威吓的密码学崩溃课程

In my last post, I talked about the importance of being mindful when you handle data. Who has access? How can you protect the information? How are some laws changing? What is and isn’t covered in academia vs. industry.

在上一篇文章中 ，我谈到了在处理数据时保持谨慎的重要性。 谁可以访问？ 您如何保护信息？ 一些法律如何变化？ 学术界与行业之间涉及哪些内容，哪些内容未涉及。

For this post, I decided to give myself a quick crash course in cryptography. The concept of cryptography can sound really intimidating, and the security of data and the secure transfer of data is certainly something to take seriously. But we create data every day. I think it’s important for anyone these days to have a basic grasp on what cryptography is.

对于这篇文章，我决定给自己一个密码学的速成课程。 密码学的概念听起来确实很吓人，数据的安全性和数据的安全传输无疑是必须认真对待的事情。 但是我们每天都会创建数据。 我认为现在对任何人来说，对什么是密码学都有基本的了解是很重要的。

目标 (Objectives)

• Try to demystify cryptography to a certain extent.
  尝试在一定程度上使加密解密。
• Explain some of the basic concepts that underlie cryptography.
  解释密码学基础的一些基本概念。
• Explain a couple of examples in which cryptography is used in our everyday lives.
  解释几个在日常生活中使用加密技术的示例。
• Share resources!
  分享资源！

基本概念 (Basic Concepts)

To start understanding cryptography, I went for the basics. Here are some basic concepts that come up over and over again when you look up cryptography online. I have linked a YouTube video below, if you are more of a visual person.

为了开始理解密码学，我学习了基础知识。 当您在线查找加密时，这里会反复出现一些基本概念。 如果您更喜欢视觉效果，我已在下面链接了YouTube视频。

First, what is cryptography? Crytography is a field of study focused on communication and data storage that is protected from an unwanted third-party. For example, before cellphones, two kids might try to pass a physical note to each other in the middle of class. They don’t want anyone else (a third-party), such as a teacher to read the note. So they might want to figure out a way to write in a made up language or to scramble the message (encrypt the message) so that even if the teacher can “read” the message, they can’t understand it.

首先，什么是密码学？ 密码学是一个研究领域，专注于通信和数据存储，可以防止有害的第三方。 例如，在使用手机之前，两个孩子可能会在上课时尝试互相传递一个物理笔记。 他们不希望其他人(第三方)，例如老师，阅读笔记。 因此，他们可能想找出一种以一种组合语言编写或对消息进行加扰( 对消息进行加密 )的方法，以便即使教师可以“阅读”该消息，他们也无法理解。

There are different ways to encrypt (scramble) and decrypt (unscramble) information. They generally fall into two buckets:

有多种方式来加密 (加扰)和解密 (解密)信息。 它们通常分为两类：

1. Symmetric: encryption and decryption keys are the SAME, uses a private key

   对称：加密和解密密钥相同，使用私钥

2. Asymmetric: encryption and decryption keys are DIFFERENT, uses a private key (metaphorical key) , and a public key (metaphorical lock), every public key only has one private key

   非对称：加密和解密密钥不同，使用私钥(隐喻密钥)和公钥(隐喻锁)，每个公钥只有一个私钥

In order to do the actual encryption and decryption, the sender and receiver need keys. Keys are essentially sequences of characters that allow the user to randomly scramble a message, a file, a folder, data, a hard drive, etc. any information that you’re trying to protect and/or send. A matching key, whether identical (symmetric encryption/decryption) or not (asymmetric encryption/decryption), is needed to decrypt the information.

为了进行实际的加密和解密，发送者和接收者需要密钥。 密钥本质上是字符序列，允许用户随机加密消息，文件，文件夹，数据，硬盘驱动器等您要保护和/或发送的任何信息。 需要一个匹配密钥，无论是否相同(对称加密/解密)(不对称加密/解密)，以解密信息。

The information you are trying to encrypt can be called plaintext. Once it has been encrypted with a key and encryption program, it can be called ciphertext, which is then what is stored and/or transported. It is when the data is at rest (stored) or in transit that it can be modified or stolen. When the ciphertext is then decrypted with a key and decryption program, you hope that it is the same plaintext that you sent.

您尝试加密的信息可以称为纯文本 。 一旦使用密钥和加密程序对其进行了加密，便可以将其称为密文 ，然后将其存储和/或传输。 只有在数据处于静止状态 (存储)或传输中时 ，才可以对其进行修改或窃取。 然后，使用密钥和解密程序对密文进行解密时，希望它与您发送的明文相同。

The last concept I will go over is a cryptographic hash function. Some may be familiar with the concept of a hash function. We can think of hash functions as any kind of function (think of machine, you put in x, and you get y). Hash functions specifically output a value of a previously specified length. For example, a popular cryptographic hash function is SHA256 — SHA stands for Secure Hashing Algorithm — which given an input, outputs a 256-bit hash value. The difference between a regular hash function and a cryptographic hash function is that that latter attempts to minimize collisions — when two inputs result in the same output. We can see how a collision would be a huge issue if you had encrypted data.

我要讲的最后一个概念是加密哈希函数 。 有些人可能熟悉哈希函数的概念。 我们可以将哈希函数视为任何一种函数(想想机器，您输入x，然后得到y)。 哈希函数专门输出先前指定长度的值。 例如，一种流行的加密散列函数为SHA256-SHA代表安全散列算法-给出输入后，输出256位散列值。 常规散列函数和加密散列函数之间的区别在于，后者在两个输入结果相同的输出时会尽量减少冲突。 我们可以看到，如果您对数据进行加密，那么碰撞将是一个巨大的问题。

演示地址

您可能甚至没有注意到的现实例子 (Real-Life Examples You Might Be Not Even Notice)

Now that we’ve gone over some basic cryptographic concepts, I want to run through a couple examples of encryption/decryption that we encounter every day.

既然我们已经研究了一些基本的密码学概念，我想讲几个我们每天遇到的加密/解密示例。

1. HTTPS (Hyper-Text Transfer Protocol Secure) is how your local device securely communicates with a web browser or remote site. When you go to an HTTPS-secured server (a secure website that starts with https rather than http), the web browser checks a certificate that lets the browser know that the site is legitimate vs. is a dangerous site that is trying to pose as a different one. HTTPS-secured server prevents information from leaking during the connection. The connection is encrypted using TLS (Transport Layer Security), not to be confused with its outdated predecessor SSL (Secure Sockets Layer).

   HTTPS(安全超文本传输​​协议)是您的本地设备与Web浏览器或远程站点安全通信的方式。 当您转到受HTTPS保护的服务器(以https而不是http开头的安全网站)时，网络浏览器会检查一个证书，该证书可让浏览器知道该网站是合法网站，而该网站是一个危险网站，试图将其伪装成另一种 受HTTPS保护的服务器可防止连接期间信息泄漏。 使用TLS(传输层安全性)对连接进行加密，不要将其与过时的SSL(安全套接字层)相混淆。

2. We’re pretty used to signing up for things, logging in, and needing to use a password. The idea that people are really bad at coming up with and remembering passwords has already been around for a while. As it turns out, encryption is a big part of what makes password systems work. In general, most systems will encrypt the password that you type in, and just keep the ciphertext. The next time you log in, it will encrypt whatever you’ve typed in, and then see if that matches with the ciphertext on file. If it doesn’t, you can’t log in. This is why most accounts and sites can only reset the password, but can’t send you your old password.

   我们非常习惯于注册事物，登录并需要使用密码 。 人们真的不擅长拿起和记住密码的想法已经存在了一段时间。 事实证明，加密是使密码系统正常工作的重要组成部分。 通常，大多数系统都会对您输入的密码进行加密，并且只保留密文。 下次登录时，它将对您键入的内容进行加密，然后查看其是否与文件中的密文匹配。 如果没有，您将无法登录。这就是为什么大多数帐户和站点只能重设密码，而无法向您发送旧密码的原因。

进一步考虑 (Further Considerations)

• How can you securely store sensitive information such as passwords or cryptographic keys?
  您如何安全地存储敏感信息，例如密码或加密密钥？
• Are you using a secure connection?
  您使用的是安全连接吗？
• How can you transport the cryptographic keys to parties that need them?
  您如何将密码密钥传送给需要它们的各方？

• How do you know that the person that sent the data is who they said they are? How do you verify your own identity? GPG Key Signing, Chains of Signatures

  您怎么知道发送数据的人就是他们所说的那个人？ 您如何验证自己的身份？ GPG密钥签名 ， 签名 链

奖金：从凯撒密码到一次性垫 (BONUS: From Caesar Cipher to One-Time Pad)

In the process of reading for this blogpost, I stumbled on an interesting series of Khan Academy lessons entitled “Journey to Cryptography,” which can be found here.

在阅读此博文的过程中，我偶然发现了一系列有趣的可汗学院课程，题为“密码学之旅”，可在此处找到。

This section is for the historically minded. The lessons start with the Caesar Cipher, which may be something we read about as little kids without understanding cryptography as a concept, or maybe even came up with ourselves.

本部分适用于历史悠久的人群。 这些课程从Caesar Cipher开始，这可能是我们在很小的时候就读到的东西，但他们并不了解密码学作为一个概念，或者甚至是我们自己想到的。

凯撒密码 (Caesar Cipher)

This encryption method originated thousands of years ago. You just shift the letters in your message by a certain number of letters, and tell the person that you want to decode the message, the number to shift by. For example, let’s say that the shift is 7, and the message is in English (unclear how this cipher could work for character-based languages).

这种加密方法起源于数千年前。 您只需将消息中的字母移动一定数量的字母，然后告诉您要解码消息的人，即要移动的数字。 例如，假设班次为7，消息为英语(尚不清楚此密码如何适用于基于字符的语言)。

A -> H
B -> I
C -> J
D -> K
E -> L
.
.
.
V -> C
W -> D
X -> E
Y -> F
Z -> G

So if your message is “Cryptography is cool.” This becomes “JYFWAVNYHWOF PZ JVVS.” The weakness of this cipher is that we can see some letters repeat, and we know that all those letters are encoded to the same original letter. As it turns out, the Caesar Cipher can be broken easily using frequency analysis. For example, in the English language, certain letters appear more frequently like s, a, i, e, etc. Based on the frequently encrypted letters we can then work backwards to determine what the shift may be.

因此，如果您的信息是“密码学很酷”。 这就是“ JYFWAVNYHWOF PZ JVVS”。 该密码的弱点是我们可以看到一些字母重复，并且我们知道所有这些字母都被编码为相同的原始字母。 事实证明，使用频率分析可以很容易地打破凯撒密码。 例如，在英语中，某些字母会更频繁地出现，例如s，a，i，e等。基于频繁加密的字母，我们可以向后工作以确定可能发生的移位。

多字母移位密码 (Polyalphabetic Shift Cipher)

An improvement on the Caesar Cipher is to give your friend not 1 shift, but n shifts, which then repeat themselves. For example if you gave your friend the shifts 5, 8, 13, 0, 1, 1, 2, 3 (this is not a random order). Then the first letter is shifted 5 letters, the second letter is shifted 8 letters, the next is shifted 13 letters, the next shifted 0 letters, … the eighth letter is shifted 3 letters, then the sequence repeats. So the ninth letter is shifted 5 letters, and on and on. The longer the sequence of shifts, the harder it is to break the cipher. But still this cipher does not perfect secrecy.

凯撒密码的一个改进是不给您的朋友1个班次，而是给n个班次，然后自己重​​复一次。 例如，如果您给朋友转移了班次5、8、13、0、1、1、2、3(这不是随机顺序)。 然后第一个字母移位5个字母，第二个字母移位8个字母，下一个移位13个字母，下一个移位0个字母，…第八个字母移位3个字母，然后重复该顺序。 因此，第九个字母将移动5个字母，然后继续。 移位序列越长，破解密码的难度就越大。 但是，这种密码仍然不能完全保密。

一次性垫 (One-Time Pad)

The one-time pad, however, provides perfect secrecy, as every letter is assigned a random shift. However, this comes with a cost — a lot of data — you need a shift for every letter in every message/file/whatever information you’re conveying. Generating random shifts was essentially what the Enigma machine that the Germans designed in World War II was doing. However, there was some human error that allowed for patterns to be determined and the Enigma machine to be broken.

但是，一次性垫提供了完美的保密性，因为每个字母都被分配了一个随机移位。 但是，这会带来成本(大量数据)，您需要为每个邮件/文件/所传达的任何信息中的每个字母转移一个位置。 本质上，产生随机变化是二战中德国人设计的Enigma机器所做的。 但是，存在一些人为错误，可以确定模式并破坏Enigma机器。

参考资料 (References & Resources)

翻译自: https://towardsdatascience.com/cryptography-crash-course-for-the-intimidated-892b7889528a