數(shù)據(jù)加密外文翻譯

1、<p>　　Data encryption</p><p>　　First Synopsis</p><p>　　In the open correspondence and in the computer system, builds the safe reliable electronic commerce platform is very important. Usual

2、ly needs through the encryption method to the customer related information, like the password, the contract and so on to protect, causes it not to steal or the distortion. When the customer hands in the service applicati

3、on, must to the customer status validity, the text integrity carry on the confirmation.</p><p>　　HMAC (Keyed-Hashing for Message Authentication) is a public agreement. It is one kind based on key's text

4、complete proof technique, its security is the establishment in the Hash algorithm foundation. It requests the correspondence both sides shared system key, the agreement algorithm, to carry on the Hash operation to the te

5、xt, like MD5, SHA, RIPEMD and so on, form the fixed length the authentication code. Correspondence both sides determine the text through the authentication code's verificatio</p><p>　　This kind of struct

6、ure's leading role is:</p><p>　　1. Does not need the revision to be possible to use the suitable hashing function. Moreover the hashing function displays in the software aspect is very good. And the soun

7、d code is public and general. </p><p>　　2. Maintain the hashing function original performance, but does not cause its degeneration. </p><p>　　3. Cause reasonably based on about first floor hashi

8、ng function supposition message discrimination mechanism encryption strength analysis. </p><p>　　4. When discovers either needs the operating speed is quicker or the safer hashing function, may very easy rea

9、lize the first floor hashing function replace.</p><p>　　[Annotation]: When comp book documents, MD5 and SHA-1 are use the most widespread encryption to use the hashing function.</p><p>　　Second

10、 HMAC algorithm principles</p><p>　　2.1 HMAC algorithm definition:</p><p>　　Expresses as follows with the formula:</p><p>　　HMAC=H(key or opad ,H(key or ipad,text))</p><

11、p>　　H(X, Y) expression carries on one kind of Hash operation to X + Y news.</p><p>　　Representative Ipad is redundant B time single byte hexadecimal system system constant OX36;</p><p>　　Repr

12、esentative Opad is redundant B time single byte hexadecimal system constant OX5C; key represents 64 bytes strings of character, is composed of the key, insufficient makes up 0; </p><p>　　Text represents the

13、random length text;</p><p>　　Key length ≥L byte. When is bigger than B, passes through the Hash computation to form L byte Peru key (B is first in the Hash algorithm an iterative computation block data byte

14、count; L is the Hash algorithm forms the text abstract the byte count, in MD5 is in 16, SHA-1 is 20).</p><p>　　2.2 Algorithm step</p><p>　　(1) Increases behind key K 0 founds a word length is

15、the B string of character. (e.g., if the K word length is 20 bytes, B=60 byte, then after K, will join 44 zero byte 0x00), if the K length will be bigger than time B, should undergo hashing function processing.</p>

16、<p>　　if (key_len > 64) </p><p>　　{ MD5_CTX tctx;</p><p>　　MD5Init(&tctx);</p><p>　　MD5Update(&tctx, key, key_len);</p><p>　　MD5Final(tk, &tctx);

17、</p><p><b>　　key = tk;</b></p><p>　　key_len = 16;}</p><p>　　(2) On one step will produce the B word length's string of character and ipad make the "or else&quo

18、t;. k_ipad[i] ^= 0x36;</p><p>　　(3) Fills data stream text to the second step result string of character.</p><p>　　(4) Affects with H in the data stream which third step produces. </p>

19、<p>　　transfer hashing function (MD5, SHA-1)</p><p>　　(5) The B word length string of character which and opad first step produces does the "or else". k_opad[i] ^= 0x5c;</p><p>　

20、　(6) Enters again the fourth step result packing in the fifth step result.</p><p>　　(7) Affects with H in the data stream which sixth step produces, the output final outcome.</p><p>　　2.3 MD5

21、 algorithm</p><p>　　The MD5 algorithm by circulates many times to the random length news the iterative hash operation, forms 16 Byte text abstract finally. This abstract has uniqueness to the text, may take

22、the authentication code. Under target computer's computation speed, this abstract is difficulty with explains</p><p>　　(1) the text fills</p><p>　　The MD5 algorithm request carries on the pa

23、cking to the random length text, the constitution N×64 Byte news grouping, N is an integer. And each grouping padding data is divided 2 steps. First, the packing causes the data position length exactly for (N×6

24、4-8) the Byte number, namely in text valid data replacement 1 0x1, other makes up 0x0 to satisfy the above request. Then, again on replacement 8 bytes (64) before text data length (packing, byte count). Thus, the data by

25、 the packing is 64Byte (512</p><p>　　(2) initialization MD5 parameter </p><p>　　The 4 4 byte shift quantity (A, B, C, D) use for to take the text abstract the starting value:</p><p>

26、;　　A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x76543210</p><p>　　(3) algorithm </p><p>　　The MD5 algorithm is to the news grouping in turn iterative algorithm. 1st time operates the starting v

27、alue is ABCD, each iterative computation's result will replace later ABCD to take the next time starting value, altogether will undergo N time iterative computation, will obtain this news text abstract.</p>&l

28、t;p>　　2.4 realize the step</p><p>　　The first step: Increases fills</p><p>　　Increases padding to cause the data length (bit is unit) the mold 512 is 448. If the data length happen to is the

29、 mold 512 is 448, increases 512 to fill bit, i.e. fills the integer is 1-512. First bit is 1, other are 0 completely.</p><p>　　The second step: Makes up length</p><p>　　The data length transform

30、ation is the 64bit value, if the length surpasses the data length scope which 64bit can express, the value retains finally 64bit, increases behind data which fills to front, causes the final data is the 512bit integral m

31、ultiple. Is also the 32bit 16 time of integral multiples. In RFC1321, 32bit is called word.</p><p>　　The third step: Initialization variable </p><p>　　With to 4 variables, respectively is A, B,

32、C, D, is 32bit is long. The initialization is: A: 01 23 45 67 B: 89 ab cd ef C: fe dc ba 98 D: 76 54 32 10</p><p>　　The fourth step: Data processing </p><p>　　First defines 4 auxiliary functions

33、: F(X, Y, Z) G(X, Y, Z) H(X, Y, Z) I(X, Y, Z) </p><p>　　In which: X&Y expresses according to the position and, X | Y expressed that according to the position or, not(X) expressed takes according to the p

34、osition instead. xor expresses according to the position different or. in the function X, Y, Z are 32bit. defines the array which needs to use: The T(i), i value 1-64, T(i) was equal to that abs(sin(i)) 4294967296 time o

35、f integral part, i is a radian.</p><p>　　After the supposition first three step processing data length is 32*16*Nbit</p><p>　　The fifth step: Output: </p><p>　　Obtains finally ABCD

36、is the output result, altogether 128bit. A is the low position, D is a top digit.</p><p>　　Third Key</p><p>　　Use in HMAC the key being possible to be the random length (key which will be longe

37、r than B first by the H processing). But when the key length is smaller than the L situation is disappointing, because like this will reduce the function the working strength. The length is bigger than L the key is accep

38、table, but the extra length cannot remarkable enhance the function the working strength. (if a stochastic key were considered that is unreliable, then chooses a long key is unwise). The key must se</p><p>　　

39、Forth matters needing attention</p><p>　　HMAC is may not revise the sound code according to the first floor hashing function to be possible to use this way to define. Especially it when uses the H function

40、must rely on the pre-definition initialization value IV (a definite value, by each iteration hashing function when initialization its compression function assigns). However, if you want, may revise the H function the sou

41、nd code to support invariable initialization value Ivs.</p><p>　　This idea is this: The compression function the intermediate result which (K XOR opad) and (K XOR ipad) produces in the B word length block da

42、ta may when the key just produced in advance calculates well. Saves first these intermediate results, then when each time has the news needs to confirm produces the H function the initialization value IV. This method mus

43、t distinguish the news which has preserved the H compression function regarding two B word length block data (K XOR opad) and (K XOR ipad)</p><p>　　The above choice realizes the result which the HMAC method

