本文共 13023 字,大约阅读时间需要 43 分钟。
加密机是如何工作的
Encryption has a long history dating back to when the ancient Greeks and Romans sent secret messages by substituting letters only decipherable with a secret key. Join us for a quick history lesson and learn more about how encryption works.
加密具有悠久的历史,其历史可以追溯到古希腊人和罗马人通过用只能用密钥解密的字母来发送秘密消息时。 加入我们的快速历史课程,了解有关加密工作原理的更多信息。
In today’s edition of HTG Explains, we’ll give you a brief history of encryption, how it works, and some examples of different types of encryption—make sure you also check out the previous edition, where we explained .
在今天的HTG Explains版本中,我们将向您简要介绍加密的历史,其工作原理以及一些不同类型的加密的示例-确保您还查看了以前的版本,其中我们解释了 。
Image by , obviously.
图片 显然 是 。
加密的早期 (The Early Days of Encryption)
The ancient Greeks used a tool called a to help encrypt their messages more quickly using a —they would simply wrap the strip of parchment around the cylinder, write out the message, and then when unwound wouldn’t make sense.
古希腊人使用一种名为的工具来帮助使用更快地加密其消息-他们只需将羊皮纸条包裹在圆柱体上,写出消息,然后将其解开就没有意义了。
This encryption method could be fairly easily broken, of course, but it’s one of the first examples of encryption actually being used in the real world.
当然,这种加密方法很容易破解,但这是实际中实际使用的第一个加密示例。
Julius Caesar used a somewhat similar method during his time by shifting each letter of the alphabet to the right or left by a number of positions—an encryption technique known as . For instance, using the example cipher below you’d write “GEEK” as “JHHN”.
朱利叶斯·凯撒(Julius Caesar)在他的时代使用了一种有点类似的方法,即将字母表中的每个字母向左或向右移动多个位置,这种加密技术被称为 。 例如,使用下面的示例密码,您将“ GEEK”写为“ JHHN”。
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
Since only the intended recipient of the message knew the cipher, it would be difficult for the next person to decode the message, which would appear as gibberish, but the person that had the cipher could easily decode and read it.
由于只有消息的预期接收者才知道密码,因此下一个人很难解码该消息,该消息看上去像是乱码,但是拥有密码的人可以轻松地解码和读取它。
Other simple encryption ciphers like the used a that listed each letter with the corresponding numeric positions across the top and side to tell where the position of the letter was.
其他简单的加密密码(例如, 使用了 ,该列出了每个字母的顶部和侧面以及对应的数字位置,以告知该字母的位置。
Using a table like the one above you would write the letter “G” as “23”, or “GEEK” as “23 31 31 43”.
使用上面的表格,您将字母“ G”写为“ 23”,或将“ GEEK”写为“ 23 31 31 43”。
Enigma Machine
谜机
During World War II, the Germans to pass encrypted transmissions back and forth, which took years before the Polish were able to crack the messages, and give the solution to the Allied forces, which was instrumental to their victory.
第二次世界大战期间,德国人来回传递加密的传输,这花了好几年波兰人才能够破解消息,并将解决方案交给盟军,这对他们的胜利至关重要。
现代加密的历史 (The History of Modern Encryption)
Lets face it: modern encryption techniques can be an extremely boring subject, so instead of just explaining them with words, we’ve put together a comic strip that talks about the history of encryption, inspired by Jeff Moser’s . Note: clearly we cannot convey everything about encryption’s history in a comic strip.
让我们面对现实:现代加密技术可能是一个非常无聊的主题,因此,我们不仅编写了一段文字,而且还用杰夫·摩泽尔(Jeff Moser)的启发了漫画,讨论了加密的历史,而不仅仅是用文字解释它们。 注意:显然,我们无法在漫画中传达有关加密历史的所有信息。
Back in those days, people do not have a good encryption method to secure their electronic communication.
那时,人们还没有很好的加密方法来保护其电子通信。
was the name given to several of the earliest civilian , developed by and his colleagues at IBM.
是由和他在IBM的同事开发的几种最早的民用的名称。
The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the as an official (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.
数据加密标准(DES)是一种分组密码(一种共享秘密加密的形式),该在1976年被美国国家 选择为的正式 (FIPS),随后得到了广泛使用。国际使用。
Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s: examples include , , , , , and
对安全性和DES在软件中运行相对较慢的担忧促使研究人员提出了多种替代的分组密码设计,这些设计在1980年代末和1990年代初开始出现:例如 , , , , , 和
The Rijndael encryption algorithm was adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable encryption algorithm.
Rijndael加密算法被美国政府采用为标准对称密钥加密或高级加密标准(AES)。 AES由美国国家标准技术研究院(NIST)在2001年11月26日宣布为美国FIPS PUB 197(FIPS 197),该标准历经5年的标准化过程,其中提出并评估了15个竞争设计,然后才被选为Rijndael最合适的加密算法。
加密算法性能 (Encryption Algorithm Performance)
Many encryption algorithms exist, and they are all suited to different purposes—the two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.
存在许多加密算法,并且它们都适合于不同的目的-区分一种加密算法和另一种加密算法的两个主要特征是其保护受保护数据免受攻击的能力以及这样做的速度和效率。
As a good example of the speed difference between different types of encryption, you can use the benchmarking utility built into TrueCrypt’s volume creation wizard—as you can see, AES is by far the fastest type of strong encryption.
作为不同类型加密之间速度差异的一个很好的例子,您可以使用TrueCrypt的卷创建向导中内置的基准测试实用程序-如您所见,AES是迄今为止最快的强加密类型。
There are both slower and faster encryption methods, and they are all suited for different purposes. If you’re simply trying to decrypt a tiny piece of data every so often, you can afford to use the strongest possible encryption, or even encrypt it twice with different types of encryption. If you require speed, you’d probably want to go with AES.
加密方法越来越慢,并且都适合于不同的目的。 如果您只是经常尝试解密一小部分数据,则可以负担得起使用尽可能强大的加密,甚至可以使用不同类型的加密对其进行两次加密。 如果需要速度,则可能要使用AES。
For more on benchmarking different types of encryption, check out a report from , where they did a ton of testing on different routines, and explained it all in a very geeky write-up.
有关对不同类型的加密进行基准测试的更多信息,请查阅一份报告,他们在该报告中对不同的例程进行了大量测试,并通过非常怪异的文字进行了解释。
现代加密的类型 (Types of Modern Encryption)
All the fancy encryption algorithm that we have talked about earlier are mostly used for two different types of encryption:
我们之前讨论的所有高级加密算法都主要用于两种不同类型的加密:
Symmetric key algorithms use related or identical encryption keys for both encryption and decryption.
对称密钥算法将相关或相同的加密密钥用于加密和解密。
Asymmetric key algorithms use different keys for encryption and decryption—this is usually referred to as Public-key Cryptography.
非对称密钥算法使用不同的密钥进行加密和解密-这通常称为“公共密钥密码术”。
对称密钥加密 (Symmetric key encryption)
To explain this concept, we’ll use the postal service metaphor described in to understand how symmetric key algorithms works.
为了解释这个概念,我们将使用描述的邮政服务隐喻来了解对称密钥算法的工作原理。
Alice puts her secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice’s key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and read the message. Bob can then use the same padlock to send his secret reply.
爱丽丝将她的秘密消息放在一个盒子里,然后用她有钥匙的挂锁将盒子锁住。 然后,她通过普通邮件将邮件箱发送给Bob。 Bob收到盒子时,会使用Alice的钥匙的相同副本(他以前曾以某种方式通过面对面会议获得的钥匙)打开盒子并阅读消息。 然后,Bob可以使用同一挂锁发送他的秘密回复。
Symmetric-key algorithms can be divided into and block ciphers—stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits, often in blocks of 64 bits at a time, and encrypt them as a single unit. There’s a lot of different algorithms you can choose from—the more popular and well-respected symmetric algorithms include , , (), , , , , and .
对称密钥算法可以分为和块密码-流密码一次加密一个消息的位,而块密码一次取多个位,通常一次为64位,然后加密为一个单位。 您可以选择很多不同的算法-最受欢迎和备受推崇的对称算法包括 , , ( ), , , , 和 。
非对称加密 (Asymmetric Encryption)
In an asymmetric key system, Bob and Alice have separate padlocks, instead of the single padlock with multiple keys from the symmetric example. Note: this is, of course, a greatly oversimplified example of how it really works, which is much more complicated, but you’ll get the general idea.
在非对称密钥系统中,Bob和Alice具有单独的挂锁,而不是对称示例中具有多个密钥的单个挂锁。 注意:当然,这是一个关于其实际工作方式的大大简化的示例,该示例要复杂得多,但是您会得到一般的想法。
First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice’s open padlock to lock the box before sending it back to her.
首先,爱丽丝要求鲍勃通过常规邮件将打开的挂锁发送给她,并保持自己的钥匙。 当爱丽丝收到邮件时,她使用它锁定包含她的消息的邮箱,并将锁定的邮箱发送给鲍勃。 然后,Bob可以用他的钥匙打开盒子并阅读Alice的消息。 要回复,鲍勃必须同样将爱丽丝的打开的挂锁锁上,然后再将其寄回给她。
The critical advantage in an asymmetric key system is that Bob and Alice never need to send a copy of their keys to each other. This prevents a third party (perhaps, in the example, a corrupt postal worker) from copying a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were careless and allowed someone else to copy his key, Alice’s messages to Bob would be compromised, but Alice’s messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.
非对称密钥系统的关键优势在于,鲍勃和爱丽丝从不需要相互发送密钥副本。 这样可以防止第三方(例如,在示例中为腐败的邮政工作者)在传输过程中复制密钥,从而使该第三方可以监视在爱丽丝和鲍勃之间发送的所有将来消息。 此外,如果Bob粗心大意并允许其他人复制他的密钥,Alice向Bob的消息将受到威胁,但是Alice向其他人的消息将保持秘密,因为其他人将提供不同的挂锁供Alice使用。
Asymmetric encryption uses different keys for encryption and decryption. The message recipient creates a private key and a public key. The public key is distributed among the message senders and they use the public key to encrypt the message. The recipient uses their private key any encrypted messages that have been encrypted using the recipient’s public key.
非对称加密使用不同的密钥进行加密和解密。 邮件收件人创建一个私钥和一个公钥。 公钥在消息发送者之间分配,他们使用公钥对消息进行加密。 收件人将使用其私钥使用已使用收件人的公钥加密的任何加密邮件。
There’s one major benefit to doing encryption this way compare to symmetric encryption. We never need to send anything secret (like our encryption key or password) over an insecure channel. Your public key goes out to the world—it’s not secret and it doesn’t need to be. Your private key can stay snug and cozy on your personal computer, where you generated it—it never has to be e-mailed anywhere, or read by attackers.
与对称加密相比,以这种方式进行加密有一个主要好处。 我们永远不需要通过不安全的通道发送任何秘密(例如我们的加密密钥或密码)。 您的公钥向全世界发布-这不是秘密,也不必如此。 您的私钥可以在您生成它的个人计算机上保持贴身舒适,而不必在任何地方通过电子邮件发送或由攻击者阅读。
加密如何确保Web上的通信安全 (How Encryption Secures Communication on the Web)
For many years, the SSL () protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.
多年以来,SSL( )协议一直在使用Web浏览器和Web服务器之间的加密来保护Web事务,从而保护您免受任何可能在中间窥探网络的人的侵害。
SSL itself is conceptually quite simple. It begins when the browser requests a secure page (usually https://)
SSL本身在概念上非常简单。 当浏览器请求安全页面(通常为https://)时,它开始
The web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data. The web server decrypts the symmetric encryption key using its private key and uses the browser’s symmetric key to decrypt its URL and http data. The web server sends back the requested html document and http data encrypted with the browser’s symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.
Web服务器发送其公钥及其证书。 浏览器检查证书是由受信任方(通常是受信任的根CA)颁发的,证书仍然有效,并且证书与联系的网站有关。 然后,浏览器使用公共密钥对随机对称加密密钥进行加密,并将其与所需的加密URL以及其他加密的http数据一起发送到服务器。 Web服务器使用其私钥解密对称加密密钥,并使用浏览器的对称密钥解密URL和http数据。 Web服务器发回请求的html文档和使用浏览器对称密钥加密的http数据。 浏览器使用对称密钥解密http数据和html文档并显示信息。
And now you can securely you really didn’t need.
现在,您可以安全地您真正不需要的 。
你学到了什么吗? (Did You Learn Anything?)
If you made it this far, we’re at the end of our long journey to understanding encryption and a little bit of how it works—starting from the early days of encryption with the Greeks and Romans, the rise of Lucifer, and finally how SSL uses asymmetric and symmetric encryption to help you buy that fluffy pink bunny on eBay.
如果您走到了这一步,那么我们就已经了解了加密以及它的工作原理,这是我们漫长旅程的最后一环-从早期的希腊人和罗马人开始加密,路西法的兴起,最后是如何SSL使用非对称和对称加密来帮助您在eBay上购买蓬松的粉红色兔子。
We’re big fans of encryption here at How-To Geek, and we’ve covered a lot of different ways to do things like:
我们是How-To Geek的加密技术的忠实拥护者,并且我们介绍了许多不同的方式来进行操作,例如:
Of course encryption is far too complicated a topic to really explain everything. Did we miss something important? Feel free to lay some knowledge on your fellow readers in the comments.
当然,加密是一个太复杂的话题,无法真正解释所有内容。 我们错过了重要的事情吗? 随时在评论中向其他读者介绍一些知识。
翻译自:
加密机是如何工作的
转载地址:http://pmcwd.baihongyu.com/