密码安全技术的重要性
Recently I taught my daughters some extremely basic cryptography, and it was a great reminder of how critical it is for security to be usable.
最近,我教我的女儿一些非常基础的加密技术,这极大地提醒了使用安全性至关重要。
There are some great ciphers I could have taught them, but they’re still little, so I started simple. I them the rail fence cipher (some may know it as a zigzag cipher which is probably a better description). With a rail fence cipher, you write the message you want to communicate in a zigzag pattern, letter by letter.
我可以教一些很棒的密码,但是它们仍然很少,所以我从简单开始。 我将它们称为围栏密码(有些人可能将其称为之字形密码,这可能是一个更好的描述)。 使用围栏密码,您可以以锯齿状的方式逐个字母地编写要交流的消息。
For example, let’s say we want to use this cipher on the message “hello world”. We would do this by placing the letter “H” on the first line, then the letter “e” on the second line. Then we’d move back up and put the “l” on the first line, followed by another “l” on the second line. The result would be something like this:
例如,假设我们要在消息“ hello world”中使用此密码。 为此,我们将字母“ H”放在第一行,然后将字母“ e”放在第二行。 然后,我们将向上移动,将“ l”放在第一行,然后将另一个“ l”放在第二行。 结果将是这样的:
H L O O R
E L W L D
Now that we have the message in two lines, we place the second row of characters after the first row, and we have our encrypted message:
现在我们将消息分为两行,我们将第二行字符放在第一行之后,并获得加密的消息:
HLOORELWLD
万岁
The rail fence cipher can involve as many “rails” as we would like. For example, using a three rail cipher our message would look a bit different. We would add another level to our zigzag:
围栏密码可以包含我们想要的尽可能多的“围栏”。 例如,使用三轨密码,我们的消息看起来会有所不同。 我们将在锯齿形中添加另一个级别:
H L O D
E O R
L W L
Our encoded message would end up being a little different:
我们的编码消息最终将有所不同:
HLODEORLWL
荷花
While it offers very minimal security, the rail fence cipher is pretty straightforward and easy to learn. My girls took to it right away and started using it on everything: the names of their siblings, food requests—my eight-year-old even wrote her mom a letter using it.
尽管它提供的安全性非常低,但铁路围栏密码非常简单易学。 我的女儿们马上拿起它,开始在所有东西上使用它:兄弟姐妹的名字,食物要求—我八岁的男孩甚至用它给妈妈写了一封信。
Compared to the approaches available to us today, it may even feel like a bit of a stretch to call it cryptography. As simple as it seems now, this was once a dominant form of encryption.
与我们今天可用的方法相比,将其称为密码学可能甚至有点困难。 就像现在看起来那样简单,它曾经是加密的主要形式。
In his book, “The Code Book,” Simon Singh discusses how cryptography started with simple transposition (swapping the order of letters, like the rail fence cipher does) before evolving to *monoalphabetic ciphers*—a cipher that involves substituting one letter for another.
西蒙·辛格(Simon Singh)在他的《密码本》一书中讨论了密码学如何从简单的换位 (交换字母的顺序,就像铁路围栏密码一样)开始,然后演变为*单字母密码*,这种密码涉及用一个字母替换为另一个字母。 。
Probably the most well-known example of a monoalphabetic cipher is the Caeser cipher which involves substituting each letter for a letter a certain number of characters up or down in the alphabet. You may shift each letter, for example, three down. So “H” becomes “K”, “E” becomes “H” and so on. “hello world” now looks like this:
单字母密码的最著名的例子可能是凯撒密码,它涉及用字母在字母表中的上或下替换一定数量的字符来代替每个字母。 您可以将每个字母向下移动三个字母。 因此,“ H”变为“ K”,“ E”变为“ H”,依此类推。 “ hello world”现在看起来像这样:
KHOORZRUOG
霍祖鲁格
It’s more secure than a transposition cipher, but only slightly.
它比换位密码更安全,但只是稍微安全一点。
The monoalphabetic cipher supplanted transposition at the forefront of cryptography and remained there for quite some time. A more secure alternative did exist. A few folks realized that you could have a *polyalphabetic cipher*—shifting each letter not by the same amount, but by varying amounts. You were essentially applying different Ceaser shifts for each letter in your message.
单字母密码在密码学的最前沿取代了转位,并在其中保留了相当长的时间。 确实存在更安全的选择。 少数人意识到您可以使用*多字母密码*-将每个字母的移位量不同,但不相同。 本质上,您为消息中的每个字母应用了不同的Ceaser移位。
A well-known example is the Vigenére cipher. Using the Vigenére cipher involved looking up each letter that you wanted to substitute in a Vigenére table. The sender created a keyword that would indicate how many letters to shift each letter in the message, and, using the table, walk through the message letter by letter to convert it.
Vigenére密码就是一个著名的例子。 使用Vigenére密码需要在Vigenére表中查找要替换的每个字母。 发件人创建了一个关键字,该关键字将指示要移动邮件中每个字母多少个字母,然后使用该表逐个字母地浏览邮件以进行转换。
| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| A | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
| B | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A |
| C | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B |
| D | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C |
| E | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D |
| F | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E |
| G | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F |
| H | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G |
| I | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H |
| J | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I |
| K | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J |
| L | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K |
| M | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L |
| N | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M |
| O | O | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N |
| P | P | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O |
| Q | Q | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P |
| R | R | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q |
| S | S | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R |
| T | T | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S |
| U | U | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T |
| V | V | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U |
| W | W | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V |
| X | X | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W |
| Y | Y | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X |
| Z | Z | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y |
| 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 一个 | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž |
| 乙 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 |
| C | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 |
| d | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C |
| Ë | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d |
| F | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë |
| G | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F |
| H | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G |
| 一世 | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H |
| Ĵ | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 |
| ķ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ |
| 大号 | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ |
| 中号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 |
| ñ | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 |
| Ø | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ |
| P | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø |
| 问 | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P |
| [R | [R | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 |
| 小号 | 小号 | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R |
| Ť | Ť | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 |
| ü | ü | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť |
| V | V | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü |
| w ^ | w ^ | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V |
| X | X | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ |
| ÿ | ÿ | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X |
| ž | ž | 一个 | 乙 | C | d | Ë | F | G | H | 一世 | Ĵ | ķ | 大号 | 中号 | ñ | Ø | P | 问 | [R | 小号 | Ť | ü | V | w ^ | X | ÿ |
If our keyword was “taco” (because why not) and we wanted to encode “hello world”, we’d start by finding “h” in our first row, then find the “t” in the first column. Where that row and column intersect, we get our first letter: “a”.
如果我们的关键字是“ taco”(因为为什么不这样)并且我们想对“ hello world”进行编码,那么我们将从在第一行中找到“ h”开始,然后在第一列中找到“ t”。 在行和列相交的地方,我们得到第一个字母:“ a”。
Then we would do the same for “e” and “a”, “l” and “c”, and so on—repeating “taco” as many times as necessary to encode our message. Eventually, we’d end up with:
然后,我们将对“ e”和“ a”,“ l”和“ c”等进行相同的操作-重复多次“ taco”以对我们的消息进行编码。 最终,我们最终得到:
AENZHWQFED
AENZHWQFED
The receiver would have to undo this process, using the keyword to determine the shift and then the table (or some math) to help them decode.
接收者将不得不撤消此过程,使用关键字来确定移位,然后使用表格(或一些数学方法)来帮助他们进行解码。
It was much more secure than monoalphabetic ciphers, yet monoalphabetic ciphers remained the most common cipher. For some, monoalphabetic ciphers were still considered “good enough” (despite the many lives lost to decoded messages). The primary reason for the slow uptake of polyalphabetic ciphers, however, was just how much more difficult they were to use. It was much more complicated and took much longer to apply a polyalphabetic cipher than a monoalphabetic cipher. And so the cipher languished mostly unused for nearly two centuries. Usability trumping security.
它比单字母密码安全得多,但单字母密码仍然是最常见的密码。 对于某些人来说,单字母密码仍然被认为“足够好”(尽管由于解码消息而失去了很多生命)。 但是,多字母密码缓慢吸收的主要原因是它们使用起来困难得多。 与单字母密码相比,应用多字母密码要复杂得多,并且花费的时间要长得多。 因此,这种密码几乎在两个世纪以来一直处于闲置状态。 可用性胜过安全性。
Security has never been more important than it is today, and general awareness—or at least acknowledgement—of its importance does seem to be trending up. For many, though, security is still perceived to be a bit of a black art. It’s a field that has been mostly technically driven, done by some other team within the organization. You know them. They’re the ones who always swoop in to tell you why you can’t ship that one feature you wanted to build.
安全性从未像现在这样重要,对安全性重要性的普遍了解(或至少是公认的)似乎正在上升。 但是,对于许多人来说,安全性仍然被认为是一种妖术。 该领域主要由技术驱动,由组织内的其他团队完成。 你知道他们。 他们总是不断地告诉您为什么您无法交付要构建的一项功能。
This has to change. Security cannot be something that is pushed off to only a select group of people in your organization. Like we’re learning over and over, when something is this critical, everyone needs to be involved.
这必须改变。 安全性不能仅适用于组织中的特定人群。 就像我们不断学习一样,当某些事情至关重要时,每个人都需要参与。
That’s particularly true of anyone who is paying attention to the actual experience of using your site (which should be everyone, but that’s a battle for a different day). Solving security without consideration to usability simply won’t work. That’s how you end up with the most common password being ‘123456’, and it’s how a more secure cipher ends up in obscurity for centuries.
对于那些关注使用您的网站的实际体验的人(应该是所有人,但这是另一天的战斗),尤其如此。 不考虑可用性而解决安全性根本行不通。 这样,您最终会以最常见的密码为'123456'结束 ,这是一个更安全的密码以数百年不明身份而结束的方式。
It doesn’t matter how secure something is if no one can use it in the first place.
如果没有人首先可以使用它,那么它的安全性并不重要。
翻译自: https://timkadlec.com/2017/03/cryptography-and-the-importance-of-usable-security/
密码安全技术的重要性
6840
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
