The Overview of Security

简介: In today's digital age, security is paramount. As we increasingly rely on technology for communication, commerce, and data storage, understanding the fundamentals of security becomes essential. This article provides an overview of key security concepts, including encryption, digest algorithms, and d

In today's digital age, security is paramount. As we increasingly rely on technology for communication, commerce, and data storage, understanding the fundamentals of security becomes essential. This article provides an overview of key security concepts, including encryption, digest algorithms, and digital signatures. By exploring these topics, we aim to equip you with the knowledge to protect your digital assets and ensure the integrity and confidentiality of your information. Whether you're a tech enthusiast or a professional in the field, this guide will offer valuable insights into the mechanisms that safeguard our digital world.

Encryption

Symmetric Encryption

The same key is used for both encryption and decryption. The key is normally short. And the efficiency is high, so it is widely used in https communication and network transmission.

The most common symmetric encryption algorithm is AES, DES, 3DES, DESX, Blowfish, RC6.

Asymmetric Encryption

The public key and the private key are used for encryption and decryption. The public key is widely distributed, while the private key is kept secret. Only the holder of the private key can decrypt/encrypt the data encrypted/decrypted by the public key.

Cons: The efficiency is low, it will take a long time to encrypt/decrypt the data. So it is only suitable for small data encryption. e.g. https communication pre-shared key、CA certificate、login authentication.

The most common asymmetric encryption algorithm is RSA, ECC, DSA, ECDSA, Diffie-Hellman.

  1. The symmetric encryption can not be used for signing, only the asymmetric encryption can be used for signing.
  2. Verify file consistency will use the Information Digest Algorithm.

Digest Algorithm

The digest algorithm is usually called as the hash algorithm.

  1. It is a one-way encryption algorithm, which means that the original data can not be restored from the encrypted data.
  2. It will generate a fixed length of data, which is called the digest.
  3. The digest is unique for the original data, and the same original data will generate the same digest(in the same hash algorithm).
  4. Avoid collision.
  5. Normally can be considered as the compression of the original data.

Above all, so it can be used for file integrity verification.

MD series

MD2、MD4、MD5, and the MD5 is the most common one as well as secure and fast.

MD5(Message Digest Algorithm): Generally generate a 128-bit hash value(16 bytes), and the output is a 32-character hexadecimal string. Normally generate the .md5 or .md5sum file to make sure the file is not modified.

SHA series

SHA (Secure Hash Algorithm): The length of SHA is longer than MD, so it is more secure to avoid collision. But the speed is lower than MD.

SHA1 generate a 20 bytes(160 bits) hash value, SHA224 generate a 28 bytes (224 bits) hash value, SHA256 generate a 32 bytes(256 bits) hash value, SHA384 generate a 48 bytes(384 bits) hash value, SHA512 generate a 64 bytes(512 bits) hash value.

Digital Signature

Normally, the digital signature will use the hash algorithm to generate the digest, and then use the asymmetric encryption algorithm to sign the digest.

The process is as follows:

Sender:

  1. Use the hash algorithm to generate the digest of the original data.
  2. Use the sender's private key to encrypt the digest.
  3. Send the original data and the encrypted digest to the receiver.

Receiver:

  1. Use the hash algorithm to generate the digest of the received data.
  2. Use the sender's public key to decrypt the digest.
  3. Compare the decrypted digest with the received digest. If they are the same, it means that the data is not modified.

To make sure the public key is correct, the public key will be signed by the CA. And CA will sign the public key with its private key and send them both (Digital Certificate) to the receiver. Then the receiver can use the CA's public key to decrypt Digital Certificate to get the sender's public key.

Digital signature algorithm

RSA signature algorithm is the most common one. Such as MD5withRSA means use the MD5 hash algorithm to generate the digest, and then use the RSA algorithm to sign the digest.

DSA (Digital Signature Algorithm): It is a digital signature algorithm based on the discrete logarithm problem. Only can be used for signing, not for encryption.

ECDSA (Elliptic Curve Digital Signature Algorithm): It is a digital signature algorithm based on the elliptic curve. Secure and fast.

The article is also posted on my own blog, feel free to check the latest revision: The Overview of Security

目录
相关文章
|
安全
Information Systems Security Assessment – Open information security framework
The Information Systems Security Assessment Framework (ISSAF) seeks to integrate the following m...
1008 0
|
存储 安全 Java
Spring Security(一)--Architecture Overview
Spring Security(一)--Architecture Overview
188 1
|
安全 物联网 Android开发
Five Insights on Network Security
In this article, Alibaba Group chief security expert Xiao Li shares his thoughts and experiences on network security.
1408 0
Five Insights on Network Security
|
Web App开发 缓存 监控
|
安全 物联网
Security loopholes that businesses need to plug right now
The number of cybersecurity breaches for enterprises continues to spike, leaving even the world's largest companies vulnerable to attacks.
1636 0
|
安全
Magic Quadrant for Security Information and Event Management 2015
http://www.gartner.com/technology/reprints.do?id=1-2J31FF4&ct=150706&st=sb ...
709 0
|
安全
common sense security framework
http://www.commonsenseframework.org/wp-content/uploads/2015/01/Common-Sense-Security-Framework-v1.
841 0
|
安全
Practical Network Security Monitoring
http://www.nostarch.com/nsm
671 0

热门文章

最新文章