘要的初始值： A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x76543210

44、 ( 3 ) 算法 MD5算法是對消息分組依次迭代算法。第1次運算的初始值為ABCD，以后每一次迭代運算的結(jié)果都替換ABCD作為下一次的初始值，共經(jīng)過N次的迭代運算，就得到該消息的報文摘要. 2.4實現(xiàn)步驟 第一步：增加填充 增加padding使得數(shù)據(jù)長度（bit為單位）模512為448。如果數(shù)據(jù)長度正好是模512為448，增加512個填充bit，也就是說填充的個數(shù)為1-512。第一個bit為1，其余全部為0。 第二步：補足長度 將數(shù)據(jù)長度轉(zhuǎn)換為64bit的數(shù)值，如果長度超過64bit所能表示的數(shù)據(jù)長度的范圍，值保留最后64bit，增加到前面填充的數(shù)據(jù)后面，使得最后的數(shù)據(jù)

45、為512bit的整數(shù)倍。也就是32bit的16倍的整數(shù)倍。在RFC1321中，32bit稱為一個word。 第三步：初始化變量 用到4個變量，分別為A、B、C、D，均為32bit長。初始化為： A: 01 23 45 67 B: 89 ab cd ef C: fe dc ba 98 D: 76 54 32 10 第四步：數(shù)據(jù)處理 首先定義4個輔助函數(shù)： F(X,Y,Z) G(X,Y,Z) H(X,Y,Z) I(X,Y,Z) 其中：X&Y表示按位與，X | Y表示按位或，not(X)表示按位取反。xor表

46、示按位異或。 函數(shù)中的X、Y、Z均為32bit。 定義一個需要用到的數(shù)組：T(i),i取值1-64,T(i)等于abs(sin(i))的4294967296倍的整數(shù)部分,i為弧度。 假設(shè)前三步處理后的數(shù)據(jù)長度為32*16*Nbit 第五步：輸出 最后得到的ABCD為輸出結(jié)果，共128bit。A為低位，D為高位。 三 密鑰 用于HMAC的密鑰可以是任意長度（比B長的密鑰將首先被H處理）。但當(dāng)密鑰長度小于L時的情況時非常令人失望的，因為這樣將降低函數(shù)的安全強度。長度大于L的密鑰是可以接受的，但是額外的長度并不能顯著的提高函數(shù)的安全強度。（如果一個隨機的密鑰被認(rèn)為是不可靠的

47、，那么選擇一個較長的密鑰是明智的）。 密鑰必須隨機選取(或使用強大的基于隨機種子的偽隨機生成方法)，并且要周期性的更新。（目前的攻擊沒有指出一個有效的更換密鑰的頻率，因為那些攻擊實際上并不可行。然而，周期性更新密鑰是一個對付函數(shù)和密鑰所存在的潛在缺陷的基本的安全措施，并可以降低泄漏密鑰帶來的危害。） 四 注意事項 HMAC是按底層散列函數(shù)可以不修改源碼就可使用這種方式定義的。尤其是它在使用H函數(shù)時還要依賴于預(yù)定義的初始化值IV（一個定值，由每個迭代散列函數(shù)在初始化它的壓縮函數(shù)時指定).然而，如果你愿意的話，可以修改H函數(shù)的源碼來支持可變的初始化值Ivs. 這個想法是這樣的：壓縮函數(shù)

48、作用于B字長數(shù)據(jù)塊（K XOR opad）和(K XOR ipad)所產(chǎn)生的中間結(jié)果可以在密鑰剛剛生成時就預(yù)先計算好的。先將這些中間結(jié)果存儲，然后在每次有消息需要驗證時來生成H函數(shù)的初始化值IV。這種方法為每個要鑒別的消息保存了H 的壓縮函數(shù)對于兩個B字長數(shù)據(jù)塊（K XOR opad）和(K XOR ipad)的應(yīng)用。當(dāng)鑒別短數(shù)據(jù)流，保存這樣的信息是重要的。我們要強調(diào)的是：對待這些中間結(jié)果要象對待密鑰一樣，并且要同樣的進行保密。 上述的選擇實現(xiàn)HMAC的方法是本地執(zhí)行的結(jié)果，對內(nèi)部操作性沒有影響。 五 安全 這里將說明消息鑒別機制的安全性取決于所采用的散列函數(shù)的加密特性:1。抗沖突

49、攻擊能力（只限于初始化值是隨機且秘密的，且函數(shù)的輸出對攻擊者來說是不可用的情況）2。當(dāng)作用于單數(shù)據(jù)塊時H的壓縮函數(shù)的的消息鑒別屬性(在HMAC中這些數(shù)據(jù)塊是部分未知得，當(dāng)攻擊者自制內(nèi)部H函數(shù)計算結(jié)果，并且攻擊者是不能充分的選擇得) HMAC中使用的散列函數(shù)一般都具有以上或更強的屬性。實際上，如果一個散列函數(shù)不具有以上的屬性那么它對于大多數(shù)的加密應(yīng)用程序是不適用的，包括基于該函數(shù)的選擇消息鑒別方案。（對HMAC函數(shù)原理詳細(xì)闡述和完整的分析參見[BCK1]）只要得到關(guān)于候選散列函數(shù)的加密強度有限的信任，那么觀察它用于消息鑒別的安全性及以下HMAC結(jié)構(gòu)的兩種屬性是很重要的。 1．這種結(jié)構(gòu)是獨立于具體所使用的散列函數(shù)并且后者是可以被任何其它安全加密散列函數(shù)替代 2．消息鑒別相對于加密來說是一種“瞬時”影響。公開的對一種消息鑒別方案的破壞會導(dǎo)致該方案被替換，但是其對已鑒別過的信息卻無能為力，。這就與加密形成鮮明對比。如果其加密算法被破解的話。今天加密的的數(shù)據(jù)，在未來都會受到被破解的威脅， 對HMAC已知最有力的攻擊是基于散列函數(shù)的沖突頻率。（“生日攻擊法”[PV,BCK2],但完全不適用于最小有理散列函數(shù)。