timerring

The Overview of Security

January 8, 2025 · 3 min read · Page View:
Tutorial
Security | hash | encryption | signature

The Overview of Security

If you have any questions, feel free to comment below.

In today’s digital age, security is paramount. As we increasingly rely on technology for communication, commerce, and data storage, understanding the fundamentals of security becomes essential. This article provides an overview of key security concepts, including encryption, digest algorithms, and digital signatures. By exploring these topics, we aim to equip you with the knowledge to protect your digital assets and ensure the integrity and confidentiality of your information. Whether you’re a tech enthusiast or a professional in the field, this guide will offer valuable insights into the mechanisms that safeguard our digital world.

Encryption #

Symmetric Encryption #

The same key is used for both encryption and decryption. The key is normally short. And the efficiency is high, so it is widely used in https communication and network transmission.

The most common symmetric encryption algorithm is AES, DES, 3DES, DESX, Blowfish, RC6.

Asymmetric Encryption #

The public key and the private key are used for encryption and decryption. The public key is widely distributed, while the private key is kept secret. Only the holder of the private key can decrypt/encrypt the data encrypted/decrypted by the public key.

Cons: The efficiency is low, it will take a long time to encrypt/decrypt the data. So it is only suitable for small data encryption. e.g. https communication pre-shared key、CA certificate、login authentication.

The most common asymmetric encryption algorithm is RSA, ECC, DSA, ECDSA, Diffie-Hellman.

  1. The symmetric encryption can not be used for signing, only the asymmetric encryption can be used for signing.
  2. Verify file consistency will use the Information Digest Algorithm.

Digest Algorithm #

The digest algorithm is usually called as the hash algorithm.

  1. It is a one-way encryption algorithm, which means that the original data can not be restored from the encrypted data.
  2. It will generate a fixed length of data, which is called the digest.
  3. The digest is unique for the original data, and the same original data will generate the same digest(in the same hash algorithm).
  4. Avoid collision.
  5. Normally can be considered as the compression of the original data.

Above all, so it can be used for file integrity verification.

MD series #

MD2、MD4、MD5, and the MD5 is the most common one as well as secure and fast.

MD5(Message Digest Algorithm): Generally generate a 128-bit hash value(16 bytes), and the output is a 32-character hexadecimal string. Normally generate the .md5 or .md5sum file to make sure the file is not modified.

SHA series #

SHA (Secure Hash Algorithm): The length of SHA is longer than MD, so it is more secure to avoid collision. But the speed is lower than MD.

SHA1 generate a 20 bytes(160 bits) hash value, SHA224 generate a 28 bytes (224 bits) hash value, SHA256 generate a 32 bytes(256 bits) hash value, SHA384 generate a 48 bytes(384 bits) hash value, SHA512 generate a 64 bytes(512 bits) hash value.

Digital Signature #

Normally, the digital signature will use the hash algorithm to generate the digest, and then use the asymmetric encryption algorithm to sign the digest.

The process is as follows:

Sender:

  1. Use the hash algorithm to generate the digest of the original data.
  2. Use the sender’s private key to encrypt the digest.
  3. Send the original data and the encrypted digest to the receiver.

Receiver:

  1. Use the hash algorithm to generate the digest of the received data.
  2. Use the sender’s public key to decrypt the digest.
  3. Compare the decrypted digest with the received digest. If they are the same, it means that the data is not modified.

To make sure the public key is correct, the public key will be signed by the CA. And CA will sign the public key with its private key and send them both (Digital Certificate) to the receiver. Then the receiver can use the CA’s public key to decrypt Digital Certificate to get the sender’s public key.

Digital signature algorithm #

RSA signature algorithm is the most common one. Such as MD5withRSA means use the MD5 hash algorithm to generate the digest, and then use the RSA algorithm to sign the digest.

DSA (Digital Signature Algorithm): It is a digital signature algorithm based on the discrete logarithm problem. Only can be used for signing, not for encryption.

ECDSA (Elliptic Curve Digital Signature Algorithm): It is a digital signature algorithm based on the elliptic curve. Secure and fast.

<< prev | How to Publish... Continue strolling The Instance... | next >>
If you find this blog useful and want to support my blog, need my skill for something, or have a coffee chat with me, feel free to:
Subscribe to participate in blog topics and custom services Buy me a coffee

© 2022 - present timerring | PV: | UV: