数据加密外文翻译

1、data encryptionfirst synopsisin the open correspondence and in the computer system, builds the safe reliable electronic commerce platform is very important. usually needs through the encryption method to the customer related information, like the password, the contract and so on to protect, causes i

2、t not to steal or the distortion. when the customer hands in the service application, must to the customer status validity, the text integrity carry on the confirmation.hmac (keyed-hashing for message authentication) is a public agreement. it is one kind based on keys text complete proof technique,

3、its security is the establishment in the hash algorithm foundation. it requests the correspondence both sides shared system key, the agreement algorithm, to carry on the hash operation to the text, like md5, sha, ripemd and so on, form the fixed length the authentication code. correspondence both si

4、des determine the text through the authentication codes verification the validity. this agreement may use for to make the encryption, the digital signature, the text confirmation and so on. hmac may with any iteration hashing function bundle use. md5 and sha-1 are this kind of hashing functions.this

5、 kind of structures leading role is:1. does not need the revision to be possible to use the suitable hashing function. moreover the hashing function displays in the software aspect is very good. and the sound code is public and general. 2. maintain the hashing function original performance, but does

6、 not cause its degeneration. 3. cause reasonably based on about first floor hashing function supposition message discrimination mechanism encryption strength analysis. 4. when discovers either needs the operating speed is quicker or the safer hashing function, may very easy realize the first floor h

7、ashing function replace.annotation: when comp book documents, md5 and sha-1 are use the most widespread encryption to use the hashing function.second hmac algorithm principles2.1 hmac algorithm definition:expresses as follows with the formula:hmac=h(key or opad ,h(key or ipad,text)h(x, y) expression

8、 carries on one kind of hash operation to x + y news.representative ipad is redundant b time single byte hexadecimal system system constant ox36;representative opad is redundant b time single byte hexadecimal system constant ox5c; key represents 64 bytes strings of character, is composed of the key,

9、 insufficient makes up 0; text represents the random length text;key length l byte. when is bigger than b, passes through the hash computation to form l byte peru key (b is first in the hash algorithm an iterative computation block data byte count; l is the hash algorithm forms the text abstract the

10、 byte count, in md5 is in 16, sha-1 is 20).2.2 algorithm step(1) increases behind key k 0 founds a word length is the b string of character. (e.g., if the k word length is 20 bytes, b=60 byte, then after k, will join 44 zero byte 0x00), if the k length will be bigger than time b, should undergo hash

11、ing function processing.if (key_len 64) md5_ctx tctx; md5init(&tctx); md5update(&tctx, key, key_len); md5final(tk, &tctx); key = tk; key_len = 16;(2) on one step will produce the b word lengths string of character and ipad make the or else. k_ipadi = 0x36;(3) fills data stream text to the second ste

12、p result string of character.(4) affects with h in the data stream which third step produces. transfer hashing function (md5, sha-1)(5) the b word length string of character which and opad first step produces does the or else. k_opadi = 0x5c;(6) enters again the fourth step result packing in the fif

13、th step result.(7) affects with h in the data stream which sixth step produces, the output final outcome.2.3 md5 algorithmthe md5 algorithm by circulates many times to the random length news the iterative hash operation, forms 16 byte text abstract finally. this abstract has uniqueness to the text,

14、may take the authentication code. under target computers computation speed, this abstract is difficulty with explains(1) the text fillsthe md5 algorithm request carries on the packing to the random length text, the constitution n64 byte news grouping, n is an integer. and each grouping padding data

15、is divided 2 steps. first, the packing causes the data position length exactly for (n64-8) the byte number, namely in text valid data replacement 1 0x1, other makes up 0x0 to satisfy the above request. then, again on replacement 8 bytes (64) before text data length (packing, byte count). thus, the d

16、ata by the packing is 64byte (512bit) integral multiple. also divides 16 4 byte sub-groupings.(2) initialization md5 parameter the 4 4 byte shift quantity (a, b, c, d) use for to take the text abstract the starting value: a=0x01234567 b=0x89abcdef c=0xfedcba98 d=0x76543210(3) algorithm the md5 algor

17、ithm is to the news grouping in turn iterative algorithm. 1st time operates the starting value is abcd, each iterative computations result will replace later abcd to take the next time starting value, altogether will undergo n time iterative computation, will obtain this news text abstract.2.4 reali

18、ze the stepthe first step: increases fillsincreases padding to cause the data length (bit is unit) the mold 512 is 448. if the data length happen to is the mold 512 is 448, increases 512 to fill bit, i.e. fills the integer is 1-512. first bit is 1, other are 0 completely.the second step: makes up le

19、ngththe data length transformation is the 64bit value, if the length surpasses the data length scope which 64bit can express, the value retains finally 64bit, increases behind data which fills to front, causes the final data is the 512bit integral multiple. is also the 32bit 16 time of integral mult

20、iples. in rfc1321, 32bit is called word.the third step: initialization variable with to 4 variables, respectively is a, b, c, d, is 32bit is long. the initialization is: a: 01 23 45 67 b: 89 ab cd ef c: fe dc ba 98 d: 76 54 32 10the fourth step: data processing first defines 4 auxiliary functions: f

21、(x, y, z) g(x, y, z) h(x, y, z) i(x, y, z) in which: x&y expresses according to the position and, x | y expressed that according to the position or, not(x) expressed takes according to the position instead. xor expresses according to the position different or. in the function x, y, z are 32bit. defi

22、nes the array which needs to use: the t(i), i value 1-64, t(i) was equal to that abs(sin(i) 4294967296 time of integral part, i is a radian.after the supposition first three step processing data length is 32*16*nbitthe fifth step: output: obtains finally abcd is the output result, altogether 128bit.

23、 a is the low position, d is a top digit.third keyuse in hmac the key being possible to be the random length (key which will be longer than b first by the h processing). but when the key length is smaller than the l situation is disappointing, because like this will reduce the function the working s

24、trength. the length is bigger than l the key is acceptable, but the extra length cannot remarkable enhance the function the working strength. (if a stochastic key were considered that is unreliable, then chooses a long key is unwise). the key must select (or use stochastically formidable based on st

25、ochastic seeds pseudo-random production method), and wants the periodic renewal. (the present attack has not pointed out an effective replacement keys frequency, because these attacks are not in fact feasible. however, the periodic renewal key is one latent defect basic security measure which copes

26、with the function and the key exists, and may reduce divulges the harm which the key brings. )forth matters needing attentionhmac is may not revise the sound code according to the first floor hashing function to be possible to use this way to define. especially it when uses the h function must rely

27、on the pre-definition initialization value iv (a definite value, by each iteration hashing function when initialization its compression function assigns). however, if you want, may revise the h function the sound code to support invariable initialization value ivs.this idea is this: the compression

28、function the intermediate result which (k xor opad) and (k xor ipad) produces in the b word length block data may when the key just produced in advance calculates well. saves first these intermediate results, then when each time has the news needs to confirm produces the h function the initializatio

29、n value iv. this method must distinguish the news which has preserved the h compression function regarding two b word length block data (k xor opad) and (k xor ipad) the application for each. when distinguishes the short data stream, preserves such information is important. what we must stress: trea

30、ts these intermediate results to treat the key to be the same likely, and wants same to carry on the security.the above choice realizes the result which the hmac method is local carries out, to internal operational has not affectedfifth safehere will explain that the message discrimination mechanism

31、 the security is decided by the hashing function encryption characteristic which uses: 1. anti-conflict attack capability (is restricted in initialization value is only stochastic, and secret, and function output to aggressor is not available situation) 2. treats as uses when the single block data t

32、he h compression function the message discrimination attribute (in hmac these block data is part unknown, when aggressor self-restraint interior h functional calculus result, and aggressor cannot full choice)in hmac uses above the hashing function has or a stronger attribute generally. in fact, if a

33、 hashing function does not have above attribute that it not to be suitable regarding the majority encryption application procedure, including based on this function choice message discrimination plan. (see also bck1 to hmac function principle detailed elaboration and complete analysis), so long as o

34、btains about the candidate hashing function encryption intensity limited trust, then observes it to use in the message discrimination the security and the following hmac structure two kind of attributes is very important.1. this kind of structure is the independence in the hashing function which con

35、crete uses, and the latter is may encrypt the hashing function substitution by any other securities2. the message discrimination was opposite in the encryption is one kind “the instant” the influence. public can cause this plan to one kind of message discrimination plans destruction to replace, but

36、it to has distinguished the information is actually helpless. this forms the sharp contrast with the encryption. if its encryption algorithm is explained. today encrypts the data, can receive in the future the threat which explains,to the hmac known most powerful attack is based on the hashing funct

37、ion conflict frequency. (“birthday attack law” pv, bck2, but is not suitable completely for the smallest rational hashing function.数 据 加 密一 简介 在开放的通信和计算机系统中，建立安全可靠的电子商务平台是十分重要的。通常需要通过加密的方法对客户的有关信息，如密码、合同等加以保护，使之不被盗取或篡改。当客户提出服务申请时，必须对客户身份的合法性、报文的完整性进行确认。hmac（keyed-hashing for message authentication）是

38、一个公开的协议。它是一种基于密钥的报文完整性的验证方法，其安全性是建立在hash算法基础上的。它要求通信双方共享密钥、约定算法、对报文进行hash运算，如md5、sha、ripemd等，形成固定长度的认证码。通信双方通过认证码的校验来确定报文的合法性。这个协议可以用来作加密、数字签名、报文验证等。hmac可以与任何迭代散列函数捆绑使用。md5和sha1就是这种散列函数。这种结构的主要作用是：1. 不用修改就可以使用适合的散列函数。而且散列函数在软件方面表现的很好。且源码是公开和通用的。2. 可以保持散列函数原有的性能而不致使其退化。3. 可以使得基于合理的关于底层散列函数假设的消息鉴别机制的加

39、密强度分析。4. 当发现或需要运算速度更快或更安全的散列函数时，可以很容易的实现底层散列函数的替换。注释：在写本文档时，md5和sha1是使用最广泛的加密用散列函数。二 hmac的算法原理2.1 hmac算法定义：用公式表示如下：hmac=h(key or opad ,h(key or ipad,text)h(x,y)表示对 x + y的消息进行一种hash运算。ipad代表重复b次的单字节十六进制常数ox36;opad代表重复b次的单字节十六进制常数ox5c;key代表64字节的字符串，由密钥组成，不足的补0;text代表任意长度文本;密钥长度l字节。当大于b时，先经hash计算形成l字节的

40、秘钥 （b是hash算法中一次迭代运算的数据块字节数；l是hash算法形成报文摘要的字节数,md5中是16，sha-1中是20）。2.2算法步骤(1)在密钥k后面添加0来创建一个字长为b的字符串。(例如，如果k的字长是20字节，b60字节，则k后会加入44个零字节0x00)，如果k的长度大于b时，则应经过散列函数处理。if (key_len 64) md5_ctx tctx; md5init(&tctx); md5update(&tctx, key, key_len); md5final(tk, &tctx); key = tk; key_len = 16;(2)将上一步生成的b字长的字符串与

41、ipad做异或运算。 k_ipadi = 0x36;(3)将数据流text填充至第二步的结果字符串中。(4)用h作用于第三步生成的数据流。调用散列函数（md5,sha-1）(5)将第一步生成的b字长字符串与opad做异或运算。k_opadi = 0x5c;(6)再将第四步的结果填充进第五步的结果中。(7)用h作用于第六步生成的数据流，输出最终结果。2.3 md5算法md5算法以对任意长度消息多次循环迭代的散列运算，最终形成16 byte报文摘要。这摘要对文本具有唯一性，可作为认证码。在目标计算机的计算速度下，这个摘要是难于破解的。（1）报文填充md5算法要求对任意长度报文进行填充，构成n64

42、byte消息分组，n为整数。其中每一分组填充数据分2步。首先，填充使得数据位长度恰好为（n64-8）byte的数，即在报文有效数据后补1个0x1，其它补0x0至满足上述要求。然后，再后补上8字节（64位）的报文数据长度（填充前字节数）。这样，数据就被填充为64byte（512bit）的整数倍。又划分16个4字节子分组。（2）初始化md5参数4个4字节位变量（a、b、c、d）用来作为报文摘要的初始值：a=0x01234567 b=0x89abcdef c=0xfedcba98 d=0x76543210( 3 ) 算法md5算法是对消息分组依次迭代算法。第1次运算的初始值为abcd，以后每一次迭代

43、运算的结果都替换abcd作为下一次的初始值，共经过n次的迭代运算，就得到该消息的报文摘要. 2.4实现步骤第一步：增加填充 增加padding使得数据长度（bit为单位）模512为448。如果数据长度正好是模512为448，增加512个填充bit，也就是说填充的个数为1-512。第一个bit为1，其余全部为0。 第二步：补足长度 将数据长度转换为64bit的数值，如果长度超过64bit所能表示的数据长度的范围，值保留最后64bit，增加到前面填充的数据后面，使得最后的数据为512bit的整数倍。也就是32bit的16倍的整数倍。在rfc1321中，32bit称为一个word。 第三步：初始化变量 用到4个变量，分别为a、b、c、d，均为32bit长。初始化为： a: 01 23 45 67 b: 89 ab cd ef c: fe dc ba 98 d: 76 54 32 10 第四步：数据处理 首先定义4个辅助函