44、is local carries out, to internal operational has not affected</p><p>　　Fifth safe</p><p>　　Here will explain that the message discrimination mechanism the security is decided by the hashing fu

45、nction encryption characteristic which uses: 1. Anti-conflict attack capability (is restricted in initialization value is only stochastic, and secret, and function output to aggressor is not available situation) 2. Treat

46、s as uses when the single block data the H compression function the message discrimination attribute (in HMAC these block data is part unknown, when aggressor self-restraint inter</p><p>　　In HMAC uses above

47、 the hashing function has or a stronger attribute generally. In fact, if a hashing function does not have above attribute that it not to be suitable regarding the majority encryption application procedure, including base

48、d on this function choice message discrimination plan. (see also [BCK1] to HMAC function principle detailed elaboration and complete analysis), so long as obtains about the candidate hashing function encryption intensity

49、 limited trust, then observes it to use in</p><p>　　1. This kind of structure is the independence in the hashing function which concrete uses, and the latter is may encrypt the hashing function substitution

50、by any other securities</p><p>　　2. The message discrimination was opposite in the encryption is one kind “the instant” the influence. Public can cause this plan to one kind of message discrimination plan

51、9;s destruction to replace, but it to has distinguished the information is actually helpless. This forms the sharp contrast with the encryption. If its encryption algorithm is explained. Today encrypts the data, can rece

52、ive in the future the threat which explains,</p><p>　　To the HMAC known most powerful attack is based on the hashing function conflict frequency. (“birthday attack law” [PV, BCK2], but is not suitable comple

53、tely for the smallest rational hashing function.</p><p>　　數(shù) 據(jù) 加 密</p><p><b>　　一 簡(jiǎn)介 </b></p><p>　　在開(kāi)放的通信和計(jì)算機(jī)系統(tǒng)中，建立安全可靠的電子商務(wù)平臺(tái)是十分重要的。通常需要通過(guò)加密的方法對(duì)客戶的有關(guān)信息，如密碼、合同等加以

54、保護(hù)，使之不被盜取或篡改。當(dāng)客戶提出服務(wù)申請(qǐng)時(shí)，必須對(duì)客戶身份的合法性、報(bào)文的完整性進(jìn)行確認(rèn)。</p><p>　　HMAC（Keyed-Hashing for Message Authentication）是一個(gè)公開(kāi)的協(xié)議。它是一種基于密鑰的報(bào)文完整性的驗(yàn)證方法，其安全性是建立在Hash算法基礎(chǔ)上的。它要求通信雙方共享密鑰、約定算法、對(duì)報(bào)文進(jìn)行Hash運(yùn)算，如MD5、SHA、RIPEMD等，形成固定長(zhǎng)度的認(rèn)證碼

55、。通信雙方通過(guò)認(rèn)證碼的校驗(yàn)來(lái)確定報(bào)文的合法性。這個(gè)協(xié)議可以用來(lái)作加密、數(shù)字簽名、報(bào)文驗(yàn)證等。HMAC可以與任何迭代散列函數(shù)捆綁使用。MD5和SHA—1就是這種散列函數(shù)。</p><p>　　這種結(jié)構(gòu)的主要作用是：</p><p>　　1. 不用修改就可以使用適合的散列函數(shù)。而且散列函數(shù)在軟件方面表現(xiàn)的很好。且源碼是公開(kāi)和通用的。</p><p>　　2. 可以保持散

56、列函數(shù)原有的性能而不致使其退化。</p><p>　　3. 可以使得基于合理的關(guān)于底層散列函數(shù)假設(shè)的消息鑒別機(jī)制的加密強(qiáng)度分析。</p><p>　　4. 當(dāng)發(fā)現(xiàn)或需要運(yùn)算速度更快或更安全的散列函數(shù)時(shí)，可以很容易的實(shí)現(xiàn)底層散列函數(shù)的替換。</p><p>　　[注釋]：在寫(xiě)本文檔時(shí)，MD5和SHA—1是使用最廣泛的加密用散列函數(shù)。</p><p&

57、gt;　　二 HMAC的算法原理</p><p>　　2.1 HMAC算法定義：</p><p><b>　　用公式表示如下：</b></p><p>　　HMAC=H(key or opad ,H(key or ipad,text))</p><p>　　H(X,Y)表示對(duì) X + Y的消息進(jìn)行一種Hash運(yùn)算。<

58、;/p><p>　　Ipad代表重復(fù)B次的單字節(jié)十六進(jìn)制常數(shù)OX36;</p><p>　　Opad代表重復(fù)B次的單字節(jié)十六進(jìn)制常數(shù)OX5C;</p><p>　　key代表64字節(jié)的字符串，由密鑰組成，不足的補(bǔ)0;</p><p>　　text代表任意長(zhǎng)度文本;</p><p>　　密鑰長(zhǎng)度≥L字節(jié)。當(dāng)大于B時(shí)，先經(jīng)Ha

59、sh計(jì)算形成L字節(jié)的秘鑰 （B是Hash算法中一次迭代運(yùn)算的數(shù)據(jù)塊字節(jié)數(shù)；L是Hash算法形成報(bào)文摘要的字節(jié)數(shù),MD5中是16，SHA-1中是20）。</p><p><b>　　2.2算法步驟</b></p><p>　　(1)在密鑰K后面添加0來(lái)創(chuàng)建一個(gè)字長(zhǎng)為B的字符串。(例如，如果K的字長(zhǎng)是20字節(jié)，B＝60字節(jié)，則K后會(huì)加入44個(gè)零字節(jié)0x00)，如果K的長(zhǎng)度

60、大于B時(shí)，則應(yīng)經(jīng)過(guò)散列函數(shù)處理。</p><p>　　if (key_len > 64) </p><p>　　{ MD5_CTX tctx;</p><p>　　MD5Init(&tctx);</p><p>　　MD5Update(&tctx, key, key_len);</p><p>

61、　　MD5Final(tk, &tctx);</p><p><b>　　key = tk;</b></p><p>　　key_len = 16;}</p><p>　　(2)將上一步生成的B字長(zhǎng)的字符串與ipad做異或運(yùn)算。</p><p>　　k_ipad[i] ^= 0x36;</p>&l

62、t;p>　　(3)將數(shù)據(jù)流text填充至第二步的結(jié)果字符串中。</p><p>　　(4)用H作用于第三步生成的數(shù)據(jù)流。</p><p>　　調(diào)用散列函數(shù)（MD5,SHA-1）</p><p>　　(5)將第一步生成的B字長(zhǎng)字符串與opad做異或運(yùn)算。</p><p>　　k_opad[i] ^= 0x5c;</p>&l

63、t;p>　　(6)再將第四步的結(jié)果填充進(jìn)第五步的結(jié)果中。</p><p>　　(7)用H作用于第六步生成的數(shù)據(jù)流，輸出最終結(jié)果。</p><p><b>　　2.3 MD5算法</b></p><p>　　MD5算法以對(duì)任意長(zhǎng)度消息多次循環(huán)迭代的散列運(yùn)算，最終形成16 Byte報(bào)文摘要。這摘要對(duì)文本具有唯一性，可作為認(rèn)證碼。在目標(biāo)計(jì)算機(jī)的

64、計(jì)算速度下，這個(gè)摘要是難于破解的。</p><p><b>　　（1）報(bào)文填充</b></p><p>　　MD5算法要求對(duì)任意長(zhǎng)度報(bào)文進(jìn)行填充，構(gòu)成N×64 Byte消息分組，N為整數(shù)。其中每一分組填充數(shù)據(jù)分2步。首先，填充使得數(shù)據(jù)位長(zhǎng)度恰好為（N×64-8）Byte的數(shù)，即在報(bào)文有效數(shù)據(jù)后補(bǔ)1個(gè)0x1，其它補(bǔ)0x0至滿足上述要求。然后，再后補(bǔ)上

65、8字節(jié)（64位）的報(bào)文數(shù)據(jù)長(zhǎng)度（填充前字節(jié)數(shù)）。這樣，數(shù)據(jù)就被填充為64Byte（512bit）的整數(shù)倍。又劃分16個(gè)4字節(jié)子分組。</p><p>　　（2）初始化MD5參數(shù)</p><p>　　4個(gè)4字節(jié)位變量（A、B、C、D）用來(lái)作為報(bào)文摘要的初始值：</p><p>　　A=0x01234567 B=0x89abcdef C=0xfedcba98

66、 D=0x76543210</p><p><b>　　( 3 ) 算法</b></p><p>　　MD5算法是對(duì)消息分組依次迭代算法。第1次運(yùn)算的初始值為ABCD，以后每一次迭代運(yùn)算的結(jié)果都替換ABCD作為下一次的初始值，共經(jīng)過(guò)N次的迭代運(yùn)算，就得到該消息的報(bào)文摘要. </p><p><b>　　2.4實(shí)現(xiàn)步驟</b&g

67、t;</p><p><b>　　第一步：增加填充 </b></p><p>　　增加padding使得數(shù)據(jù)長(zhǎng)度（bit為單位）模512為448。如果數(shù)據(jù)長(zhǎng)度正好是模512為448，增加512個(gè)填充bit，也就是說(shuō)填充的個(gè)數(shù)為1-512。第一個(gè)bit為1，其余全部為0。 </p><p><b>　　第二步：補(bǔ)足長(zhǎng)度 </b&g

68、t;</p><p>　　將數(shù)據(jù)長(zhǎng)度轉(zhuǎn)換為64bit的數(shù)值，如果長(zhǎng)度超過(guò)64bit所能表示的數(shù)據(jù)長(zhǎng)度的范圍，值保留最后64bit，增加到前面填充的數(shù)據(jù)后面，使得最后的數(shù)據(jù)為512bit的整數(shù)倍。也就是32bit的16倍的整數(shù)倍。在RFC1321中，32bit稱為一個(gè)word。 </p><p>　　第三步：初始化變量 </p><p>　　用到4個(gè)變量，分別為A、B

69、、C、D，均為32bit長(zhǎng)。初始化為： </p><p>　　A: 01 23 45 67 B: 89 ab cd ef </p><p>　　C: fe dc ba 98 D: 76 54 32 10 </p><p><b>　　第四步：數(shù)據(jù)處理 </b></p><p>　　首先

70、定義4個(gè)輔助函數(shù)： </p><p>　　F(X,Y,Z) G(X,Y,Z) </p><p>　　H(X,Y,Z) I(X,Y,Z) </p><p>　　其中：X&Y表示按位與，X | Y表示按位或，not(X)表示按位取反。xor表示按位異或。 </p><p>　　函數(shù)中的X、Y、Z均為32bit。 <

71、;/p><p>　　定義一個(gè)需要用到的數(shù)組：T(i),i取值1-64,T(i)等于abs(sin(i))的4294967296倍的整數(shù)部分,i為弧度。 </p><p>　　假設(shè)前三步處理后的數(shù)據(jù)長(zhǎng)度為32*16*Nbit </p><p><b>　　第五步：輸出 </b></p><p>　　最后得到的ABCD為輸出結(jié)果

72、，共128bit。A為低位，D為高位。</p><p><b>　　三 密鑰</b></p><p>　　用于HMAC的密鑰可以是任意長(zhǎng)度（比B長(zhǎng)的密鑰將首先被H處理）。但當(dāng)密鑰長(zhǎng)度小于L時(shí)的情況時(shí)非常令人失望的，因?yàn)檫@樣將降低函數(shù)的安全強(qiáng)度。長(zhǎng)度大于L的密鑰是可以接受的，但是額外的長(zhǎng)度并不能顯著的提高函數(shù)的安全強(qiáng)度。（如果一個(gè)隨機(jī)的密鑰被認(rèn)為是不可靠的，那么選擇一

73、個(gè)較長(zhǎng)的密鑰是明智的）。 密鑰必須隨機(jī)選取(或使用強(qiáng)大的基于隨機(jī)種子的偽隨機(jī)生成方法)，并且要周期性的更新。（目前的攻擊沒(méi)有指出一個(gè)有效的更換密鑰的頻率，因?yàn)槟切┕魧?shí)際上并不可行。然而，周期性更新密鑰是一個(gè)對(duì)付函數(shù)和密鑰所存在的潛在缺陷的基本的安全措施，并可以降低泄漏密鑰帶來(lái)的危害。）</p><p><b>　　四 注意事項(xiàng) </b></p><p>　　HM

74、AC是按底層散列函數(shù)可以不修改源碼就可使用這種方式定義的。尤其是它在使用H函數(shù)時(shí)還要依賴于預(yù)定義的初始化值IV（一個(gè)定值，由每個(gè)迭代散列函數(shù)在初始化它的壓縮函數(shù)時(shí)指定).然而，如果你愿意的話，可以修改H函數(shù)的源碼來(lái)支持可變的初始化值Ivs.</p><p>　　這個(gè)想法是這樣的：壓縮函數(shù)作用于B字長(zhǎng)數(shù)據(jù)塊（K XOR opad）和(K XOR ipad)所產(chǎn)生的中間結(jié)果可以在密鑰剛剛生成時(shí)就預(yù)先計(jì)算好的。先將這些

75、中間結(jié)果存儲(chǔ)，然后在每次有消息需要驗(yàn)證時(shí)來(lái)生成H函數(shù)的初始化值IV。這種方法為每個(gè)要鑒別的消息保存了H 的壓縮函數(shù)對(duì)于兩個(gè)B字長(zhǎng)數(shù)據(jù)塊（K XOR opad）和(K XOR ipad)的應(yīng)用。當(dāng)鑒別短數(shù)據(jù)流，保存這樣的信息是重要的。我們要強(qiáng)調(diào)的是：對(duì)待這些中間結(jié)果要象對(duì)待密鑰一樣，并且要同樣的進(jìn)行保密。</p><p>　　上述的選擇實(shí)現(xiàn)HMAC的方法是本地執(zhí)行的結(jié)果，對(duì)內(nèi)部操作性沒(méi)有影響。 </p>

76、;<p><b>　　五 安全</b></p><p>　　這里將說(shuō)明消息鑒別機(jī)制的安全性取決于所采用的散列函數(shù)的加密特性:1。抗沖突攻擊能力（只限于初始化值是隨機(jī)且秘密的，且函數(shù)的輸出對(duì)攻擊者來(lái)說(shuō)是不可用的情況）2。當(dāng)作用于單數(shù)據(jù)塊時(shí)H的壓縮函數(shù)的的消息鑒別屬性(在HMAC中這些數(shù)據(jù)塊是部分未知得，當(dāng)攻擊者自制內(nèi)部H函數(shù)計(jì)算結(jié)果，并且攻擊者是不能充分的選擇得)</p&g

77、t;<p>　　HMAC中使用的散列函數(shù)一般都具有以上或更強(qiáng)的屬性。實(shí)際上，如果一個(gè)散列函數(shù)不具有以上的屬性那么它對(duì)于大多數(shù)的加密應(yīng)用程序是不適用的，包括基于該函數(shù)的選擇消息鑒別方案。（對(duì)HMAC函數(shù)原理詳細(xì)闡述和完整的分析參見(jiàn)[BCK1]）只要得到關(guān)于候選散列函數(shù)的加密強(qiáng)度有限的信任，那么觀察它用于消息鑒別的安全性及以下HMAC結(jié)構(gòu)的兩種屬性是很重要的。</p><p>　　1．這種結(jié)構(gòu)是獨(dú)立于具

78、體所使用的散列函數(shù)并且后者是可以被任何其它安全加密散列函數(shù)替代</p><p>　　2．消息鑒別相對(duì)于加密來(lái)說(shuō)是一種“瞬時(shí)”影響。公開(kāi)的對(duì)一種消息鑒別方案的破壞會(huì)導(dǎo)致該方案被替換，但是其對(duì)已鑒別過(guò)的信息卻無(wú)能為力，。這就與加密形成鮮明對(duì)比。如果其加密算法被破解的話。今天加密的的數(shù)據(jù)，在未來(lái)都會(huì)受到被破解的威脅， </p><p>　　對(duì)HMAC已知最有力的攻擊是基于散列函數(shù)的沖突頻率。（“