Symmetric encryption Symmetric encryption refers to an encryption algorithm that uses the same key for encryption and decryption. It requires the sender and receiver to agree on a key before secure communication. The security of symmetric algorithms depends on the key. Leaking the key means that anyone can decrypt the messages they send or receive, so the confidentiality of the key is crucial to communication.
Advantages and disadvantages of symmetric encryption algorithms: Advantages: open algorithm, small amount of calculation, fast encryption speed and high encryption efficiency. shortcoming:
Asymmetric encryption This type of encryption may be difficult to understand. This type of encryption refers to the ability to generate public and private keys. Any data encrypted by a public key cannot be decrypted by the public key itself, but requires a private key to decrypt it; any data encrypted by a private key cannot be decrypted by the private key, but requires a public key to decrypt it. In fact, there are many such algorithms. The most commonly used one is RSA. The mathematical principle it is based on is that the product of two large prime numbers is easy to calculate, but it is very complicated to use this product to calculate which two prime numbers are multiplied. If you are interested in the specific principle, you can study it yourself. Asymmetric encryption is more secure than symmetric encryption, but it also has two obvious disadvantages:
Therefore, public key encryption can only be used for key exchange or content signing at present, and is not suitable for encryption and decryption of content transmitted at the application layer. Detailed encryption process First, the server uses asymmetric encryption (RSA) to generate a public key and a private key. Then the public key is sent to the client. Someone may intercept the path, but it is useless because only the private key can decrypt the file encrypted with the public key, and the private key will never leave the server. When the public key reaches the client, the client will use symmetric encryption to generate a secret key and encrypt it with the public key to send it to the server. This secret key is the key used for communication in the future. In this way, when the server receives the secret key encrypted with the public key, it can use the private key to decrypt the public key to obtain the secret key. In this way, both the client and the server have obtained the secret key, and the information exchange is relatively safe. It sounds really safe, but in fact, there is a more serious attack that this method cannot prevent, which is the legendary "man-in-the-middle attack". During the identity authentication process, a "middleman" intercepts our information and intends to know your message. We call this middleman M. When the server sends the public key to the client for the first time, it passes through M. M knows that you want to exchange keys, so it deducts the public key, pretends to be the client, forges a pseudo-secret key (generated by symmetric encryption), and then encrypts the pseudo-secret key with the public key sent by the server and sends it back to the server. In this way, the server thinks that it has completed the key exchange with the client, but in fact the server has completed the key exchange with M (obtained the pseudo-secret key). At the same time, M pretends to be a server and generates a pseudo-public key and a pseudo-private key by asymmetric encryption, exchanges keys with the client, and obtains the secret key sent by the client. Now the client has the secret key, M has the secret key and the pseudo-secret key, and the server has the pseudo-secret key. |
<<: Aiti Tribe Stories (30): My Love-Hate Relationship with Python
>>: Have you encountered these pitfalls of being cheated by mini programs?
The number of new daily infections in Shanghai ha...
Brief introduction to TCM wisdom resources in the...
Most corporate executives expect artificial intel...
Researchers say they have come up with an accurat...
In order to gain a deeper understanding of the fe...
The core of modern medicine is the various "...
Today is the 15th day of the seventh lunar month,...
Produced by: Science Popularization China Author:...
Recently, my country has been affected by strong ...
Course Catalog: ├──1–Understanding and cognition ...
There are a wide variety of wool sweaters on the ...
[[120564]] Recently, the new iOS programming lang...
30 months, 6.997 million followers, and 4.5072 mi...
More than 30 years ago, when Microsoft was promot...