CN103546281A - Dynamic secret key generating method and device - Google Patents
Dynamic secret key generating method and device Download PDFInfo
- Publication number
- CN103546281A CN103546281A CN201310526531.XA CN201310526531A CN103546281A CN 103546281 A CN103546281 A CN 103546281A CN 201310526531 A CN201310526531 A CN 201310526531A CN 103546281 A CN103546281 A CN 103546281A
- Authority
- CN
- China
- Prior art keywords
- unit
- hash
- algorithm
- remainder
- memory space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a dynamic secret key generating method and device. A secret key which is generated through the method by adopting M hash algorithms and N symmetrical encryption algorithms is preset. The method includes the steps of firstly, randomly generating a salt value, and storing the salt value in a target file; secondly, repeatedly filling clear-text passwords and the salt value in storage space; thirdly, calculating the sum of all bytes in the current storage space, and keeping the remainder of M; fourthly, selecting the corresponding hash algorithm according to the first remainder; fifthly, calculating the hash value of the current storage space; sixthly, calculating the sum of bytes of the hash value, and keeping the remainder of N; seventhly, selecting the corresponding symmetrical encryption algorithm according to the second remainder; eighthly, repeatedly filling the clear-text passwords and the hash value in the storage space; ninthly, conducting encryption calculation on the current storage space; tenthly, repeatedly executing the steps from the third step to the ninth step, and obtaining a final cryptograph; eleventhly, conducting hash calculation on the finally-obtained storage space data, and obtaining the final verification secret key; twelfthly, storing the final verification secret key into the target file. According to the dynamic secret key generating method, the password cracking difficulty is effectively improved.
Description
Technical field
The present invention relates to information security field, especially, relate to a kind of dynamic key production method and apparatus.
Background technology
At present, increasing software has increased data encryption feature, and to guarantee fail safe and the restriction to data access of data, user only has the correct password of input could access the data of encrypting.For example, the login authentication of operating system, website, database occasion, is all to adopt password authentification to realize the access control to data.
The password setting procedure that existing techniques in realizing data access is controlled is that encryption flow is: input password, generates corresponding key by certain cryptographic algorithm, and be saved in file destination.When user accesses data, need to be first by password authentification.Password authentification flow process is: user inputs corresponding password, system is by adopting identical cryptographic algorithm when password is set, calculate the key of input password, and with above-mentioned file destination in the key preserved compare, identically illustrate that password is correct, the data of encrypting are decrypted, for user's access.
Corresponding, password recovery technique is along with the generation of encryption technology is also arisen at the historic moment, and the modes such as dictionary cracks, Brute Force are widely used in password recovery field.Password cracking speed has directly determined the fail safe of enciphered data, cracks speed faster, and within the shorter time, password is just likely cracked.
In order to improve fail safe, at present, all software is all that the amount of calculation by adopting safer cryptographic algorithm or increasing password authentification algorithm reaches the object that reduces the speed that cracks, such as the cycle-index etc. that increases some algorithm.Particularly in recent years, along with parallel computation equipment, especially the high speed development of GPU, this kind equipment is widely used in password recovery field, causing password cracking speed and past to adopt the mode of CPU calculating to compare has had two liftings more than order of magnitude, so that the very high algorithm of fail safe in the past is also had a greatly reduced quality before parallel computation device side.
In the research and practice process to prior art, the present inventor finds that prior art exists following problem:
In order to improve Information Security, reduce password cracking risk, existing software is substantially all to reduce by increasing the circulation wheel number of hash algorithm the speed of cracking, but the shortcoming of prior art is: on the one hand, the algorithm that prior art adopts is single, flow process is fixed, and along with the development of parallel computation equipment, the probability that password is cracked also increases thereupon; On the other hand, the circulation wheel number of hash algorithm can not unrestrictedly increase, although prior art increases the method for hash algorithm circulation wheel number and has increased the time of cracking, but also increased the time of authentication password simultaneously, at some to performance and the higher occasion of requirement of real-time, by increase circulate wheel number method unworkable.
In a word, need the urgent technical problem solving of those skilled in the art to be exactly: how the password authentification time is controlled under prerequisite in the reasonable scope, to improve password cracking difficulty.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of dynamic key generation method and device, can in limited increase password authentification, the in the situation that of the time, effectively increase password cracking difficulty, improves Information Security.
In order to address the above problem, a kind of dynamic key generation method is provided on the one hand, in first default employing M kind hash algorithm and N, symmetric encipherment algorithm generates key, specifically comprises:
Step 1, generate a salt value at random, be kept in file destination;
If step 2, repeat to fill in clear-text passwords and described salt value in a blank memory space
Dry time;
Step 4, according to described the first remainder, from described M kind hash algorithm, choose corresponding hash algorithm;
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Step 6, calculate the byte sum of cryptographic Hash described in described step 5 gained, to N remainder number, be labeled as the second remainder;
Step 7, according to described the second remainder, from described N kind symmetric encipherment algorithm, choose corresponding symmetric encipherment algorithm;
Step 8, continue to repeat to fill in described in clear-text passwords and described step 5 gained cryptographic Hash some times in memory space;
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, obtains intermediate ciphertext;
Optionally, described step 1 is specially: generate at random the salt value of 16 ~ 64 bytes, be kept in file destination.
Optionally, described step 2 is specially: toward repeating to fill in the first clear-text passwords and described salt value in a blank memory space 8 ~ 20 times.
Optionally, described step 8 is specially: toward repeating to fill in the described cryptographic Hash 64 ~ 256 times that second plaintext password and described step 5 calculate in described memory space.
Optionally, described step 10 is specially: return to step 3, circulation is carried out described step 3 to step 9 (16 ~ 64) * y time, obtains final ciphertext; Wherein, Password Length factor y adjusts the requirement of performance and fail safe according to application scenario.
On the other hand, the present invention also provides a kind of dynamic key generating device, comprises that algorithm presets unit, for default M kind hash algorithm and the N symmetric encipherment algorithm of adopting, generates key, also comprises:
Random value generation unit, for generating a salt value, is kept in file destination;
The first writing unit, for repeating to fill in the described salt value some times that clear-text passwords and described random value generation unit generate in a blank memory space;
The first computing unit, for calculating all byte sums of current memory space, to M remainder number, is labeled as the first remainder;
Hash algorithm is chosen unit, for choosing corresponding hash algorithm according to the first remainder of described the first computing unit output from the default unit of described algorithm;
Hash calculation unit, for utilizing hash algorithm that described hash algorithm determining unit obtains to calculate the cryptographic Hash of current memory space;
The second computing unit, for calculating the byte sum of the described cryptographic Hash of described Hash calculation unit acquisition, to N remainder number, is labeled as the second remainder;
Symmetric encipherment algorithm is chosen unit, for choosing corresponding symmetric encipherment algorithm according to the second remainder of described the second computing unit output from the default unit of described algorithm;
The second writing unit, for continuing to repeat in memory space to fill in the cryptographic Hash some times of clear-text passwords and the output of described Hash calculation unit;
Computations unit, is encrypted calculating for the symmetric encipherment algorithm that utilizes described symmetric encipherment algorithm to choose unit selection to current memory space, obtains intermediate ciphertext;
Circulation performance element, for the first computing unit described in recursive call, to computations unit, respective operations number time is carried out in circulation, obtains final ciphertext;
Authentication secret generation unit, carries out Hash calculation for the final ciphertext that described circulation performance element is finally obtained, and obtains final authentication secret;
Storage unit, for storing the intermediate data of each unit output and the final authentication secret of described authentication secret generation unit output being saved in to described file destination.
Optionally, described random value generation unit, specifically for the random salt value that generates 16 ~ 64 bytes, is kept in file destination.
Optionally, described the first writing unit, specifically for repeating to fill in clear-text passwords and described salt value 8 ~ 20 times in a blank memory space.
Optionally, described the second writing unit, specifically for repeating to fill in the cryptographic Hash 64 ~ 256 times of clear-text passwords and the output of described Hash calculation unit in described memory space.
Optionally, described circulation performance element, specifically for the first computing unit described in recursive call, to computations unit, respective operations (16 ~ 64) * y time is carried out in circulation, obtains final ciphertext; Wherein, Password Length factor y adjusts the requirement of password authentification efficiency and fail safe according to application scenario.
Compared with prior art, a technical scheme in technique scheme has the following advantages or beneficial effect:
The dynamic key generation method that the embodiment of the present invention provides, Hash calculation once all before cryptographic algorithm each time, consequent cryptographic Hash is the symmetric encipherment algorithm for epicycle as temporary key.Technical solution of the present invention has overcome prior art password and has generated the shortcoming that in cipher key processes, algorithm is single, flow process is fixing, the calculation process of different passwords is all not quite similar, even same password and identical file, the random value producing due to different time algorithm is that salt value is different, so flow process is also different, therefore unpredictable algorithm and the flow process that goes out the concrete use of password only just can be confirmed after each step has been calculated; Meanwhile, this programme can be introduced different algorithms according to actual demand for security, and autgmentability is strong; The wheel number of calculation process is also necessarily optimized according to password length, guarantees to a certain extent the fail safe of short password.
accompanying drawing explanation
Fig. 1 is the flow chart of a kind of dynamic key generation method embodiment of the present invention;
Fig. 2 is the structured flowchart of a kind of dynamic key generating device embodiment of the present invention.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
With reference to Fig. 1, show the flow chart of the dynamic key generation method embodiment of the present invention, in system initialization process, in first default employing M kind hash algorithm and N, symmetric encipherment algorithm generates key, specifically comprises:
Step 1, generate a salt value at random, be kept in file destination;
Above-mentioned salt value is the random value by the random default byte generating of system.The byte number of this salt value is that complexity is that user pre-sets the requirement of the performances such as verification efficiency and fail safe according to password authentification practical application.For example, the random value that can predetermined system generates 16 bytes in initialization procedure.In another fail safe less demanding occasion of high efficiency more, in initialization procedure, select to generate the salt value of 32 bytes or 64 bytes.In embodiments of the present invention, the object that produces random value is in order to make same password produce not identical checking string, to prevent that hacker from adopting the mode of rainbow table to crack.
Above-mentioned password authentification application scenario comprises the login authentication of operating system, website, database.
If step 2, repeat to fill in clear-text passwords and described salt value in a blank memory space
Dry time;
Wherein, the password that above-mentioned clear-text passwords provides first for user, the clear-text passwords normally arranging during Account Registration.So-called clear-text passwords is exactly that user directly can understand, such as the computer systems such as 123456, abcd are not through encrypting the information showing.
Alternatively, toward repeating to fill in clear-text passwords and described salt value in a blank memory space 8 ~ 20 times, as be specially 16 times.It is also according to the concrete application scenario of password authentification, the requirement of verification efficiency and fail safe to be set in advance that the repeating of above-mentioned clear-text passwords and salt value filled in pass.A concrete application scenario, repeats to fill in pass and fixes, and not by system, is determined at random.
In this step 2, clear-text passwords and salt value fill in order can be random, suppose that above-mentioned clear-text passwords is 123, above-mentioned salt value is@@@.The mode of filling in toward blank memory space can be: 123 123 123 ... 123 123;
123123123123123123......@@@@@@@@@@@@@@@@@@; 123123@@@@123123@@@@... 123123@@@@123123@@@@; 123@@@123@@@123@@@... 123@@@etc.
Wherein, the first remainder is: the arbitrary positive integer between 0 ~ M-1.As, first preset and adopt 4 kinds of hash algorithms, above-mentioned the first remainder is: 0,1,2,3.
Step 4, according to the first remainder, from above-mentioned M kind hash algorithm, choose corresponding hash algorithm;
The implementation condition of this step 4 is, in system initialization process, to have preset the mapping relations between the first remainder and above-mentioned M kind hash algorithm.For example, suppose that above-mentioned M kind hash algorithm comprises: MD5, SHA-1, SHA-256, SHA-512.If the first remainder is 0, choose MD5 hash algorithm; If the first remainder is 1, choose SHA-1 hash algorithm, the like.
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Current memory space is the memory space after step 2 is upgraded herein.Utilize hash algorithm to carry out Hash calculation to memory space and calculate the character string that the cryptographic Hash of gained is a kind of regular length, as the character string of 128 bytes.The length of cryptographic Hash is the build-in attribute of hash algorithm, and hash algorithm is different, and the length of gained cryptographic Hash is also different.
All byte sums of the cryptographic Hash of step 6, calculation procedure 5 outputs, to N remainder number, are labeled as the second remainder;
Similar with the first remainder of above-mentioned steps 3 outputs, the second remainder is: the arbitrary positive integer between 0 ~ N-1.As, first preset and adopt 4 kinds of symmetric encipherment algorithms, above-mentioned the second remainder is: 0,1,2,3.
, suppose that the hash algorithm that step 4 is chosen is MD5 hash algorithm herein, the content of the storage of current memory space described in step 5 is character string " 123456 ", and the MD5 cryptographic Hash of step 5 output is the string of 16 bytes, 16 systems of each byte of computer-internal are expressed as 0xe1,0x0a, and 0x dc, 0x 39,0x 49,0x ba, and 0x 59,0x ab, 0x be, 0x 56,0x e0,0x 57,0x f2,0x 0f, 0x 88,0x 3e.All byte sums of the cryptographic Hash of step 6 calculation procedure 5 output, are specially: calculate above-mentioned 16 bytes and, result of calculation is 0x819.
Step 7, according to the second remainder, from N kind symmetric encipherment algorithm, choose corresponding symmetric encipherment algorithm;
In like manner, the implementation condition of this step 7 is, in system initialization process, to have preset the mapping relations between the second remainder and above-mentioned N kind symmetric encipherment algorithm.For example, suppose that above-mentioned N kind symmetric encipherment algorithm comprises: DES, AES-128, AES-256, AES-512.If the second remainder is, choose des encryption algorithm at 0 o'clock; If the second remainder is 1, choose AES-128 cryptographic algorithm, the like.
Step 8, continue to repeat to fill in clear-text passwords and step 5 gained cryptographic Hash some times in memory space;
Equally, with in the setting of salt value in above-mentioned steps 1 and step 2, toward the pass that repeats to fill in clear-text passwords and described salt value in a blank memory space, arrange similarly, the pass that step 8 repeats to fill in clear-text passwords and cryptographic Hash is also according to the concrete application scenario of password authentification, the requirement of verification efficiency and fail safe to be pre-set in system initialization process.A concrete application scenario, repeats to fill in pass and fixes, and can be preset as 64 times, 128 times, 256 times etc., not by system, is determined at random.
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, obtains intermediate ciphertext;
In step 9, described current memory space is the memory space upgrading through step 8.Paper is symmetric encipherment algorithm once: symmetric encipherment algorithm be using expressly and key as input, after calculating, obtain ciphertext.So relate to the place of symmetric encipherment algorithm, all need to use key.In step 9, the key of input is exactly the cryptographic Hash that step 5 calculates.
In the embodiment of the present invention, Hash calculation once all before symmetric encipherment algorithm, consequent cryptographic Hash is the symmetric encipherment algorithm for epicycle as temporary key.
If perform step for the first time 3, be first round circulation to step 9, from step 10 start second to take turns, third round is to the circulation of number wheel.Take second, to take turns circulation be example, and repeated execution of steps 3 is to carry out on the basis of the memory space that obtains based on first round circulation, the ephemeral data in described current memory space storage first round loop calculation.
This step 10 has implied the step that final ciphertext is stored into memory space.
Alternatively, step 10 can be specially: return to step 3, circulation execution step 3 is to step 9(16 ~ 64) * y time, i.e. 16y ~ 64y time is carried out in circulation, obtains final ciphertext; Wherein, Password Length factor y adjusts the requirement of performance and fail safe according to application scenario.Password is shorter, and the wheel number of cycle calculations is larger, the fail safe of data in the time of guaranteeing short password to a certain extent.
Particularly, the hash algorithm that step 11 adopts can be a kind of hash algorithm of presetting as SHA-512, step 11 can be specially: the memory space data that finally obtain are calculated, obtained final authentication secret.
The hash algorithm that this step 11 adopts can be also the hash algorithm of choosing according to similar above-mentioned steps 3,4, the flow chart of step 11 embodiment shown in Figure 2, and, in another embodiment of the present invention, step 11 also can specifically comprise:
All byte sums of the memory space that step 111, calculating finally obtain, to M remainder number;
Step 112, the remainder obtaining according to step 111 are chosen corresponding hash algorithm from described M kind hash algorithm;
Step 113, utilize hash algorithm that step 112 chooses to calculate the cryptographic Hash of the memory space finally obtaining, as final authentication secret.
The above-mentioned sign of password verification of correctness while being kept at final authentication secret in file destination as user access control.
The M kind hash algorithm using in the embodiment of the present invention can comprise MD5, SHA-1, SHA-256, SHA-512 scheduling algorithm; The symmetric encipherment algorithm of N kind can comprise DES, AES-128, AES-256, AES-512 etc., and above-mentioned each algorithm types can increase as required more certainly, and the algorithm of increase is more, and the speed that cracks of LPT device declines more obvious.
It should be noted that, the file destination described in the embodiment of the present invention, can be concrete file or database.Because final authentication secret is only relevant with random value salt with password, during password authentification, only need to from file destination, read random value salt and final authentication secret, so the present invention only says the storage of having described random value salt and final authentication secret.
In addition, the memory space in the embodiment of the present invention refers to a memory headroom, is used for preserving the hash algorithm of each step and the input and output data of symmetric encipherment algorithm, and these are all the ephemeral datas in computational process, are not final results.The result of step 11 is only the data that finally should be saved in file destination.
Visible, the dynamic key generation method that the embodiment of the present invention provides, Hash calculation once all before cryptographic algorithm each time, consequent cryptographic Hash is the symmetric encipherment algorithm for epicycle as temporary key, having overcome prior art password, to generate in cipher key processes algorithm single, the shortcoming that flow process is fixing, the calculation process of different passwords is all not quite similar, even same password and identical file, the random value producing due to different time algorithm is that salt value is different, so flow process is also different, therefore unpredictable algorithm and the flow process that goes out the concrete use of password, only after having calculated, each step just can be confirmed, meanwhile, this programme can be introduced different algorithms according to actual demand for security, and autgmentability is strong, the wheel number of calculation process is also necessarily optimized according to password length, guarantees to a certain extent the fail safe of short password.
Corresponding above-mentioned dynamic key generation method embodiment, the present invention also provides a kind of dynamic key generating device embodiment, referring to Fig. 3, shows the structured flowchart of a kind of dynamic key generating device embodiment of the present invention, comprising:
Algorithm is preset unit 31, for default M kind hash algorithm and the N symmetric encipherment algorithm of adopting, generates key, also comprises:
Random value generation unit 32, for a salt value of random generation, is kept in file destination;
The first writing unit 33, for repeating to fill in the described salt value some times that clear-text passwords and described random value generation unit generate in a blank memory space;
The first computing unit 34, for calculating all byte sums of current memory space, to M remainder number, is labeled as the first remainder;
Hash algorithm is chosen unit 35, for choosing corresponding hash algorithm according to the first remainder of the first computing unit 34 outputs from the default unit of described algorithm;
The second computing unit 37, for calculating all byte sums of the cryptographic Hash of Hash calculation unit 36 outputs, to N remainder number, is labeled as the second remainder;
Symmetric encipherment algorithm is chosen unit 38, for choosing corresponding symmetric encipherment algorithm according to the second remainder of the second computing unit 37 outputs from the default unit 31 of algorithm;
The second writing unit 39, for continuing to repeat in memory space to fill in the cryptographic Hash some times of clear-text passwords and the output of described Hash calculation unit;
Authentication secret generation unit 312, carries out Hash calculation for the final ciphertext that circulation performance element 311 is finally obtained, and obtains final authentication secret;
Memory cell 313, is saved in above-mentioned file destination for the final authentication secret of storing the intermediate data of each unit output and authentication secret generation unit 312 is generated.
Optionally, random value generation unit 32, specifically for the random salt value that generates 16 ~ 64 bytes, is kept in file destination.
The first writing unit 33, specifically for repeating to fill in clear-text passwords and described salt value 8 ~ 20 times in a blank memory space.
The second writing unit 39, specifically for repeating to fill in the cryptographic Hash 64 ~ 256 times of clear-text passwords and the output of described Hash calculation unit in described memory space.
In sum, this programme proposes a kind of dynamic key generation method and device has adopted dynamic encryption mechanism, under this mechanism, comprise multiple hash algorithm and symmetric encipherment algorithm, different passwords can adopt different algorithms and key product process, one, takes turns the algorithm that unpredictable next round adopts before having calculated; Meanwhile, computational process is carried out the computations of certain data volume, has utilized parallel computation equipment there is no branch prediction function, has carried out the problem that big data quantity access delay is serious, reduces the performance of parallel computation equipment.Because this programme does not roll up the amount of calculation of password authentification process, so can obviously not increase the computing time on CPU, speed during authentication password, go for the occasion higher to performance requirement, and the speed that cracks that can obviously reduce parallel computation equipment, has promoted the fail safe of enciphered data.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and each embodiment stresses is the difference with other embodiment, between each embodiment identical similar part mutually referring to.For system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
Above to a kind of dynamic key generation method provided by the present invention and device, be described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.
Claims (10)
1. a dynamic key generation method, is characterized in that, in first default employing M kind hash algorithm and N, symmetric encipherment algorithm generates key, specifically comprises:
Step 1, generate a salt value at random, be kept in file destination;
If step 2, repeat to fill in clear-text passwords and described salt value in a blank memory space
Dry time;
Step 3, all byte sums of calculating current memory space, to M remainder number, be labeled as the first remainder;
Step 4, according to described the first remainder, from described M kind hash algorithm, choose corresponding hash algorithm;
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Step 6, calculate the byte sum of cryptographic Hash described in described step 5 gained, to N remainder number, be labeled as the second remainder;
Step 7, according to described the second remainder, from described N kind symmetric encipherment algorithm, choose corresponding symmetric encipherment algorithm;
Step 8, continue to repeat to fill in described in clear-text passwords and described step 5 gained cryptographic Hash some times in memory space;
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, obtains intermediate ciphertext;
Step 10, return to step 3, circulation is carried out described step 3 to step 9 number time, obtains final ciphertext;
Step 11, the final ciphertext finally obtaining is carried out to Hash calculation, obtain final authentication secret;
Step 12, described final authentication secret is saved in described file destination.
2. dynamic key generation method according to claim 1, is characterized in that, described step 1 is specially: generate at random the salt value of 16 ~ 64 bytes, be kept in file destination.
3. dynamic key generation method according to claim 1, is characterized in that, described step 2 is specially: toward repeating to fill in the first clear-text passwords and described salt value in a blank memory space 8 ~ 20 times.
4. dynamic key generation method according to claim 1, is characterized in that, described step 8 is specially: toward repeating to fill in the described cryptographic Hash 64 ~ 256 times that second plaintext password and described step 5 calculate in described memory space.
5. dynamic key generation method according to claim 1, is characterized in that, described step 10 is specially: return to step 3, circulation is carried out described step 3 to step 9 (16 ~ 64) * y time, obtains final ciphertext; Wherein, Password Length factor y adjusts the requirement of performance and fail safe according to application scenario.
6. a dynamic key generating device, is characterized in that, comprises that algorithm presets unit, for default M kind hash algorithm and the N symmetric encipherment algorithm of adopting, generates key, also comprises:
Random value generation unit, for generating a salt value, is kept in file destination;
The first writing unit, for repeating to fill in the described salt value some times that clear-text passwords and described random value generation unit generate in a blank memory space;
The first computing unit, for calculating all byte sums of current memory space, to M remainder number, is labeled as the first remainder;
Hash algorithm is chosen unit, for choosing corresponding hash algorithm according to the first remainder of described the first computing unit output from the default unit of described algorithm;
Hash calculation unit, for utilizing hash algorithm that described hash algorithm determining unit obtains to calculate the cryptographic Hash of current memory space;
The second computing unit, for calculating the byte sum of the described cryptographic Hash of described Hash calculation unit acquisition, to N remainder number, is labeled as the second remainder;
Symmetric encipherment algorithm is chosen unit, for choosing corresponding symmetric encipherment algorithm according to the second remainder of described the second computing unit output from the default unit of described algorithm;
The second writing unit, for continuing to repeat in memory space to fill in the cryptographic Hash some times of clear-text passwords and the output of described Hash calculation unit;
Computations unit, is encrypted calculating for the symmetric encipherment algorithm that utilizes described symmetric encipherment algorithm to choose unit selection to current memory space, obtains intermediate ciphertext;
Circulation performance element, for the first computing unit described in recursive call, to computations unit, respective operations number time is carried out in circulation, obtains final ciphertext;
Authentication secret generation unit, carries out Hash calculation for the final ciphertext that described circulation performance element is finally obtained, and obtains final authentication secret;
Storage unit, for storing the intermediate data of each unit output and the final authentication secret of described authentication secret generation unit output being saved in to described file destination.
7. dynamic key generating device according to claim 6, is characterized in that, described random value generation unit, specifically for the random salt value that generates 16 ~ 64 bytes, is kept in file destination.
8. dynamic key generating device according to claim 6, is characterized in that, described the first writing unit, specifically for repeating to fill in clear-text passwords and described salt value 8 ~ 20 times in a blank memory space.
9. dynamic key generating device according to claim 6, is characterized in that, described the second writing unit, specifically for repeating to fill in the cryptographic Hash 64 ~ 256 times of clear-text passwords and the output of described Hash calculation unit in described memory space.
10. dynamic key generating device according to claim 6, it is characterized in that, described circulation performance element, specifically for the first computing unit described in recursive call to computations unit, respective operations (16 ~ 64) * y time is carried out in circulation, obtains final ciphertext; Wherein, Password Length factor y adjusts the requirement of password authentification efficiency and fail safe according to application scenario.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526531.XA CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526531.XA CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103546281A true CN103546281A (en) | 2014-01-29 |
| CN103546281B CN103546281B (en) | 2016-08-17 |
Family
ID=49969362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310526531.XA Active CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546281B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106161472A (en) * | 2016-09-05 | 2016-11-23 | 上海前隆金融信息服务有限公司 | A kind of method of data encryption, Apparatus and system |
| CN113852461A (en) * | 2021-09-26 | 2021-12-28 | 深圳万兴软件有限公司 | Password recovery method and device, computer equipment and storage medium |
| CN114745118A (en) * | 2022-05-26 | 2022-07-12 | 北京金橙子科技股份有限公司 | Key searching method based on hash table index and computer readable storage medium |
| CN114938358A (en) * | 2022-04-14 | 2022-08-23 | 厦门市美亚柏科信息股份有限公司 | Backup method and terminal for instant messaging application data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630999A (en) * | 1999-02-17 | 2005-06-22 | 格姆普拉斯公司 | Method for countermeasure in an electronic component using a secret key algorithm |
| CN1700639A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information |
| US20080235772A1 (en) * | 2007-03-23 | 2008-09-25 | Sap Ag. | Iterated password hash systems and methods for preserving password entropy |
| CN102045169A (en) * | 2010-12-10 | 2011-05-04 | 厦门市美亚柏科信息股份有限公司 | New password authentication method and device |
-
2013
- 2013-10-31 CN CN201310526531.XA patent/CN103546281B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630999A (en) * | 1999-02-17 | 2005-06-22 | 格姆普拉斯公司 | Method for countermeasure in an electronic component using a secret key algorithm |
| CN1700639A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information |
| US20080235772A1 (en) * | 2007-03-23 | 2008-09-25 | Sap Ag. | Iterated password hash systems and methods for preserving password entropy |
| CN102045169A (en) * | 2010-12-10 | 2011-05-04 | 厦门市美亚柏科信息股份有限公司 | New password authentication method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106161472A (en) * | 2016-09-05 | 2016-11-23 | 上海前隆金融信息服务有限公司 | A kind of method of data encryption, Apparatus and system |
| CN113852461A (en) * | 2021-09-26 | 2021-12-28 | 深圳万兴软件有限公司 | Password recovery method and device, computer equipment and storage medium |
| CN113852461B (en) * | 2021-09-26 | 2024-02-02 | 深圳万兴软件有限公司 | Password recovery method and device, computer equipment and storage medium |
| CN114938358A (en) * | 2022-04-14 | 2022-08-23 | 厦门市美亚柏科信息股份有限公司 | Backup method and terminal for instant messaging application data |
| CN114938358B (en) * | 2022-04-14 | 2024-02-23 | 厦门市美亚柏科信息股份有限公司 | Backup method and terminal for instant messaging application data |
| CN114745118A (en) * | 2022-05-26 | 2022-07-12 | 北京金橙子科技股份有限公司 | Key searching method based on hash table index and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103546281B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10341106B2 (en) | Location aware cryptography | |
| CN109474423A (en) | Data encryption/decryption method, server and storage medium | |
| CA2950766C (en) | Controlling access to a resource via a computing device | |
| CN104126284B (en) | Generate digital signature | |
| RU2017134659A (en) | Authentication of controllers LAN messages | |
| CN103546281A (en) | Dynamic secret key generating method and device | |
| GB2596763A (en) | Cryptography using a cryptographic state | |
| CN106357701A (en) | Integrity verification method for data in cloud storage | |
| US9787475B2 (en) | Device, method, and program for message authentication tag generation | |
| US9917695B2 (en) | Authenticated encryption method using working blocks | |
| CN111310222A (en) | File encryption method | |
| JP2016535310A (en) | Method and apparatus for generating and storing prime numbers | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN109687966A (en) | Encryption method and its system | |
| CN106549756B (en) | A kind of method and device of encryption | |
| CN109586898B (en) | Dual-system communication key generation method and computer-readable storage medium | |
| CN114760052A (en) | Bank Internet of things platform key generation method and device, electronic equipment and medium | |
| US20150058639A1 (en) | Encryption processing device and storage device | |
| CN111798236B (en) | Transaction data encryption and decryption methods, devices and equipment | |
| US11042488B2 (en) | Diversifying a base symmetric key based on a public key | |
| CN113067816A (en) | Data encryption method and device | |
| CN115499124B (en) | Data transmission method and system and electric automobile | |
| CN103593592A (en) | User data encryption and decryption method | |
| US20230185905A1 (en) | Protection of authentication tag computation against power and electromagnetic side-channel attacks | |
| CN103490875A (en) | Method for protecting large-capacity intelligent card secret key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |