CN103546281B - Dynamic key generation method and device - Google Patents
Dynamic key generation method and device Download PDFInfo
- Publication number
- CN103546281B CN103546281B CN201310526531.XA CN201310526531A CN103546281B CN 103546281 B CN103546281 B CN 103546281B CN 201310526531 A CN201310526531 A CN 201310526531A CN 103546281 B CN103546281 B CN 103546281B
- Authority
- CN
- China
- Prior art keywords
- unit
- algorithm
- hash
- memory space
- remainder
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a kind of dynamic key generation method and device, wherein method is preset and use symmetric encipherment algorithm in M kind hash algorithm and N to generate key, including: one salt value of stochastic generation, it is saved in file destination;In memory space, repeat to fill in clear-text passwords and some times of salt value;Calculate current memory space all bytes sum, to M remainder number;The hash algorithm of correspondence is chosen according to the first remainder;Calculate the cryptographic Hash of current memory space;Calculate the byte sum of cryptographic Hash, to N remainder number;The symmetric encipherment algorithm of correspondence is chosen according to the second remainder;Repeat to fill in clear-text passwords and some times of cryptographic Hash toward memory space;Current memory space is encrypted calculating;Circulation performs described step 3 to step 9 several times, obtains final ciphertext;The memory space data finally obtained are carried out Hash calculation, obtains final authentication secret;Final authentication secret is saved in file destination.The key generation method that the present invention provides is effectively increased password cracking difficulty.
Description
Technical field
The present invention relates to information security field, especially, relate to a kind of dynamic key production method and apparatus.
Background technology
At present, increasing software adds data encryption feature, to ensure the safety of data and right
The restriction of data access, user only inputs correct password could access the data of encryption.Such as, operation
System, website, the login authentication of database occasion, be all the access using password authentification to realize data
Control.
Prior art realizes the cipher setting procedures i.e. encryption flow of data access control: input password, logical
Cross certain AES and generate corresponding key, and be saved in file destination.When a user accesses data,
Need to first pass through password authentification.Password authentification flow process is: user inputs corresponding password, system by with
Use identical AES when password is set, calculate the key of input password, and with in above-mentioned file destination
The key phase comparison preserved, identical then explanation password is correct, is decrypted the data of encryption, visits for user
Ask.
Corresponding, password recovery technique also arises at the historic moment along with the generation of encryption technology, and dictionary cracks, violence
The mode such as crack is widely used in password recovery field.Password cracking speed directly determines encryption data
Safety, cracks speed the fastest, and within the shorter time, password is possible to be cracked.
In order to improve safety, at present, all softwares are all by using safer AES or increasing
The amount of calculation of encrypted code verification algorithm reduces the purpose cracking speed, such as, increase following of some algorithm
Ring number of times etc..The most in recent years, along with the high speed development of parallel computation equipment, especially GPU, this type of
Equipment is widely used in password recovery field, causes password cracking speed and the side using CPU to calculate in the past
Formula compares the lifting having had more than two orders of magnitude, so that the highest algorithm of in the past safety sets in parallel computation
For the most also having a greatly reduced quality.
To in the research of prior art and practice process, the inventors found that prior art exist with
Lower problem:
In order to improve Information Security, reducing password cracking risk, existing software is substantially to be breathed out by increase
The circulation wheel number of uncommon algorithm reduces and cracks speed, but the shortcoming of prior art is: on the one hand, existing skill
The algorithm that art uses is single, and flow process is fixed, and along with the development of parallel computation equipment, password is cracked
Probability increases the most therewith;On the other hand, the circulation wheel number of hash algorithm can not unrestrictedly increase, existing
Although the method that technology increases hash algorithm circulation wheel number adds the time cracked, but too increases and test simultaneously
The time of card password, in the occasion that some are higher to performance and requirement of real-time, by increasing circulation wheel number
Method unworkable.
In a word, the technical problem needing those skilled in the art urgently to solve is exactly: how by password
On the premise of proving time controls in the reasonable scope, improve password cracking difficulty.
Summary of the invention
The technical problem to be solved is to provide a kind of dynamic key generation method and device, it is possible to
In the case of the limited increase password authentification time, it is effectively increased password cracking difficulty, improves Information Security.
In order to solve the problems referred to above, on the one hand provide a kind of dynamic key generation method, first preset and adopt
Generate key with symmetric encipherment algorithm in M kind hash algorithm and N, specifically include:
Step one, one salt value of stochastic generation, be saved in file destination;
If step 2, repeating to fill in clear-text passwords and described salt value in an empty storage space
Dry time;
Step 3, calculating current memory space all bytes sum, to M remainder number, be labeled as the first remainder;
Step 4, according to described first remainder choose from described M kind hash algorithm correspondence hash algorithm;
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Step 6, calculate the byte sum of cryptographic Hash described in described step 5 gained, to N remainder number, labelling
It it is the second remainder;
Step 7, according to described second remainder choose from described N kind symmetric encipherment algorithm correspondence symmetry add
Close algorithm;
Step 8, continuation repeat to fill in Hash described in clear-text passwords and described step 5 gained in memory space
It is worth some times;
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, in obtaining
Between ciphertext;
Step 10, return step 3, circulation performs described step 3 to step 9 several times, obtains final ciphertext;
Step 11, the final ciphertext finally obtained is carried out Hash calculation, obtain final authentication secret;
Step 12, described final authentication secret is saved in described file destination.
Optionally, described step one, particularly as follows: stochastic generation one 16~the salt value of 64 bytes, is saved in
In file destination.
Optionally, described step 2 is particularly as follows: the closeest toward repeating in an empty storage space to fill in first
Code and described salt value 8~20 times.
Optionally, described step 8 particularly as follows: toward repeat in described memory space to fill in second plaintext password and
Described step 5 calculate described cryptographic Hash 64~256 times.
Optionally, described step 10 is particularly as follows: return step 3, and circulation performs described step 3 to step 9
(16~64) * y time, obtains final ciphertext;Wherein, Password Length factor y according to application scenario to performance
Adjust with the requirement of safety.
On the other hand, present invention also offers a kind of dynamic key generating device, preset unit including algorithm,
In default employing M kind hash algorithm and N, symmetric encipherment algorithm generates key, also includes:
Random value signal generating unit, for generating a salt value, is saved in file destination;
First writing unit, for toward repeat in an empty storage space to fill in clear-text passwords and described at random
Some times of the described salt value that value signal generating unit generates;
First computing unit, for calculating all byte sums of current memory space, to M remainder number, mark
It is designated as the first remainder;
Hash algorithm chooses unit, is used for the first remainder according to described first computing unit output from described calculation
Method presets the hash algorithm choosing correspondence in unit;
Hash calculation unit, the hash algorithm for utilizing described hash algorithm to determine that unit obtains calculates current
The cryptographic Hash of memory space;
Second computing unit, for calculating the byte sum of the described cryptographic Hash that described Hash calculation unit obtains,
To N remainder number, it is labeled as the second remainder;
Symmetric encipherment algorithm chooses unit, is used for the second remainder according to described second computing unit output from institute
State algorithm and preset the symmetric encipherment algorithm choosing correspondence in unit;
Second writing unit, is used for continuing to repeat to fill in clear-text passwords and described Hash calculation in memory space
Some times of the cryptographic Hash of unit output;
Computations unit, for utilizing described symmetric encipherment algorithm to choose the symmetric encipherment algorithm of unit selection
Current memory space is encrypted calculating, obtains intermediate ciphertext;
Circulation performance element, holds to computations unit, circulation for the first computing unit described in recursive call
Row respective operations several times, obtains final ciphertext;
Authentication secret generation unit, breathes out for the final ciphertext finally obtaining described circulation performance element
Uncommon calculating, obtains final authentication secret;
Storage unit, for storing the intermediate data of each unit output and by defeated for described authentication secret generation unit
The final authentication secret gone out is saved in described file destination.
Optionally, described random value signal generating unit specifically for stochastic generation one 16~the salt value of 64 bytes,
It is saved in file destination.
Optionally, described first writing unit, bright specifically for repeating to fill in an empty storage space
Literary composition password and described salt value 8~20 times.
Optionally, described second writing unit, the closeest specifically for repeating to fill in described memory space
Code and described Hash calculation unit output cryptographic Hash 64~256 times.
Optionally, described circulation performance element, specifically for the first computing unit described in recursive call to encryption
Computing unit, circulation performs respective operations (16~64) * y time, obtains final ciphertext;Wherein, password is long
Password authentification efficiency and the requirement of safety are adjusted by degree factor y according to application scenario.
Compared with prior art, a technical scheme in technique scheme has the following advantages or useful effect
Really:
The dynamic key generation method that the embodiment of the present invention provides, before AES each time the most once
Hash calculation, consequent cryptographic Hash as temporary key for the symmetric encipherment algorithm of epicycle.This
Bright technical scheme overcomes prior art password and generates in cipher key processes the shortcoming that algorithm is single, flow process is fixing,
The calculation process of different passwords is all not quite similar, though same password and identical file, due to different time
Algorithm produce random value i.e. salt value be different, so flow process is the most different, the most unpredictable go out password
Specifically used algorithm and flow process, only just can be confirmed after each step has calculated;Meanwhile, originally
Scheme can introduce different algorithms according to actual demand for security, and autgmentability is strong;The wheel number of calculation process is also
Necessarily optimize according to password length, ensure the safety of short password to a certain extent.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of dynamic key generation method embodiment of the present invention;
Fig. 2 is the structured flowchart of a kind of dynamic key generating device embodiment of the present invention.
Detailed description of the invention
Understandable for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from, below in conjunction with the accompanying drawings and
The present invention is further detailed explanation for detailed description of the invention.
With reference to Fig. 1, it is shown that the flow chart of the present invention dynamic key generation method embodiment, initial in system
During change, first preset and use symmetric encipherment algorithm in M kind hash algorithm and N to generate key, specifically wrap
Include:
Step 1, one salt value of stochastic generation, be saved in file destination;
Above-mentioned salt value is by the random value of a default byte of system stochastic generation.The byte of this salt value
Number i.e. complexity be user according to password authentification practical application to the performances such as verification efficiency and safety
Require and pre-set.For example, it is possible to predetermined system generates 16 bytes in initialization procedure
Random value.In another less demanding occasion of safety higher efficiency, in initialization procedure, select raw
Become 32 bytes or the salt value of 64 bytes.In embodiments of the present invention, produce random value purpose be for
Make same password produce the checking string differed, prevent the hacker from using the mode of rainbow table to crack.
Above-mentioned password authentification application scenario includes the login authentication of operating system, website, database.
If step 2, repeating to fill in clear-text passwords and described salt value in an empty storage space
Dry time;
Wherein, the password that above-mentioned clear-text passwords provides first for user, it is common that arrange during Account Registration is bright
Literary composition password.So-called clear-text passwords is exactly that user directly can understand, the computer such as such as 123456, abcd
System is without the information of encryption display.
Alternatively, in an empty storage space, repeat to fill in clear-text passwords and described salt value 8~20 times,
Such as specially 16 times.It is also concrete according to password authentification that the repeating of above-mentioned clear-text passwords and salt value fills in pass
Verification efficiency and the requirement of safety are set by application scenario in advance.A concrete application scenario, weight
It is fixing for filling in pass again, is not determined at random by system.
In this step 2, the order of filling in of clear-text passwords and salt value can be random, it is assumed that above-mentioned plaintext is close
Code is 123, and above-mentioned salt value is@@@.The mode of filling in toward empty storage space can be:
123@@@123@@@123@@@......123@@@123@@@;
123123123123123123......@@@@@@@@@@@@@@@@@@;
123123@@@@123123@@@@......123123@@@@123123@@@@;
123@@@123@@@123@@@... 123@@@etc..
Step 3, calculating current memory space all bytes sum, to M remainder number, be labeled as the first remainder;
Wherein, the first remainder is: the arbitrary positive integer between 0~M-1.As, first preset and use 4 kinds of Kazakhstan
Uncommon algorithm, the most above-mentioned first remainder is: 0,1,2,3.
Step 4, according to the first remainder choose from above-mentioned M kind hash algorithm correspondence hash algorithm;
The implementation condition of this step 4 is, in system initialization process, preset the first remainder with
Mapping relations between above-mentioned M kind hash algorithm.For example, it is assumed that above-mentioned M kind hash algorithm includes: MD5,
SHA-1、SHA-256、SHA-512.If the first remainder is 0, choose MD5 hash algorithm;If more than first
Number is 1, chooses SHA-1 hash algorithm, the like.
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Current memory space is the memory space after step 2 updates herein.Utilize hash algorithm to memory space
Carry out Hash calculation and calculate the character string that cryptographic Hash is a kind of regular length of gained, such as the character of 128 bytes
String.The build-in attribute of a length of hash algorithm of cryptographic Hash, i.e. hash algorithm are different, the length of gained cryptographic Hash
Degree is also different.
All byte sums of the cryptographic Hash of step 6, calculation procedure 5 output, to N remainder number, are labeled as
Second remainder;
Similar with the first remainder of above-mentioned steps 3 output, the second remainder is: the arbitrary positive integer between 0~N-1.
As, first to preset and use 4 kinds of symmetric encipherment algorithms, the most above-mentioned second remainder is: 0,1,2,3.
Here, it is assumed that the hash algorithm that step 4 is chosen is MD5 hash algorithm, currently deposit described in step 5
The content of storage space storage is character string " 123456 ", then the MD5 cryptographic Hash of step 5 output is 16 bytes
String, 16 systems of each byte of computer-internal are expressed as 0xe1,0x0a, 0xdc, 0x39,0x49,
0xba, 0x59,0xab, 0xbe, 0x56,0xe0,0x57,0xf2,0x0f, 0x88,0x3e.
All byte sums of the cryptographic Hash of step 6 calculation procedure 5 output, particularly as follows: calculate above-mentioned 16 bytes
With, result of calculation is 0x819.
Step 7, according to the second remainder choose from N kind symmetric encipherment algorithm correspondence symmetric encipherment algorithm;
In like manner, the implementation condition of this step 7 is, in system initialization process, has preset second
Mapping relations between remainder and above-mentioned N kind symmetric encipherment algorithm.For example, it is assumed that above-mentioned N kind symmetric cryptography
Algorithm includes: DES, AES-128, AES-256, AES-512.If the second remainder is 0, choose DES
AES;If the second remainder is 1, choose AES-128 AES, the like.
Step 8, continue toward repeating to fill in clear-text passwords and some times of step 5 gained cryptographic Hash in memory space;
Equally, with the setting of salt value in above-mentioned steps 1 and step 2 in toward weight in an empty storage space
Filling in clear-text passwords again and arrange similar with the pass of described salt value, step 8 repeats to fill in clear-text passwords and Hash
The pass of value be also according to the concrete application scenario of password authentification to verification efficiency and the requirement of safety in system
Initialization procedure pre-sets.A concrete application scenario, it is fixing for repeating to fill in pass, can
To be preset as 64 times, 128 times, 256 times etc., not determined at random by system.
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, obtains centre
Ciphertext;
In step 9, described current memory space is through the updated memory space of step 8.First introduce
Symmetric encipherment algorithm once: symmetric encipherment algorithm is using in plain text and key is as input, obtains ciphertext after calculating.
So the place relating to symmetric encipherment algorithm is required for using key.In step 9, the key of input walks exactly
Rapid 5 cryptographic Hash calculated.
In the embodiment of the present invention, the most once Hash calculation, consequent cryptographic Hash before symmetric encipherment algorithm
As temporary key for the symmetric encipherment algorithm of epicycle.
Step 10, return step 3, circulation performs step 3~9 several times, obtains final ciphertext;
If performing for the first time step 3 to step 9 is first round circulation, then start second to take turns from step 10, the
Three-wheel is to number wheel circulation.By second take turns circulation as a example by, repeated execution of steps 3 be based on the first round circulation obtain
Memory space on the basis of carry out, in described current memory space storage first round loop calculation
Ephemeral data.
This step 10 implies the step that final ciphertext stores memory space.
Alternatively, step 10 can be particularly as follows: return step 3, circulation execution step 3 to step 9 (16~64)
* y time, i.e. circulation performs 16y~64y time, obtains final ciphertext;Wherein, Password Length factor y is according to answering
By occasion, the requirement of performance and safety is adjusted.Password is the shortest, and the wheel number of cycle calculations is the biggest, can be
Ensure the safety of data during short password to a certain extent.
Step 11, the final ciphertext finally obtained is carried out Hash calculation, obtain final authentication secret;
Specifically, the hash algorithm that step 11 uses can be default a kind of hash algorithm such as SHA-512,
I.e. step 11 finally can be verified close particularly as follows: calculate the memory space data finally obtained
Key.
The hash algorithm that this step 11 uses can also be that the Hash chosen according to similar above-mentioned steps 3,4 is calculated
Method, the flow chart of step 11 detailed description of the invention shown in Figure 2, the most in an alternative embodiment of the invention,
Step 11 can also specifically include:
All byte sums of the memory space that step 111, calculating finally obtain, to M remainder number;
Step 112, the remainder obtained according to step 111 choose the Kazakhstan of correspondence from described M kind hash algorithm
Uncommon algorithm;
Step 113, the hash algorithm utilizing step 112 to choose calculate the cryptographic Hash of the memory space finally obtained,
As final authentication secret.
Step 12, described final authentication secret is saved in described file destination.
The above-mentioned final authentication secret being saved in file destination is tested as password correctness during user access control
The mark of card.
In the embodiment of the present invention use M kind hash algorithm can include MD5, SHA-1, SHA-256,
SHA-512 scheduling algorithm;The symmetric encipherment algorithm of N kind can include DES, AES-128, AES-256,
AES-512 etc., certain above-mentioned each algorithm types can be further added by as required, and the algorithm of increase is the most, and
The speed that cracks of row equipment declines the most obvious.
It should be noted that the file destination described in the embodiment of the present invention, can be concrete file or
Person is database.Owing to final authentication secret is the most relevant with password and random value salt, only need during password authentification
To read random value salt and final authentication secret from file destination, therefore the present invention only says and describes random value
Salt and the storage of final authentication secret.
It addition, the memory space in the embodiment of the present invention refers to one piece of memory headroom, it is used for preserving the Kazakhstan of each step
Wishing algorithm and the input of symmetric encipherment algorithm and output data, these are all the ephemeral datas during calculating,
It it not final result.The result of step 11 is only the data that finally should be saved in file destination.
Visible, that the embodiment of the present invention provides dynamic key generation method, before AES each time all
Once Hash calculation, consequent cryptographic Hash as temporary key for the symmetric encipherment algorithm of epicycle,
Overcome prior art password and generate in cipher key processes the shortcoming that algorithm is single, flow process is fixing, different passwords
Calculation process is all not quite similar, though same password and identical file, due to the generation of different time algorithm
Random value i.e. salt value is different, so flow process is the most different, the most unpredictable go out password specifically used
Algorithm and flow process, only just can be confirmed after each step has calculated;Meanwhile, this programme can root
The demand for security on border introduces different algorithms factually, and autgmentability is strong;The wheel number of calculation process is long also according to password
Short necessarily optimize, ensure the safety of short password to a certain extent.
Corresponding above-mentioned dynamic key generation method embodiment, present invention also offers a kind of dynamic key raw
Become device embodiment, see Fig. 2, it is shown that the structure of a kind of dynamic key generating device embodiment of the present invention
Block diagram, including:
Algorithm presets unit 31, uses symmetric encipherment algorithm in M kind hash algorithm and N to generate close for presetting
Key, also includes:
Random value signal generating unit 32, for one salt value of stochastic generation, is saved in file destination;
First writing unit 33, for toward repeat in an empty storage space to fill in clear-text passwords and described with
Some times of the described salt value that machine value signal generating unit generates;
First computing unit 34, for calculating all byte sums of current memory space, to M remainder number,
It is labeled as the first remainder;
Hash algorithm chooses unit 35, is used for the first remainder according to the first computing unit 34 output from described calculation
Method presets the hash algorithm choosing correspondence in unit;
Hash calculation unit 36, the hash algorithm for utilizing hash algorithm to determine that unit 35 obtains calculates current
The cryptographic Hash of memory space;
Second computing unit 37, for calculating all byte sums of the cryptographic Hash of Hash calculation unit 36 output,
To N remainder number, it is labeled as the second remainder;
Symmetric encipherment algorithm chooses unit 38, is used for the second remainder according to the second computing unit 37 output from calculation
Method presets the symmetric encipherment algorithm choosing correspondence in unit 31;
Second writing unit 39, repeats to fill in based on clear-text passwords and described Hash by continuing in memory space
Some times of the cryptographic Hash of calculation unit output;
Computations unit 310, for utilizing symmetric encipherment algorithm to choose the symmetric cryptography calculation that unit 38 is chosen
Method is encrypted calculating to current memory space, obtains intermediate ciphertext;
Circulation performance element 311, for recursive call the first computing unit 34 to computations unit 310,
Circulation performs respective operations several times, obtains final ciphertext;
Authentication secret generation unit 312, is carried out for the final ciphertext finally obtaining circulation performance element 311
Hash calculation, obtains final authentication secret;
Memory element 313, for storing the intermediate data of each unit output and by authentication secret generation unit 312
The final authentication secret generated is saved in above-mentioned file destination.
Optionally, random value signal generating unit 32, specifically for stochastic generation one 16~the salt value of 64 bytes,
It is saved in file destination.
First writing unit 33, specifically for repeating to fill in clear-text passwords and institute in an empty storage space
State salt value 8~20 times.
Second writing unit 39, specifically for repeating to fill in clear-text passwords and described Kazakhstan in described memory space
The cryptographic Hash 64 of uncommon computing unit output~256 times.
Circulation performance element 311, specifically for the first computing unit described in recursive call to computations unit,
Circulation performs respective operations (16~64) * y time, obtains final ciphertext;Wherein, Password Length factor y root
According to application scenario, performance and the requirement of safety are adjusted.
In sum, this programme proposes a kind of dynamic key generation method and device have employed dynamic encryption machine
System, comprises multiple hash algorithm and symmetric encipherment algorithm under this mechanism, different passwords can use different calculations
Method and key product process, the algorithm that unpredictable next round uses before takes turns and calculated;Meanwhile, meter
Calculation process carries out the computations of certain data volume, make use of parallel computation equipment do not have branch prediction function,
Carry out the problem that big data quantity access delay is serious, reduce the performance of parallel computation equipment.Due to this programme not
The amount of calculation of substantial increase password verification process, so the calculating time on CPU will not substantially increase, tests
Speed during card password, goes for the occasion higher to performance requirement, and can significantly reduce
Parallel computation equipment crack speed, improve the safety of encryption data.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and each embodiment stresses
Being all the difference with other embodiments, between each embodiment, identical similar part sees mutually.
For system embodiment, due to itself and embodiment of the method basic simlarity, so describe is fairly simple,
Relevant part sees the part of embodiment of the method and illustrates.
Key generation method dynamic to one provided by the present invention and device, be described in detail above,
Principle and the embodiment of the present invention are set forth by specific case used herein, above example
Method and the core concept thereof being only intended to help to understand the present invention is described;General simultaneously for this area
Technical staff, according to the thought of the present invention, the most all will change,
In sum, this specification content should not be construed as limitation of the present invention.
Claims (10)
1. a dynamic key generation method, it is characterised in that first preset and use M kind hash algorithm and N kind symmetric encipherment algorithm to generate key, specifically include:
Step one, one salt value of stochastic generation, be saved in file destination;
If step 2, repeating to fill in clear-text passwords and described salt value in an empty storage space
Dry time;
Step 3, calculating current memory space all bytes sum, to M remainder number, be labeled as the first remainder;
Step 4, according to described first remainder choose from described M kind hash algorithm correspondence hash algorithm;
The hash algorithm that step 5, utilization are chosen calculates the cryptographic Hash of current memory space;
Step 6, calculate the byte sum of cryptographic Hash described in described step 5 gained, to N remainder number, be labeled as the second remainder;
Step 7, according to described second remainder choose from described N kind symmetric encipherment algorithm correspondence symmetric encipherment algorithm;
Step 8, continuation repeat to fill in some times of cryptographic Hash described in described clear-text passwords and described step 5 gained in memory space;
The symmetric encipherment algorithm that step 9, utilization are chosen is encrypted calculating to current memory space, obtains intermediate ciphertext;
Step 10, return step 3, circulation performs described step 3 to step 9 several times, obtains final ciphertext;
Step 11, the final ciphertext finally obtained is carried out Hash calculation, obtain final authentication secret;
Step 12, described final authentication secret is saved in described file destination.
Dynamic key generation method the most according to claim 1, it is characterised in that described step one, particularly as follows: the salt value of one 16 ~ 64 byte of stochastic generation, is saved in file destination.
Dynamic key generation method the most according to claim 1, it is characterised in that described step 2 is particularly as follows: toward repeating to fill in the first clear-text passwords and described salt value 8 ~ 20 times in an empty storage space.
Dynamic key generation method the most according to claim 1, it is characterised in that described step 8 is particularly as follows: toward repeating to fill in second plaintext password in described memory space and described cryptographic Hash that described step 5 calculates 64 ~ 256 times.
Dynamic key generation method the most according to claim 1, it is characterised in that described step 10 is particularly as follows: return step 3, and circulation performs described step 3 to step 9 (16 ~ 64) * y time, obtains final ciphertext;Wherein, performance and the requirement of safety are adjusted by Password Length factor y according to application scenario.
6. a dynamic key generating device, it is characterised in that include that algorithm presets unit, uses symmetric encipherment algorithm in M kind hash algorithm and N to generate key for presetting, also includes:
Random value signal generating unit, for generating a salt value, is saved in file destination;
First writing unit, for toward some times of the described salt value repeating to fill in clear-text passwords and the generation of described random value signal generating unit in an empty storage space;
First computing unit, for calculating all byte sums of current memory space, to M remainder number, is labeled as the first remainder;
Hash algorithm chooses unit, is used for the first remainder according to described first computing unit output and presets the hash algorithm choosing correspondence unit from described algorithm;
Hash calculation unit, the hash algorithm for utilizing described hash algorithm to determine that unit obtains calculates the cryptographic Hash of current memory space;
Second computing unit, for calculating the byte sum of the described cryptographic Hash that described Hash calculation unit obtains, to N remainder number, is labeled as the second remainder;
Symmetric encipherment algorithm chooses unit, is used for the second remainder according to described second computing unit output and presets the symmetric encipherment algorithm choosing correspondence unit from described algorithm;
Second writing unit, for continuing to repeat toward memory space in fill in described clear-text passwords and some times of cryptographic Hash that described Hash calculation unit exports;
Computations unit, is encrypted calculating for the symmetric encipherment algorithm utilizing described symmetric encipherment algorithm to choose unit selection to current memory space, obtains intermediate ciphertext;
Circulation performance element, for the first computing unit described in recursive call to computations unit, circulation performs respective operations several times, obtains final ciphertext;
Authentication secret generation unit, carries out Hash calculation for the final ciphertext finally obtaining described circulation performance element, obtains final authentication secret;
Storage unit, for storing the intermediate data of each unit output and the final authentication secret that described authentication secret generation unit exports being saved in described file destination.
Dynamic key generating device the most according to claim 6, it is characterised in that described random value signal generating unit, specifically for the salt value of one 16 ~ 64 byte of stochastic generation, is saved in file destination.
Dynamic key generating device the most according to claim 6, it is characterised in that described first writing unit, specifically for repeating to fill in clear-text passwords and described salt value 8 ~ 20 times in an empty storage space.
Dynamic key generating device the most according to claim 6, it is characterised in that described second writing unit, specifically for repeating to fill in the cryptographic Hash 64 ~ 256 times of clear-text passwords and the output of described Hash calculation unit in described memory space.
Dynamic key generating device the most according to claim 6, it is characterised in that described circulation performance element, specifically for the first computing unit described in recursive call to computations unit, circulation performs respective operations (16 ~ 64) * y time, obtains final ciphertext;Wherein, password authentification efficiency and the requirement of safety are adjusted by Password Length factor y according to application scenario.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526531.XA CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526531.XA CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103546281A CN103546281A (en) | 2014-01-29 |
| CN103546281B true CN103546281B (en) | 2016-08-17 |
Family
ID=49969362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310526531.XA Active CN103546281B (en) | 2013-10-31 | 2013-10-31 | Dynamic key generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546281B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106161472A (en) * | 2016-09-05 | 2016-11-23 | 上海前隆金融信息服务有限公司 | A kind of method of data encryption, Apparatus and system |
| CN113852461B (en) * | 2021-09-26 | 2024-02-02 | 深圳万兴软件有限公司 | Password recovery method and device, computer equipment and storage medium |
| CN114938358B (en) * | 2022-04-14 | 2024-02-23 | 厦门市美亚柏科信息股份有限公司 | Backup method and terminal for instant messaging application data |
| CN114745118A (en) * | 2022-05-26 | 2022-07-12 | 北京金橙子科技股份有限公司 | Key searching method based on hash table index and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630999A (en) * | 1999-02-17 | 2005-06-22 | 格姆普拉斯公司 | Method for countermeasure in an electronic component using a secret key algorithm |
| CN1700639A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information |
| CN102045169A (en) * | 2010-12-10 | 2011-05-04 | 厦门市美亚柏科信息股份有限公司 | New password authentication method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8769637B2 (en) * | 2007-03-23 | 2014-07-01 | Sap Ag | Iterated password hash systems and methods for preserving password entropy |
-
2013
- 2013-10-31 CN CN201310526531.XA patent/CN103546281B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630999A (en) * | 1999-02-17 | 2005-06-22 | 格姆普拉斯公司 | Method for countermeasure in an electronic component using a secret key algorithm |
| CN1700639A (en) * | 2004-05-21 | 2005-11-23 | 华为技术有限公司 | Method for leading-in and leading-out WLAN authentication and privacy infrastructure certificate information |
| CN102045169A (en) * | 2010-12-10 | 2011-05-04 | 厦门市美亚柏科信息股份有限公司 | New password authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103546281A (en) | 2014-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103546281B (en) | Dynamic key generation method and device | |
| CN103716157B (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN107678763A (en) | Electric energy meter upgrade method and system based on digital signature technology | |
| CA2950766C (en) | Controlling access to a resource via a computing device | |
| CN101834840A (en) | Efficient key derivation for end-to-end network security with traffic visibility | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN111259416A (en) | Multi-algorithm security encryption authentication system and method based on FPGA | |
| CN106878322B (en) | A kind of encryption and decryption method of fixed length ciphertext and key based on attribute | |
| US9917695B2 (en) | Authenticated encryption method using working blocks | |
| CN107634832A (en) | Character string encryption, verification method, device, computer-readable recording medium | |
| US8953786B2 (en) | User input based data encryption | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| US20180183574A1 (en) | Efficient cryptographically secure control flow integrity protection | |
| CN103746805B (en) | The generation method and system of external authentication key | |
| CN109257176A (en) | Decruption key segmentation and decryption method, device and medium based on SM2 algorithm | |
| CN106972924A (en) | Encryption, decryption, Electronic Signature, the method and device for verifying stamped signature | |
| CN109981282A (en) | Improve method, apparatus, system and the storage medium of image data transmission safety | |
| CN105307164B (en) | A kind of authentication method of wearable device | |
| Gayathri et al. | Hybrid cryptography for random-key generation based on ECC algorithm | |
| Nabil et al. | Design and implementation of pipelined and parallel AES encryption systems using FPGA | |
| CN107634950A (en) | A kind of method that unloading SSL/TLS agreements are designed using pipeline hardware | |
| CN107872315A (en) | Data processing method and intelligent terminal | |
| CN102045169B (en) | A kind of New password authentication method and device | |
| CN105933120A (en) | Spark platform-based password hash value recovery method and device | |
| CN114095259B (en) | Authentication encryption and decryption device and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |