"Network security and penetration tests" class notes --- 09

2019/4/24 - -
Basic theory of one-way HASH function, and experimental verification around the various features of hash, presentations, there will be a final test on mail encryption signature transmission.
Cryptographic signature on the message transfer experiments prepared environment, please refer to my other article "Mail encrypted transmission"

Hash Algorithm (hash)

Demand and Role:

在网络安全目标中,要求信息在生成、存储或传输过程中保证不被偶然或蓄意地删除、
修改、伪造、乱序、重放、插入等破坏和丢失,因此需要一个较为安全的标准和算法,以保证数据的完整性。

Features of one-way hash function

To an arbitrary data length, it returns a fixed length hash value

Unidirectional

	作用:给定明文,容易推出密文,给定密文,不能推出明文。

Anti-collision properties

作用:即随机找到两个消息M和M’,使H(m)=H(m’)在计算上不可行。

Integrity

作用:如果原数据做了改动,则hash值是不匹配的。

hash family

 MD5
 sha1sum
 sha256sum
 sha224sum
 sha512sum
 sha384sum

China hash function standard SM3

hash applications

1, a common password, and most Unix systems are demonstrated system password which remains after treatment hash digest bursts

In: for the group, the second group is calculated after the root password hash.
Here Insert Picture Description
2, verify the integrity of files downloaded from the Internet

Generally provide a hash of digital abstract, square download unanimously by hash digest to confirm the downloaded file with the original file,
in order to prevent files from being tampered with.
For example:
downloading two files
a file named httpd-2.4.39.tar.gz Apache, the file name and hash of SAH256
Address: http://httpd.apache.org/download.cgi#apache24
Here Insert Picture Description
download two files in the same directory you want to
use sha256sum command,
combined with the -c option, to check whether the downloaded files are consistent.

-c 从文件中读取hash的校验值并予以检查。

Here Insert Picture Description
That being so, you can expand it

生成一个内容是hello Bob的test文本文件,然后将md5加密test文件后的hash值,再生成一个以.md5结尾的文件,这个文件可以比作是我们下载文件时的验证文件。
然后把test文件做一下改动,再来做一下比对验证,发现改动后的文件的哈希值与之前未改动的哈希值是不一致的,判断出文件作了改动。
Here Insert Picture Description
3、hash还被用来与公钥技术结合创建数字签名。

数字签名的两个作用:

1、验证发送者的身份
2、校验数据的完整性

数字签名的原理

发送报文时,发送方用一个哈希函数从报文文本中生成报文摘要,然后用自己的私人密钥对这个摘要进行加密,这个加密后的摘要将作为报文的数字签名和报文一起发送给接收方,接收方首先用与发送方一样的哈希函数从接收到的原始报文中计算出报文摘要,接着再用发送方的公用密钥来对报文附加的数字签名进行解密,如果这两个摘要相同、那么接收方就能确认该数字签名是发送方的。
Here Insert Picture Description

举例说明:
邮件加密签名传输实验:

A first edit content for the next drawing file, stop in edit mode, you can, do not save.
Here Insert Picture Description
Then click on the bottom right corner of the small lock (after running PGP software, display only), select the current window -> encryption & signature
Here Insert Picture Description
click OK. .
Here Insert Picture Description
Select the object you want to send a message, drag into the recipient, and then click OK. .
Here Insert Picture Description
Enter the password before to protect their private keys and settings.
zZG4ubmV0L3poYW90aWFubnVvXzE5OTg=,size_16,color_FFFFFF,t_70)
Then copy the encrypted ciphertext good.
Here Insert Picture Description
Select recipients, paste the copied and sent
if not sent successfully, to change the topic name. .
Here Insert Picture DescriptionMail received cipher text, copy. .
Here Insert Picture Description
Affixed to the newly opened Notepad. .
Then click on the small lock in the bottom right corner, select the current window -> select Decrypt & check
Here Insert Picture Description
and enter their password. .
Here Insert Picture DescriptionThen, I saw the decrypted content, OK, the success of the O (∩ _ ∩) O ~
Here Insert Picture Description
the OK, have any questions, comments welcome exchange ( ¯)¯ *)

Guess you like

Origin blog.csdn.net/zhaotiannuo_1998/article/details/89492912