CN105959099A - Method for encrypting SSR password - Google Patents
Method for encrypting SSR password Download PDFInfo
- Publication number
- CN105959099A CN105959099A CN201610441045.1A CN201610441045A CN105959099A CN 105959099 A CN105959099 A CN 105959099A CN 201610441045 A CN201610441045 A CN 201610441045A CN 105959099 A CN105959099 A CN 105959099A
- Authority
- CN
- China
- Prior art keywords
- password
- salt
- encryption
- value
- ssr
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for encrypting an SSR password. According to the method, two modes of salt value encryption and iteration count encryption are employed. The salt value encryption indicates that a salt value is added before a user password, the value is generated randomly by a system and is only known by the system, and MD5 encryption is carried out on the combination of the salt value and the password. The iteration count algorithm is the algorithm of iterating a digest, digests are generated continuously and repeatedly by the digest generated for the first time, count times of MD5 operation is carried out. According to the method, brute force attacks, Birthday attacks and dictionary attacks of hackers can be effectively prevented, the password encryption security can be greatly improved, and the security of the SSR is greatly improved through the simple encryption algorithm.
Description
Technical field
The present invention relates to computer software SSR password encryption technical field, be specifically related to a kind of method realizing SSR password encryption based on salt value and iteration count algorithm.
Background technology
Common cipher mode is directly password MD5 to be generated summary, such and dangerous, and hacker can be obtained by the password of user by inquiry hashed value dictionary (such as MD5 password cracking website) after taking summary.
Tide operating system security strengthens system (to be called for short: SSR) tide has " the operating system security enhancing system " of independent intellectual property right, by the forced symmetric centralization to file, catalogue, process, registration table and service, effectively restrict and disperseed the authority of original system manager.
Summary of the invention
The technical problem to be solved in the present invention is: the present invention is directed to problem above, it is provided that a kind of method realizing the issue of SSR gray scale.
If directly password is hashed, then a known password can be hashed by hacker's (be referred to as those have the ability to steal user data and attempt obtains the people of user cipher), is then obtained the password of certain user by contrast hashed value.In other words, although hacker can not obtain the password of certain specific user, but he is it is known that use which the user of specific cryptosystem has.
Add Salt and can solve this problem to a certain extent.What is called adds Salt, it is simply that add some points " condiment ".Its basic idea is such when user provides password first (when typically registering), system automatically spread " condiment " in this password, hash.And when users log on, the code that system provides the user sprinkles same " condiment ", then hash, then comparison of hashed value, it has been determined that password is the most correct.
Here " condiment " is referred to as " Salt value ", and this value is by system stochastic generation, and only system is known.Such that just two users employ same password, owing to system is that the salt value that they generate is different, their hashed value is also different.Even if hacker can look for the user with specific cryptosystem by the password of oneself and the hashed value oneself generated, but this probability is the least.
The technical solution adopted in the present invention is:
A kind of method realizing SSR password encryption, described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, this value is system stochastic generation, only system is known, then the combination to salt value and password carries out md5 encryption, even if such hacker inquiry hashed value dictionary also cannot determine password;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, it is simply that carries out count MD5 operation, so can effectively stop the Brute Force of hacker.Greatly improve the safety of password encryption.
Described method operating procedure is as follows:
The first step: generate salt numerical value, different salt is there is for each user, the corresponding relation of user name and salt has been recorded in data base, the salt using stochastic generation can be prevented effectively from " birthday attack (Birthday attacks, another attack means that hacker commonly uses) ";
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
Described count value is 1000, and salt value is 80bit character.
The invention have the benefit that
The inventive method can effectively stop the Brute Force of hacker, birthday attack (Birthday attacks) and dictionary attack, greatly improves the safety of password encryption, and simple AES drastically increases the safety of SSR.
Accompanying drawing explanation
Fig. 1 is the inventive method flow chart.
Detailed description of the invention
Below in conjunction with Figure of description, according to detailed description of the invention, the present invention is further described:
Embodiment 1:
A kind of method realizing SSR password encryption, it is characterized in that: described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, this value is system stochastic generation, only system is known, then the combination to salt value and password carries out md5 encryption, even if such hacker inquiry hashed value dictionary also cannot determine password;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, it is simply that carries out count MD5 operation, so can effectively stop the Brute Force of hacker.Greatly improve the safety of password encryption.
Embodiment 2
As it is shown in figure 1, on the basis of embodiment 1, described in the present embodiment, method operating procedure is as follows:
The first step: generate salt numerical value, different salt is there is for each user, the corresponding relation of user name and salt has been recorded in data base, the salt using stochastic generation can be prevented effectively from " birthday attack (Birthday attacks, another attack means that hacker commonly uses) ";
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
Embodiment 3
On the basis of embodiment 1 or 2, described in the present embodiment, count value is 1000, and salt value is 80bit character.
Embodiment is merely to illustrate the present invention; and not limitation of the present invention; those of ordinary skill about technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; the technical scheme of the most all equivalents falls within scope of the invention, and the scope of patent protection of the present invention should be defined by the claims.
Claims (3)
1. the method realizing SSR password encryption, it is characterized in that: described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, and then the combination to salt value and password carries out md5 encryption;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, carries out count MD5 operation.
A kind of method realizing SSR password encryption the most according to claim 1, it is characterised in that described method operating procedure is as follows:
The first step: generate salt numerical value, there is different salt for each user, has recorded the corresponding relation of user name and salt in data base, uses the salt of stochastic generation;
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
A kind of method realizing SSR password encryption the most according to claim 1 and 2, it is characterised in that: described count value is 1000, and salt value is 80bit character.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610441045.1A CN105959099A (en) | 2016-06-20 | 2016-06-20 | Method for encrypting SSR password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610441045.1A CN105959099A (en) | 2016-06-20 | 2016-06-20 | Method for encrypting SSR password |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105959099A true CN105959099A (en) | 2016-09-21 |
Family
ID=56906943
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610441045.1A Pending CN105959099A (en) | 2016-06-20 | 2016-06-20 | Method for encrypting SSR password |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959099A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295403A (en) * | 2016-10-11 | 2017-01-04 | 北京集奥聚合科技有限公司 | A kind of data safety processing method based on hbase and system |
CN107682307A (en) * | 2017-08-16 | 2018-02-09 | 福建联迪商用设备有限公司 | A kind of authorization terminal method and system |
CN111130753A (en) * | 2019-12-09 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | Method for improving user password security based on MD5 encryption |
CN113254952A (en) * | 2021-04-25 | 2021-08-13 | 浙江工业大学 | Key protection management method based on Android system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130283361A1 (en) * | 2012-04-23 | 2013-10-24 | General Instrument Corporation | Identity verification |
US20130291080A1 (en) * | 2012-04-26 | 2013-10-31 | Appsense Limited | Systems and methods for data access protection |
US8667305B2 (en) * | 2008-08-28 | 2014-03-04 | Red Hat, Inc. | Securing a password database |
CN104348609A (en) * | 2014-09-18 | 2015-02-11 | 成都西山居互动娱乐科技有限公司 | Non-stored password management algorithm |
CN105409158A (en) * | 2013-08-08 | 2016-03-16 | 英特尔公司 | Instruction and logic to provide secure cipher hash round functionality |
-
2016
- 2016-06-20 CN CN201610441045.1A patent/CN105959099A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8667305B2 (en) * | 2008-08-28 | 2014-03-04 | Red Hat, Inc. | Securing a password database |
US20130283361A1 (en) * | 2012-04-23 | 2013-10-24 | General Instrument Corporation | Identity verification |
US20130291080A1 (en) * | 2012-04-26 | 2013-10-31 | Appsense Limited | Systems and methods for data access protection |
CN105409158A (en) * | 2013-08-08 | 2016-03-16 | 英特尔公司 | Instruction and logic to provide secure cipher hash round functionality |
CN104348609A (en) * | 2014-09-18 | 2015-02-11 | 成都西山居互动娱乐科技有限公司 | Non-stored password management algorithm |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295403A (en) * | 2016-10-11 | 2017-01-04 | 北京集奥聚合科技有限公司 | A kind of data safety processing method based on hbase and system |
CN107682307A (en) * | 2017-08-16 | 2018-02-09 | 福建联迪商用设备有限公司 | A kind of authorization terminal method and system |
CN111130753A (en) * | 2019-12-09 | 2020-05-08 | 紫光云(南京)数字技术有限公司 | Method for improving user password security based on MD5 encryption |
CN113254952A (en) * | 2021-04-25 | 2021-08-13 | 浙江工业大学 | Key protection management method based on Android system |
CN113254952B (en) * | 2021-04-25 | 2022-07-15 | 浙江工业大学 | Key protection management method based on Android system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106254324B (en) | A kind of encryption method and device of storage file | |
JP2018182736A (en) | Private and mutually authenticated key exchange | |
US11588627B2 (en) | Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections | |
WO2010111447A1 (en) | Method and system for securing a file | |
JP2004030611A (en) | Method for changing communication password by remote control | |
GB2514428A (en) | Enabling access to data | |
WO2015024426A1 (en) | Identity authentication system, apparatus, and method, and identity authentication request apparatus | |
Kim et al. | Dynamic ransomware protection using deterministic random bit generator | |
CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
CN105959099A (en) | Method for encrypting SSR password | |
Ragab et al. | Robust hybrid lightweight cryptosystem for protecting IoT smart devices | |
US9558362B2 (en) | Data encryption using an external arguments encryption algorithm | |
Giri et al. | A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices | |
JP6738061B2 (en) | Ciphertext verification system, method, and recording medium | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
Tahir et al. | A scheme for the generation of strong icmetrics based session key pairs for secure embedded system applications | |
GB2488753A (en) | Encrypted communication | |
Ragab et al. | Hybrid cryptosystems for protecting IoT smart devices with comparative analysis and evaluation | |
Thapar et al. | A study of data threats and the role of cryptography algorithms | |
WO2018043466A1 (en) | Data extraction system, data extraction method, registration device, and program | |
CN104780049B (en) | A kind of method of safe read-write data | |
KR101438312B1 (en) | Method of data encryption and encrypted data transmitter-receiver system using thereof | |
JP5440285B2 (en) | Key sharing method, key sharing method, and key sharing program | |
WO2021115591A1 (en) | Devices and sharing methods for private set intersection | |
US11621848B1 (en) | Stateless system to protect data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160921 |