CN111984978B - High-expansibility password encryption storage method - Google Patents
High-expansibility password encryption storage method Download PDFInfo
- Publication number
- CN111984978B CN111984978B CN202010813628.9A CN202010813628A CN111984978B CN 111984978 B CN111984978 B CN 111984978B CN 202010813628 A CN202010813628 A CN 202010813628A CN 111984978 B CN111984978 B CN 111984978B
- Authority
- CN
- China
- Prior art keywords
- salt
- password
- user
- encryption algorithm
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The invention provides a high-expansibility encrypted storage method, which is characterized in that different encryption algorithms are configured, salt values of the encryption algorithms are encrypted once, and then coding rules are set to realize storage of a plaintext password, a ciphertext password, the salt values, encrypted salt values and the like of a user, so that the password encrypted storage with high safety, high transportability and high maintainability is realized. The invention expands the diversity of the password storage encryption algorithm, double encryption of the salt value and the password is carried out, then the salt value and the password are encoded and stored, and meanwhile, the interference factor is increased, thereby greatly increasing the difficulty of password cracking. Meanwhile, the user-defined encryption algorithm, the password storage coding rule and the specified noise factor position and length are supported, and the complexity and diversity of the password storage scheme can be flexibly increased. Meanwhile, the scheme is friendly to system upgrading and data migration, and can well meet the upgrading and expansion of the system.
Description
Technical Field
The invention belongs to the technical field of computer information security, and particularly relates to a high-expansibility password encryption storage method.
Background
In the era of information digitization, information security is more and more important, and the existing encryption methods have the following defects:
in terms of safety: in some existing cryptographic schemes, a popular way is to determine an encryption algorithm by a system, then perform salt encryption on the cipher to obtain a cipher text, and then store the cipher text field and the salt field respectively. The method has the disadvantages that the ciphertext and the salt value are analyzed through the database field, the cracking cost is reduced, and if the database data is leaked, lawless persons can try to crack the encryption algorithm used by the system by trying the existing encryption algorithm in a brute force cracking mode. This is less secure in terms of information security.
In terms of maintainability: in the existing popular password management mode, after a system determines an encryption mode, if a new encryption algorithm needs to be expanded and supported, a lot of compatible work needs to be done, and the compatibility processing needs to be done on the encryption verification of old data, which involves changing the original code of the system. The cryptographic module is a core module of the system comparison, and the updating and maintenance cost is very high. In some service scenarios, different clients have different requirements on the encryption algorithm of the system, and in this case, the cost for modifying the system is higher. Therefore, the maintainability is also desired to be improved.
In terms of portability: the existing popular password storage mode is to ensure that the password encryption algorithms of a new system and an old system are required to be kept consistent when the system is upgraded and data is migrated, so that the possibility that the new system uses the new encryption algorithm is restricted.
Disclosure of Invention
Aiming at the defects of the prior art in the aspects of safety, maintainability and transportability, the invention provides a high-expansibility password encryption storage method, which is characterized in that different encryption algorithms are configured, salt values of the encryption algorithms are encrypted once, and then coding rules are set to realize the storage of a plaintext password, a ciphertext password, the salt values, encrypted salt values and the like of a user, so that the password encryption storage with high safety, high transportability and high maintainability is realized.
The specific implementation content of the invention is as follows:
the invention provides a high-expansibility encryption storage method for passwords, which comprises the following steps:
step 1: firstly, acquiring an encryption algorithm list generated by an encryption algorithm configuration module; the encryption algorithm list comprises a plurality of encryption algorithms, and each encryption algorithm has a unique code and a corresponding name and type; the types comprise system built-in and user addition;
and 2, step: generating a random character string with the length of 32 bits in an encryption salt value generation module, wherein the random character string is a salt value salt of an encryption algorithm; then symmetrically encrypting the salt value salt through the aes algorithm to obtain an encrypted salt value aes _ salt;
and 3, step 3: acquiring an encryption algorithm set by a user at a password encryption module, judging whether the salt value salt is needed to encrypt a user password s of the user through the encryption algorithm, and if the salt value salt is needed, performing the encryption algorithm on the user password s through the encryption algorithm to obtain a password ciphertext clipertext of the user password s;
and 4, step 4: generating a coding rule list for storing the password in a password storage coding module, and carrying out bit sequence coding storage on a user password s, an encrypted password ciphertext clipertext and a salt value salt;
and 5: and verifying the user name input by the user and the plaintext playtext of the password through a password verification module.
In order to better implement the present invention, further, a key k is set in the stages of step 2 and step 5, and in the stage of step 2, an aes encryption function is used in combination with the key k to encrypt the salt value salt of the plaintext to generate an encrypted salt value aes _ salt; and in the stage of step 5, carrying out decryption verification on the encrypted salt value aes _ salt by using an aes decryption function and combining the key k.
In order to better implement the present invention, further, the encoding rule list includes a plurality of encoding rules, each encoding rule has a unique id;
and the coding rules in the coding rule list are divided into system built-in and user addition.
To better implement the present invention, further, the user adds: the user selects the arrangement sequence of the encryption algorithm, the encrypted salt value aes _ salt and the cipher text clipertext, and adds a noise factor noise with a fixed length len to an index fixed in a cipher storage field.
To better implement the present invention, further, the noise factor noise length is less than 64 bits.
In order to better implement the present invention, further, the specific operations of step 5 are:
step 5.1: acquiring a plaintext playext of a user name and a password input by a user;
step 5.2: inquiring the stored user password s through the user name, if the corresponding user name is not inquired in the system or the user password s is not encrypted through salt value salt, directly returning, and failing to verify the password;
step 5.3: if a corresponding user name is inquired in the system or the user password s is encrypted through salt, analyzing the stored user password s, and acquiring id of an encoding rule of an encryption algorithm by analyzing the first two bits of data of the user password s;
step 5.4: acquiring a coding rule through the obtained id of the coding rule, eliminating a noise factor noise from a user password s through the coding rule, and acquiring a coding code of an encryption algorithm, an encrypted salt value aes _ salt and an encrypted password ciphertext clipertext;
step 5.5: acquiring a corresponding encryption algorithm through the coding code, judging whether a salt value aes _ salt needing to be decrypted exists or not through the encryption algorithm, and decrypting the salt value aes _ salt through an aes decryption function to obtain the salt value salt if the salt value aes _ salt needing to be decrypted exists;
step 5.6: encrypting a plaintext playext input by a user through an encryption algorithm to obtain an input encrypted password ciphertext 1;
step 5.7: comparing the input encrypted password ciphertext clipertext1 with the stored password ciphertext clipertext, if the comparison result is the same, successfully verifying the password, and allowing a user to perform other protected operations; and if the comparison result is inconsistent, the password verification fails, and the user is blocked from performing other operations.
In order to better implement the present invention, the basis for determining whether the user password s of the user needs to be encrypted by the encryption algorithm using the salt is as follows:
for the encryption algorithm built in the system in the step 1, salt value salt is used for encryption;
for the encryption algorithm added by the user in step 1, calling an isNeedSalt method realized by the encryption algorithm by using an execution tool corresponding to a programming language specified by the encryption algorithm to judge whether a salt value salt is needed, if the return value is true, the salt value salt is needed, and if the return value is false, the salt value salt is not needed.
In order to better implement the invention, further, when a user adds an encryption algorithm, the encryption algorithm to be added needs to be named, after the encryption algorithm is successfully added, a unique coding code is generated for the newly added encryption algorithm in the system, then an encryption algorithm list is obtained, and the newly added encryption algorithm is set as a default encryption algorithm for encrypting the user password s.
In order to better implement the present invention, further, the specific operations of adding the encryption algorithm are as follows:
firstly, a user selects a programming language for encrypting an encryption algorithm to be realized;
then the code template corresponding to the programming language encryption algorithm is filled, said code template comprising two methods that the encryption algorithm to be added has to implement:
the method comprises the following steps: isNeedSalt () cool (if salt value salt is required)
-method name: isNeedSalt
-parameters: is composed of
-return value: the pool type, if the encryption algorithm needs salt value salt, returning true; returning false if the salt value salt is not needed;
the method 2 comprises the following steps: encrypted string (encrypting the plaintext)
-the method name: encrypted
-parameters: plaintext playing, string type, plaintext input by a user; salt value salt, string type, salt value salt needed by the encryption algorithm, if isneedleSalt () method returns false, parameters should not be used in the implementation of the encryption method;
-return value: and a string type, namely returning a cipher text clipertext after the user cipher s is encrypted.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) The method and the device of the invention store the ciphertext and the salt value by encrypting the salt value and carrying out bit sequence encoding on the password storage mode, thereby increasing the difficulty of analyzing the ciphertext and the salt value and further improving the difficulty of cracking the password. The invention can still ensure that the password cannot be easily cracked under the condition that the database data is leaked. Even if the encryption algorithm and the password coding rule are cracked, because the salt value is also encrypted into the encrypted salt value, the real password of the user cannot be obtained;
(2) The encryption algorithm module supports user self-definition, can well improve the expandability and maintainability of the system, has higher new performance and higher cracking cost along with the development of times, and can be configured into a new encryption algorithm without modifying a line of codes to utilize the new encryption algorithm. And does not affect the verification of those ciphers encrypted with the previous encryption algorithm. The password security is better ensured while the good maintainability is ensured;
(3) The portability of the software system is one of important indexes for measuring the quality of the software, the good portability can improve the life cycle of the software, and the password management part is the core function of a plurality of software systems, so the portability of the password has great influence on the portability of the whole software. The invention enables the stored password to have self-description capability by encoding the password storage format, and has good flexibility when dealing with system upgrade, data migration and system transplantation.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a schematic diagram of salt encryption according to the present invention;
FIG. 3 is a schematic diagram of the decryption of encrypted salt values according to the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments, and therefore should not be considered as limiting the scope of protection. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Example 1:
the embodiment provides a method for storing high-scalability passwords in an encrypted manner, which includes the following steps, as shown in fig. 1:
step 1: firstly, an encryption algorithm list generated by an encryption algorithm configuration module is obtained; the encryption algorithm list comprises a plurality of encryption algorithms, and each encryption algorithm has a unique code and a corresponding name and type; the types comprise system build-in and user addition;
step 2: generating a random character string with the length of 32 bits in an encryption salt value generation module, wherein the random character string is a salt value salt of an encryption algorithm; then symmetrically encrypting the salt value salt through the aes algorithm to obtain an encrypted salt value aes _ salt;
and step 3: acquiring an encryption algorithm set by a user at a password encryption module, judging whether the salt value salt is needed to encrypt a user password s of the user through the encryption algorithm, and if the salt value salt is needed, performing the encryption algorithm on the user password s through the encryption algorithm to obtain a ciphertext clipertext of the user password s;
and 4, step 4: generating a coding rule list for storing the password in a password storage coding module, and carrying out bit sequence coding storage on a user password s, an encrypted password ciphertext clipertext and a salt value salt;
and 5: and verifying the user name and the plaintext playtext of the password input by the user through the password teaching and research module.
The working principle is as follows: in the invention, the used encryption algorithm can be various existing popular password encryption algorithms, and meanwhile, the user-defined encryption algorithm can also be used, and the user only needs to write the realization of the encryption algorithm into the configuration of the encryption algorithm; the system generates a unique code for each added encryption algorithm;
salt used for encryption is used for increasing the cost of password cracking, salt values are encrypted once when the password is stored, the encryption method is symmetrical encryption, and when the password is verified, ciphertext can be obtained according to the salt values, and plaintext can be obtained;
the coding rule stored in the password can be configured by a user, a unique rule _ id is generated every time a new coding rule is established, and the coding rule of the password is limited to be unchangeable in order to ensure the accuracy of data. The coding rule determines the format of the password stored in the database, and also determines the encryption algorithm, the salt value and the mode of the ciphertext for analyzing the password in the encryption verification process.
Example 2:
in this embodiment, on the basis of the above embodiment 1, in step 1, the specific steps are:
step 1.1: a user acquires a password encryption algorithm list, wherein each encryption algorithm has a unique code, a corresponding name and a corresponding type, and the system is built-in and is added by the user; encryption algorithms built into the system such as md5, sha, hamc, pkddf2, crc, etc.:
step 1.2: the user selects the password encryption algorithm which the user wants to set, and if the encryption algorithm which the user wants to set exists in the current encryption algorithm list, the algorithm is directly selected and set; otherwise, adding and setting through the step s 1.3;
step 1.3: the user adds the encryption algorithm, names the encryption algorithm, and after the encryption algorithm is successfully added, the system generates a unique code for the newly added encryption algorithm; then acquiring an encryption algorithm list, and setting a newly added encryption algorithm as a default encryption algorithm of the password;
adding the details of an encryption algorithm as follows;
step 1.3.1: the user selects the programming language used for encrypting the encryption algorithm to be implemented, such as java, golang, python, php, and the like;
step 1.3.2: populating a code template corresponding to a programming language encryption algorithm, the encryption algorithm code template specifying two methods that the encryption algorithm to be added must implement:
the method comprises the following steps: isNeedSalt () pool
-method name: isNeedSalt (salt if salt is required)
-parameters: is free of
-return value: a pool type, if the encryption algorithm needs a salt value, returning true; if the salt value is not needed, returning false;
the method 2 comprises the following steps: encrypted (salt string) string
The method name is: encrypted (encrypting the plaintext)
-parameters: playing, string type, plaintext input by a user; salt, string type, salt value needed by the encryption algorithm, if the isneedleSalt () method returns false, this argument should not be used in the implementation of the encryption method.
-return value: string type, returning the encrypted ciphertext of the plaintext.
After the encryption algorithm is newly added by the user, the system can select a compiling and executing tool of the corresponding language code according to the programming language type selected by the user; whether the new encryption algorithm of the user has grammar errors or not is checked, and whether two methods specified in the template are realized or not is checked. Note: the system has installed the compilation and execution tools of python, java, php and golang: for example: python is a version of python3.6 and beyond, java is a version of jdk1.14 and above, php is a version of php5.6 and above, and golang is a version of go1.14 and above.
Other parts of this embodiment are the same as those of embodiment 1, and thus are not described again.
Example 3:
on the basis of any one of the foregoing embodiments 1-2, as shown in fig. 2 and 3, the present embodiment encrypts the salt value salt to generate an encrypted salt value aes _ salt, and decrypts the encrypted salt value back to the salt value salt;
the function and significance of the following parts are briefly described as follows:
salt value salt: data not encrypted, in the present system unencrypted salt
And a secret key K: the salt used to encrypt the plaintext salt, in a symmetric encryption algorithm, the encryption and decryption keys k are the same. The key k is generated by the negotiation between the receiver and the sender, but cannot be directly transmitted on the network, otherwise the key k is leaked, and the key k is usually encrypted through an asymmetric encryption algorithm and then transmitted to the other party through the network, or the key k is directly subjected to face-to-face trading. The key k is absolutely not leaked, otherwise, an attacker can restore the salt value salt and steal confidential data, and the system is built-in.
Encrypted salt value aes _ salt: the data processed by the encryption function is the encrypted salt value aes _ salt in the system
AES encryption function: and if the AES encryption function is E, AES _ salt = E (K, salt), where salt is plaintext, K is a secret key, and encrypted salt AES _ salt is ciphertext. That is, the salt value salt of the plaintext and the key K are input as parameters of the encryption function, and the encryption function E outputs the encrypted salt value aes _ salt of the ciphertext.
AES decryption function: and if the AES decryption function is D, P = D (K, C), where C is the encrypted salt AES _ salt, K is the key, and P is the decrypted salt. That is, the ciphertext C and the key K are input as parameters of the decryption function, and the decryption function outputs the plaintext P. In the encryption verification process of the system, if the corresponding password encryption algorithm needs to use the salt value, the encrypted salt value aes _ salt and the aes decryption function need to be decrypted into the salt value plaintext salt for the password encryption algorithm to use.
Other parts of this embodiment are the same as any of embodiments 1-2 described above, and thus are not described again.
Example 4:
this embodiment is based on any of the above embodiments 1 to 3, and in step 3:
step 3.1: acquiring an encryption algorithm set by a user;
step 3.2: judging whether a salt value salt is needed or not according to the realization of an encryption algorithm;
here, the judgment is made in two categories:
-algorithm built in system: adding salt values as defaults;
the algorithm added by the user calls an isNeedSalt method realized by the algorithm by using an execution tool corresponding to the programming language specified by the algorithm to judge whether the salt value is needed, if the return value is true, the salt value is needed, and if the return value is false, the salt value is not needed.
Step 3.3, encrypting the user password s of the user through an encryption algorithm to obtain a ciphertext of the user password s, and setting a variable name of the ciphertext as follows: clipertext.
Other parts of this embodiment are the same as any of embodiments 1 to 3, and thus are not described again.
Example 5:
this embodiment is based on any of the above embodiments 1 to 4, and in step 4:
step 4.1: a user obtains a coding rule list stored by a password, wherein each coding rule has a unique id;
step 4.2: setting a coding rule by a user, if the coding rule is not wanted by the user, adding a new coding rule through s4.3, and setting;
step 4.3: adding a coding rule, wherein a user can select an encryption algorithm, encrypt a salt value aes _ salt and an arrangement sequence of ciphertext clipertext, and can also set a fixed index at a certain position and add a noise factor noise with a fixed length len; the noise factor length is recommended to be less than 64 bits.
The convention of the encoding rules and the variables are explained as follows:
s: the final storage variable name of the password;
the rule _ id is id of the encoding rule, 2 bits are 16-system numbers, and must be the first two bits of s, and theoretically, the scheme can support different encoding rules in 255;
code, namely the code of an encryption algorithm, namely 2-bit 16-system number, wherein theoretically, the scheme can support different encryption algorithms in 255;
aes _ salt is an encrypted salt value generated by symmetrically encrypting the salt value salt;
noise factor, random character string with length specified by coding rule;
clipertext is the cipher text generated after the cipher is encrypted by an encryption algorithm.
An example encoding rule here is as follows:
Example:
in the coding rule set by a user, an encryption algorithm and encryption salt values are arranged in sequence, the position where a noise factor appears is the 37 th bit of the whole s, and the length is 32 bits; the composition structure of s is as follows:
s = ruleid (2 bits) + code (2 bits) + aes _ salt (32 bits) + noise (32 bits) + clipertext (the number of bits depends on the length of the encryption algorithm and the plaintext).
Other parts of this embodiment are the same as any of embodiments 1 to 4, and thus are not described again.
Example 6:
in this embodiment, on the basis of any one of embodiments 1 to 5, step 5 specifically includes the following steps:
step 5.1: acquiring a plaintext playext of a user name and a password input by a user;
step 5.2: inquiring a user password s stored in the system through the user name, and if the user does not exist in the system or the user password s is not set, directly returning, wherein the password verification fails;
step 5.3: analyzing the stored s, and obtaining a coding rule _ id of an encryption algorithm by analyzing the first two bits of the s;
step 5.4: obtaining a coding rule through rule _ id, eliminating noise from s through rule, and obtaining an encryption algorithm code, an encrypted salt value aes _ salt and an encrypted cipher text clipertext;
and step 5.5: acquiring a corresponding encryption algorithm through the code, judging whether the salt value needs to be decrypted through the encryption algorithm, and if the salt value needs to be decrypted, decrypting the aes _ salt through the aes algorithm to obtain the salt value salt;
step 5.6: encrypting a plaintext playlist input by a user through an encryption algorithm to obtain clipertext1;
step 5.7: comparing a ciphertext clipertext1 obtained after encrypting a plaintext input by a user with a stored password ciphertext clipertext, and if the ciphertext is the same as the password ciphertext clipertext, successfully verifying the password, and allowing the user to perform other protected operations; if not, the password verification fails, and the user is blocked from performing other operations.
Other parts of this embodiment are the same as any of embodiments 1 to 5, and thus are not described again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.
Claims (8)
1. A high-expansibility password encryption storage method is based on an encryption algorithm configuration module, an encryption salt value generation module, a password encryption module, a password storage coding module and a password verification module, and is characterized by comprising the following steps:
step 1: firstly, an encryption algorithm list generated by an encryption algorithm configuration module is obtained; the encryption algorithm list comprises a plurality of encryption algorithms, and each encryption algorithm has a unique code and a corresponding name and type; the types comprise system build-in and user addition;
step 2: generating a random character string with the length of 32 bits in an encryption salt value generation module, wherein the random character string is a salt value salt of an encryption algorithm; then symmetrically encrypting the salt value salt through the aes algorithm to obtain an encrypted salt value aes _ salt;
and step 3: acquiring an encryption algorithm set by a user at a password encryption module, judging whether the salt value salt is needed to encrypt a user password s of the user through the encryption algorithm, and if the salt value salt is needed, encrypting the user password s through the encryption algorithm to obtain a password ciphertext clipertext of the user password s;
and 4, step 4: generating a coding rule list for storing the password in a password storage coding module, and carrying out bit sequence coding storage on a user password s, an encrypted password ciphertext clipertext and a salt value salt;
and 5: verifying the user name and the plaintext playtext of the password input by the user through a password verification module;
setting a key k in the steps 2 and 5, and encrypting the salt value salt of the plaintext by using an aes encryption function and the key k to generate an encrypted salt value aes _ salt in the step 2; and in the step 5 stage, the encrypted saline value aes _ salt is decrypted and checked by an aes decryption function and the secret key k.
2. The storage method of claim 1, wherein the coding rule list comprises a plurality of coding rules, each coding rule having a unique id;
and the coding rules in the coding rule list are divided into system built-in and user addition.
3. The method for storing the high extensibility password encryption of claim 2, wherein the user addition is: the user selects the arrangement sequence of the encryption algorithm, the encrypted salt value aes _ salt and the cipher text clipertext, and adds a noise factor noise with a fixed length len to an index fixed in a cipher storage field.
4. The storage method of claim 3, wherein the noise factor noise is less than 64 bits long.
5. The method for encrypting and storing the highly extensible password according to claim 3, wherein the specific operations in step 5 are:
step 5.1: acquiring a plaintext playext of a user name and a password input by a user;
step 5.2: inquiring the stored user password s through the user name, if the corresponding user name is not inquired in the system or the user password s is not encrypted through a salt value salt, directly returning, and failing to verify the password;
step 5.3: if the corresponding user name or the user password s is inquired in the system and encrypted through the salt value salt, analyzing the stored user password s, and obtaining the id of the encoding rule of the encryption algorithm through analyzing the first two bits of data of the user password s;
step 5.4: acquiring a coding rule through the obtained id of the coding rule, eliminating a noise factor noise from a user password s through the coding rule, and acquiring a coding code of an encryption algorithm, an encrypted salt value aes _ salt and an encrypted password ciphertext clipertext;
step 5.5: acquiring a corresponding encryption algorithm through the coding code, judging whether a salt value aes _ salt needing to be decrypted exists or not through the encryption algorithm, and decrypting the salt value aes _ salt through an aes decryption function to obtain the salt value salt if the salt value aes _ salt needing to be decrypted exists;
step 5.6: encrypting a plaintext playext input by a user through an encryption algorithm to obtain an input encrypted password ciphertext 1;
step 5.7: comparing the input encrypted password ciphertext clipertext1 with the stored password ciphertext clipertext, and if the comparison result is the same, successfully verifying the password, and allowing a user to perform other protected operations; and if the comparison result is inconsistent, the password verification fails, and the user is blocked from performing other operations.
6. The method as claimed in claim 1, wherein the judgment of whether the user password s of the user needs to be encrypted by the encryption algorithm using the salt is based on:
for the encryption algorithm built in the system in the step 1, salt is used for encryption;
for the encryption algorithm added by the user in step 1, calling an isNeedSalt method realized by the encryption algorithm by using an execution tool corresponding to a programming language specified by the encryption algorithm to judge whether a salt value salt is needed, if the return value is true, the salt value salt is needed, and if the return value is false, the salt value salt is not needed.
7. The method for storing the high-extensibility password encryption as claimed in claim 1 or 6, wherein when the user adds the encryption algorithm, the encryption algorithm to be added needs to be named, after the addition is successful, a unique code is generated in the system for the newly added encryption algorithm, then an encryption algorithm list is obtained, and the newly added encryption algorithm is set as a default encryption algorithm for encrypting the user password s.
8. The storage method of the high extensibility cryptographic encryption of claim 7, wherein the specific operation of adding the encryption algorithm is:
firstly, a user selects a programming language for encrypting an encryption algorithm to be realized;
then the code template corresponding to the programming language encryption algorithm is filled, said code template comprising two methods that the encryption algorithm to be added has to implement:
the method comprises the following steps: isNeedSalt () cool (if salt value salt is required)
-method name: isNeedSalt
-parameters: is free of
-return value: the pool type, if the encryption algorithm needs salt value salt, returning true; returning false if the salt value salt is not needed;
the method 2 comprises the following steps: encrypted string (encrypting the plaintext)
The method name is: encrypted
-parameters: plaintext playing, string type, plaintext input by a user; salt value salt, string type, salt value salt needed by the encryption algorithm, if isneedleSalt () method returns false, parameters should not be used in the implementation of the encryption method;
-return value: and a string type, namely returning a cipher text clipertext after the user cipher s is encrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010813628.9A CN111984978B (en) | 2020-08-13 | 2020-08-13 | High-expansibility password encryption storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010813628.9A CN111984978B (en) | 2020-08-13 | 2020-08-13 | High-expansibility password encryption storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111984978A CN111984978A (en) | 2020-11-24 |
| CN111984978B true CN111984978B (en) | 2022-11-29 |
Family
ID=73434195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010813628.9A Active CN111984978B (en) | 2020-08-13 | 2020-08-13 | High-expansibility password encryption storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111984978B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113014380B (en) * | 2021-02-08 | 2022-12-27 | 深圳市亿图软件有限公司 | File data password management method and device, computer equipment and storage medium |
| CN113051585B (en) * | 2021-03-10 | 2022-05-13 | 宁波小遛共享信息科技有限公司 | Data verification method and device, electronic equipment and storage medium |
| CN113158175B (en) * | 2021-04-26 | 2022-09-20 | 厦门绿洋环境技术股份有限公司 | Password management system and method for control equipment |
| CN113569120A (en) * | 2021-08-04 | 2021-10-29 | 成都安恒信息技术有限公司 | System and method for realizing webpage non-repudiation through original data |
| CN115022007B (en) * | 2022-05-30 | 2024-03-01 | 中国银行股份有限公司 | Data processing method, device, electronic equipment and storage medium |
| CN115102750B (en) * | 2022-06-16 | 2024-02-02 | 平安银行股份有限公司 | Private data processing method, system, computer terminal and readable storage medium |
| CN117118713A (en) * | 2023-08-30 | 2023-11-24 | 广州趣米网络科技有限公司 | Encryption algorithm based on double encryption |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
| TW201407412A (en) * | 2012-04-13 | 2014-02-16 | Ologn Technologies Ag | Apparatuses, methods and systems for computer-based secure transactions |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN108134666A (en) * | 2018-02-07 | 2018-06-08 | 北京安博通科技股份有限公司 | A kind of encrypting and decrypting method and device |
| CN109242751A (en) * | 2018-08-16 | 2019-01-18 | 电子科技大学 | A kind of image encryption method based on chaos tent maps and DNA decoding |
| CN109450622A (en) * | 2018-10-16 | 2019-03-08 | 平安普惠企业管理有限公司 | Data ciphering method, data verification method, device, equipment and storage medium |
| CN110098923A (en) * | 2019-04-08 | 2019-08-06 | 浙江大华技术股份有限公司 | A kind of method and apparatus of generation and verifying temporary password |
| CN110570344A (en) * | 2019-08-27 | 2019-12-13 | 河南大学 | Image encryption method based on random number embedding and DNA dynamic coding |
| CN110689645A (en) * | 2019-08-30 | 2020-01-14 | 安钥(北京)科技股份有限公司 | Reservation authorization method, reservation authorization verification method and device |
| CN111177699A (en) * | 2019-12-23 | 2020-05-19 | 恒大新能源汽车科技(广东)有限公司 | Data extraction method, secret key generation method, unlocking method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732163B (en) * | 2015-04-03 | 2017-11-03 | 宁波工程学院 | A kind of folder encryption method and encryption file application method |
| CN106446196A (en) * | 2016-09-29 | 2017-02-22 | 北京许继电气有限公司 | Autonomous controllable database data encryption and retrieval method and system based on random salt |
| CN108197478A (en) * | 2017-08-08 | 2018-06-22 | 鸿秦(北京)科技有限公司 | A kind of NandFlash encrypted file systems using random salt figure |
-
2020
- 2020-08-13 CN CN202010813628.9A patent/CN111984978B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201407412A (en) * | 2012-04-13 | 2014-02-16 | Ologn Technologies Ag | Apparatuses, methods and systems for computer-based secure transactions |
| CN103475463A (en) * | 2013-08-19 | 2013-12-25 | 华为技术有限公司 | Encryption realization method and apparatus |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN108134666A (en) * | 2018-02-07 | 2018-06-08 | 北京安博通科技股份有限公司 | A kind of encrypting and decrypting method and device |
| CN109242751A (en) * | 2018-08-16 | 2019-01-18 | 电子科技大学 | A kind of image encryption method based on chaos tent maps and DNA decoding |
| CN109450622A (en) * | 2018-10-16 | 2019-03-08 | 平安普惠企业管理有限公司 | Data ciphering method, data verification method, device, equipment and storage medium |
| CN110098923A (en) * | 2019-04-08 | 2019-08-06 | 浙江大华技术股份有限公司 | A kind of method and apparatus of generation and verifying temporary password |
| CN110570344A (en) * | 2019-08-27 | 2019-12-13 | 河南大学 | Image encryption method based on random number embedding and DNA dynamic coding |
| CN110689645A (en) * | 2019-08-30 | 2020-01-14 | 安钥(北京)科技股份有限公司 | Reservation authorization method, reservation authorization verification method and device |
| CN111177699A (en) * | 2019-12-23 | 2020-05-19 | 恒大新能源汽车科技(广东)有限公司 | Data extraction method, secret key generation method, unlocking method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111984978A (en) | 2020-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111984978B (en) | High-expansibility password encryption storage method | |
| CN111460453A (en) | Machine learning training method, controller, device, server, terminal and medium | |
| US8675864B2 (en) | Apparatus for encrypting data | |
| JP2004534333A (en) | Integrated protection method and system for distributed data processing in computer networks | |
| CN107612683B (en) | Encryption and decryption method, device, system, equipment and storage medium | |
| CN108848064B (en) | Authorization management method and system | |
| CN110084599B (en) | Key processing method, device, equipment and storage medium | |
| CN111010266B (en) | Message encryption and decryption, reading and writing method and device, computer equipment and storage medium | |
| US20150256343A1 (en) | Securely Generating and Storing Passwords in a Computer System | |
| KR20060033447A (en) | Method and apparatus for sharing and generating system key in drm | |
| JP5843261B2 (en) | A system that authenticates whether a string is accepted by an automaton | |
| CN105468940A (en) | Software protection method and apparatus | |
| CN113098675B (en) | Binary data encryption system and method based on polynomial complete homomorphism | |
| CN102135944A (en) | Method for safe data storage in mobile communication equipment | |
| CN105825142A (en) | Method and device for encrypting and decrypting documents in mobile terminal | |
| US8195959B2 (en) | Encrypting a credential store with a lockbox | |
| JPWO2015166701A1 (en) | ENCRYPTION METHOD, PROGRAM, AND SYSTEM | |
| CN107483187A (en) | A kind of data guard method and device based on credible password module | |
| KR101699176B1 (en) | Hadoop Distributed File System Data Encryption and Decryption Method | |
| CN107070648A (en) | A kind of cryptographic key protection method and PKI system | |
| CN113591041A (en) | Distributed coding system for preventing code injection or source code decompilation | |
| CN112291189A (en) | Method, device, equipment and storage medium for sending and checking ciphertext | |
| CN111651788A (en) | Terminal access control system and method based on lattice code | |
| CN117134914B (en) | One-time-pad random key stream encryption algorithm and system based on hardware characteristics | |
| US11698993B2 (en) | Integrated circuit configured to perform symmetric encryption operations with secret key protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |