CN105959099A - Method for encrypting SSR password - Google Patents

Method for encrypting SSR password Download PDF

Info

Publication number
CN105959099A
CN105959099A CN201610441045.1A CN201610441045A CN105959099A CN 105959099 A CN105959099 A CN 105959099A CN 201610441045 A CN201610441045 A CN 201610441045A CN 105959099 A CN105959099 A CN 105959099A
Authority
CN
China
Prior art keywords
password
salt
encryption
value
ssr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610441045.1A
Other languages
Chinese (zh)
Inventor
刘增辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Electronic Information Industry Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201610441045.1A priority Critical patent/CN105959099A/en
Publication of CN105959099A publication Critical patent/CN105959099A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for encrypting an SSR password. According to the method, two modes of salt value encryption and iteration count encryption are employed. The salt value encryption indicates that a salt value is added before a user password, the value is generated randomly by a system and is only known by the system, and MD5 encryption is carried out on the combination of the salt value and the password. The iteration count algorithm is the algorithm of iterating a digest, digests are generated continuously and repeatedly by the digest generated for the first time, count times of MD5 operation is carried out. According to the method, brute force attacks, Birthday attacks and dictionary attacks of hackers can be effectively prevented, the password encryption security can be greatly improved, and the security of the SSR is greatly improved through the simple encryption algorithm.

Description

A kind of method realizing SSR password encryption
Technical field
The present invention relates to computer software SSR password encryption technical field, be specifically related to a kind of method realizing SSR password encryption based on salt value and iteration count algorithm.
Background technology
Common cipher mode is directly password MD5 to be generated summary, such and dangerous, and hacker can be obtained by the password of user by inquiry hashed value dictionary (such as MD5 password cracking website) after taking summary.
Tide operating system security strengthens system (to be called for short: SSR) tide has " the operating system security enhancing system " of independent intellectual property right, by the forced symmetric centralization to file, catalogue, process, registration table and service, effectively restrict and disperseed the authority of original system manager.
Summary of the invention
The technical problem to be solved in the present invention is: the present invention is directed to problem above, it is provided that a kind of method realizing the issue of SSR gray scale.
If directly password is hashed, then a known password can be hashed by hacker's (be referred to as those have the ability to steal user data and attempt obtains the people of user cipher), is then obtained the password of certain user by contrast hashed value.In other words, although hacker can not obtain the password of certain specific user, but he is it is known that use which the user of specific cryptosystem has.
Add Salt and can solve this problem to a certain extent.What is called adds Salt, it is simply that add some points " condiment ".Its basic idea is such when user provides password first (when typically registering), system automatically spread " condiment " in this password, hash.And when users log on, the code that system provides the user sprinkles same " condiment ", then hash, then comparison of hashed value, it has been determined that password is the most correct.
Here " condiment " is referred to as " Salt value ", and this value is by system stochastic generation, and only system is known.Such that just two users employ same password, owing to system is that the salt value that they generate is different, their hashed value is also different.Even if hacker can look for the user with specific cryptosystem by the password of oneself and the hashed value oneself generated, but this probability is the least.
The technical solution adopted in the present invention is:
A kind of method realizing SSR password encryption, described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, this value is system stochastic generation, only system is known, then the combination to salt value and password carries out md5 encryption, even if such hacker inquiry hashed value dictionary also cannot determine password;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, it is simply that carries out count MD5 operation, so can effectively stop the Brute Force of hacker.Greatly improve the safety of password encryption.
Described method operating procedure is as follows:
The first step: generate salt numerical value, different salt is there is for each user, the corresponding relation of user name and salt has been recorded in data base, the salt using stochastic generation can be prevented effectively from " birthday attack (Birthday attacks, another attack means that hacker commonly uses) ";
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
Described count value is 1000, and salt value is 80bit character.
The invention have the benefit that
The inventive method can effectively stop the Brute Force of hacker, birthday attack (Birthday attacks) and dictionary attack, greatly improves the safety of password encryption, and simple AES drastically increases the safety of SSR.
Accompanying drawing explanation
Fig. 1 is the inventive method flow chart.
Detailed description of the invention
Below in conjunction with Figure of description, according to detailed description of the invention, the present invention is further described:
Embodiment 1:
A kind of method realizing SSR password encryption, it is characterized in that: described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, this value is system stochastic generation, only system is known, then the combination to salt value and password carries out md5 encryption, even if such hacker inquiry hashed value dictionary also cannot determine password;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, it is simply that carries out count MD5 operation, so can effectively stop the Brute Force of hacker.Greatly improve the safety of password encryption.
Embodiment 2
As it is shown in figure 1, on the basis of embodiment 1, described in the present embodiment, method operating procedure is as follows:
The first step: generate salt numerical value, different salt is there is for each user, the corresponding relation of user name and salt has been recorded in data base, the salt using stochastic generation can be prevented effectively from " birthday attack (Birthday attacks, another attack means that hacker commonly uses) ";
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
Embodiment 3
On the basis of embodiment 1 or 2, described in the present embodiment, count value is 1000, and salt value is 80bit character.
Embodiment is merely to illustrate the present invention; and not limitation of the present invention; those of ordinary skill about technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; the technical scheme of the most all equivalents falls within scope of the invention, and the scope of patent protection of the present invention should be defined by the claims.

Claims (3)

1. the method realizing SSR password encryption, it is characterized in that: described method uses the encryption of salt value and iteration count to encrypt two ways, wherein the encryption of salt value refers to add a salt value before user cipher, and then the combination to salt value and password carries out md5 encryption;Iteration count algorithm is the algorithm of a kind of iteration summary, continues to repeatedly generate summary to the summary generated for the first time, carries out count MD5 operation.
A kind of method realizing SSR password encryption the most according to claim 1, it is characterised in that described method operating procedure is as follows:
The first step: generate salt numerical value, there is different salt for each user, has recorded the corresponding relation of user name and salt in data base, uses the salt of stochastic generation;
Second step: receive user cipher, adds the salt value that the first step generates before password;
3rd step: determine iteration count value;
4th step: the salt+ password generating second step carries out MD5 operation, repeats this operation count time.
5th step: cryptographic secret after storage encryption.
A kind of method realizing SSR password encryption the most according to claim 1 and 2, it is characterised in that: described count value is 1000, and salt value is 80bit character.
CN201610441045.1A 2016-06-20 2016-06-20 Method for encrypting SSR password Pending CN105959099A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610441045.1A CN105959099A (en) 2016-06-20 2016-06-20 Method for encrypting SSR password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610441045.1A CN105959099A (en) 2016-06-20 2016-06-20 Method for encrypting SSR password

Publications (1)

Publication Number Publication Date
CN105959099A true CN105959099A (en) 2016-09-21

Family

ID=56906943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610441045.1A Pending CN105959099A (en) 2016-06-20 2016-06-20 Method for encrypting SSR password

Country Status (1)

Country Link
CN (1) CN105959099A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295403A (en) * 2016-10-11 2017-01-04 北京集奥聚合科技有限公司 A kind of data safety processing method based on hbase and system
CN107682307A (en) * 2017-08-16 2018-02-09 福建联迪商用设备有限公司 A kind of authorization terminal method and system
CN111130753A (en) * 2019-12-09 2020-05-08 紫光云(南京)数字技术有限公司 Method for improving user password security based on MD5 encryption
CN113254952A (en) * 2021-04-25 2021-08-13 浙江工业大学 Key protection management method based on Android system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130283361A1 (en) * 2012-04-23 2013-10-24 General Instrument Corporation Identity verification
US20130291080A1 (en) * 2012-04-26 2013-10-31 Appsense Limited Systems and methods for data access protection
US8667305B2 (en) * 2008-08-28 2014-03-04 Red Hat, Inc. Securing a password database
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm
CN105409158A (en) * 2013-08-08 2016-03-16 英特尔公司 Instruction and logic to provide secure cipher hash round functionality

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8667305B2 (en) * 2008-08-28 2014-03-04 Red Hat, Inc. Securing a password database
US20130283361A1 (en) * 2012-04-23 2013-10-24 General Instrument Corporation Identity verification
US20130291080A1 (en) * 2012-04-26 2013-10-31 Appsense Limited Systems and methods for data access protection
CN105409158A (en) * 2013-08-08 2016-03-16 英特尔公司 Instruction and logic to provide secure cipher hash round functionality
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295403A (en) * 2016-10-11 2017-01-04 北京集奥聚合科技有限公司 A kind of data safety processing method based on hbase and system
CN107682307A (en) * 2017-08-16 2018-02-09 福建联迪商用设备有限公司 A kind of authorization terminal method and system
CN111130753A (en) * 2019-12-09 2020-05-08 紫光云(南京)数字技术有限公司 Method for improving user password security based on MD5 encryption
CN113254952A (en) * 2021-04-25 2021-08-13 浙江工业大学 Key protection management method based on Android system
CN113254952B (en) * 2021-04-25 2022-07-15 浙江工业大学 Key protection management method based on Android system

Similar Documents

Publication Publication Date Title
CN106254324B (en) A kind of encryption method and device of storage file
JP2018182736A (en) Private and mutually authenticated key exchange
US11588627B2 (en) Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections
WO2010111447A1 (en) Method and system for securing a file
JP2004030611A (en) Method for changing communication password by remote control
GB2514428A (en) Enabling access to data
WO2015024426A1 (en) Identity authentication system, apparatus, and method, and identity authentication request apparatus
Kim et al. Dynamic ransomware protection using deterministic random bit generator
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
CN105959099A (en) Method for encrypting SSR password
Ragab et al. Robust hybrid lightweight cryptosystem for protecting IoT smart devices
US9558362B2 (en) Data encryption using an external arguments encryption algorithm
Giri et al. A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices
JP6738061B2 (en) Ciphertext verification system, method, and recording medium
KR101358375B1 (en) Prevention security system and method for smishing
Tahir et al. A scheme for the generation of strong icmetrics based session key pairs for secure embedded system applications
GB2488753A (en) Encrypted communication
Ragab et al. Hybrid cryptosystems for protecting IoT smart devices with comparative analysis and evaluation
Thapar et al. A study of data threats and the role of cryptography algorithms
WO2018043466A1 (en) Data extraction system, data extraction method, registration device, and program
CN104780049B (en) A kind of method of safe read-write data
KR101438312B1 (en) Method of data encryption and encrypted data transmitter-receiver system using thereof
JP5440285B2 (en) Key sharing method, key sharing method, and key sharing program
WO2021115591A1 (en) Devices and sharing methods for private set intersection
US11621848B1 (en) Stateless system to protect data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160921