密码学几种常用算法总结

发表于 2018-06-01 更新于 2023-02-21 阅读次数：

https://en.wikipedia.org/wiki/Cryptography

encryption_algorithm

加密散列函数

https://en.wikipedia.org/wiki/Cryptographic_hash_function

Cryptographic Hash Functions are cryptographic algorithms that are ways to generate and utilize specific keys to encrypt data for either symmetric or asymmetric encryption, and such functions may be viewed as keys themselves. They take a message of any length as input, and output a short, fixed-length hash, which can be used in (for example) a digital signature. For good hash functions, an attacker cannot find two messages that produce the same hash.

加密散列函数（Cryptographic Hash Function）又称为不可逆算法，使用单向散列函数实现。

加密散列函数一般用于生成消息摘要（Message Digest），可用于对数据进行签名和验签，以保证数据的：

完整性（Integrity）
真实性（Authenticity）
不可抵赖性（Non-repudiation）

例如下图摘要（Digest）由 SHA-1 生成。SHA1 摘要长度为 20 Bytes (160 bit)，一般用 40 位十六进制数表示（4 bit (2^4) = 1 位十六进制数，因此为 160 bit / 4 = 40 位十六进制数）：

digest

两种破解方式：

Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes.

用途：

Verifying the integrity of messages and files

Using a cryptographic hash and a chain of trust detects malicious changes to the file. Non-cryptographic error-detecting codes such as cyclic redundancy checks only prevent against non-malicious alterations of the file, since an intentional spoof can readily be crafted to have the colliding code value.
- HMAC
  
  The MAC value protects a message’s data integrity, as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
Signature generation and verification
数字签名作为维护数据信息安全的重要方法之一，可以解决伪造、抵赖、冒充和篡改等问题。其主要作用体现在以下几个方面：
- 防冒充（身份认证）。在数字签名中，当使用私钥签名时，如果接收方或验证方用其公钥进行验证并获通过，那么可以肯定，签名人就是拥有私钥的那个人，因为私钥只有签名人拥有，其他人不可能冒充签名者。
- 防伪造。其他人不能伪造对数据的签名，因为私钥只有签名者自己拥有，所以其他人不可能构造出正确的签名结果数据。
- 防篡改。私钥加签后的摘要和数据一起发送给接收者，一旦信息被篡改，接收者可通过计算摘要和验证签名来判断该文件无效，从而保证了文件的完整性。
- 防抵赖。数字签名既可以作为身份认证的依据，也可以作为签名者签名操作的证据。要防止接收者抵赖，可以在数字签名系统中要求接收者返回一个自己签名的表示收到的报文，给发送者或受信任第三方。如果接收者不返回任何消息，此次通信可终止或重新开始，签名方也没有任何损失，由此双方均不可抵赖。
- 保密性。手写签字的文件一旦丢失，文件信息就极可能泄露。但在网络传输中，数字签名的公钥可以用于加密报文，以保证信息机密性。
Password verification
Proof-of-work
File or data identifier
A message digest can also serve as a means of reliably identifying a file
- Several source code management systems, including Git, Mercurial and Monotone, use the sha1sum of various types of content (file content, directory trees, ancestry information, etc.) to uniquely identify them.
  - Why does Git use SHA-1 as version numbers?
  - Why does Git use a cryptographic hash function?
- Hashes are used to identify files on peer-to-peer filesharing networks.
  - For example, in an ed2k link, an MD4-variant hash is combined with the file size, providing sufficient information for locating file sources, downloading the file, and verifying its contents.
  - Magnet links are another example. Such file hashes are often the top hash of a hash list or a hash tree which allows for additional benefits.
One of the main applications of a hash function is to allow the fast look-up of data in a hash table.
- Being hash functions of a particular kind, cryptographic hash functions lend themselves well to this application too.
- However, compared with standard hash functions, cryptographic hash functions tend to be much more expensive computationally. For this reason, they tend to be used in contexts where it is necessary for users to protect themselves against the possibility of forgery (the creation of data with the same digest as the expected data) by potentially malicious participants.