CN114531284B - Data encryption method, device, electronic equipment and storage medium - Google Patents
Data encryption method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114531284B CN114531284B CN202210115092.2A CN202210115092A CN114531284B CN 114531284 B CN114531284 B CN 114531284B CN 202210115092 A CN202210115092 A CN 202210115092A CN 114531284 B CN114531284 B CN 114531284B
- Authority
- CN
- China
- Prior art keywords
- target
- original
- ciphertext
- encryption
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 112
- 238000012545 processing Methods 0.000 claims abstract description 66
- 230000006870 function Effects 0.000 claims description 32
- 230000004044 response Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000005336 cracking Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 235000011194 food seasoning agent Nutrition 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009194 climbing Effects 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data encryption method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring original data to be encrypted; encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out user-defined processing on encryption logic of the original encryption algorithm; and obtaining a target ciphertext according to the plurality of intermediate ciphertexts. The method can solve the problem that the conventional ciphertext generation rule is easy to reversely analyze when the data is encrypted based on a single encryption algorithm, generates encryption parameters based on the data encryption algorithm to perform anticreeper processing, and can effectively reduce the pressure of a web crawler on a server and the problem of user privacy data leakage possibly caused.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of information security, in particular to a data encryption method, a data encryption device, electronic equipment and a computer readable storage medium.
Background
With the continuous development of internet technology, in order to facilitate data acquisition, web crawlers (webcams) are widely used by people, which can accelerate circulation and propagation of internet information to a certain extent, but because the web crawlers access a large amount of servers when crawling data, the web crawlers can cause too much pressure on the servers, and meanwhile, excessive use of the web crawlers also easily causes private data leakage.
In order to ensure the security of data, the anti-crawler method is a cryptographic parameter verification method, that is, a terminal device adds a cryptographic parameter to a data request sent to a server, the server verifies the cryptographic parameter after receiving the data request, and the server responds normally only if the verification is passed.
However, in the above method, the specific content is generally encrypted based on a single encryption algorithm to obtain the encryption parameters, so that the encrypted value, i.e. the ciphertext, is generally fixed, the algorithm features are obvious, and the crawler engineer can easily analyze the generation rule of the encryption parameters through reverse analysis, thereby breaking through the reverse climbing limitation and bringing risks to the server pressure and the user privacy data.
Disclosure of Invention
An object of the present disclosure is to provide a new technical solution for data encryption, so as to solve the problem that when data is encrypted based on a single encryption algorithm, ciphertext generation rules are easily and reversely analyzed, so that the pressure of a web crawler on a server and the problem of user privacy data leakage possibly caused can be reduced.
In a first aspect of the present disclosure, there is provided a data encryption method, the method comprising:
acquiring original data to be encrypted;
encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out user-defined processing on encryption logic of the original encryption algorithm;
and obtaining a target ciphertext according to the plurality of intermediate ciphertexts.
In a second aspect of the present disclosure, an anticreeper method is provided, applied to a terminal device, and includes:
acquiring an original request to be sent, wherein the original request comprises at least one original request parameter;
generating first data to be encrypted according to a request address corresponding to the original request and the at least one original request parameter;
encrypting the first data to be encrypted based on the method of the first aspect of the disclosure, and taking the obtained ciphertext as a target encryption parameter;
obtaining a target request according to the original request and the target encryption parameter;
and sending the target request to a server.
In a third aspect of the present disclosure, another anticreeper method is provided, applied to a server, including:
receiving a target request sent by terminal equipment, wherein the target request comprises at least one original request parameter and a target encryption parameter;
generating second data to be encrypted according to the request address corresponding to the target request and the at least one original request parameter;
encrypting the second data to be encrypted based on the method of the second aspect of the disclosure, and taking the obtained ciphertext as a verification ciphertext;
and checking whether the target encryption parameter is consistent with the check ciphertext, acquiring a response message corresponding to the target request under the condition of consistency, and sending the response message to the terminal equipment.
In a fourth aspect of the present disclosure, there is provided a data encryption apparatus, the apparatus comprising:
the original data acquisition module is used for acquiring original data to be encrypted;
the intermediate ciphertext obtaining module is used for carrying out encryption processing on the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained after carrying out user-defined processing on encryption logic of the original encryption algorithm;
and the target ciphertext obtaining module is used for obtaining the target ciphertext according to the plurality of intermediate ciphertexts.
In a fifth aspect of the present disclosure, there is also provided an electronic device, including:
a memory for storing executable instructions;
a processor configured to execute the method of the first aspect, the second aspect, or the third aspect of the present disclosure according to control of the instruction.
In a sixth aspect of the present disclosure, there is also provided a computer readable storage medium storing a computer program readable by a computer for performing the method according to the first, second or third aspects of the present disclosure when the computer program is read for execution by the computer.
According to the embodiment of the disclosure, for original data to be encrypted, firstly, encrypting the original data by a target encryption algorithm obtained after user-defined processing is performed on encryption logic of the original encryption algorithm to obtain a plurality of intermediate ciphertexts; and then acquiring a final target ciphertext based on the plurality of intermediate ciphertexts. Compared with the method for encrypting data based on a single encryption algorithm in the prior art, the method has the advantages that the encryption logic of the original encryption algorithm is subjected to user-defined processing, so that on one hand, the complexity of the intermediate ciphertext obtained through encryption can be improved, on the other hand, the target ciphertext is generated according to the obtained plurality of intermediate ciphertexts, the problem that the ciphertext obtained through the encryption processing of the existing encryption algorithm is relatively fixed can be avoided, the problem that the ciphertext is reversely analyzed to obtain a generation rule can be avoided, encryption parameters are generated based on the data encryption algorithm to perform anti-crawler processing, and the pressure caused by a web crawler on a server and the problem of user privacy data leakage possibly caused can be effectively reduced.
Other features of the present specification and its advantages will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a flow chart of a data encryption method according to an embodiment of the disclosure.
Fig. 2 is a schematic diagram of a one-time encryption logic process of an encryption algorithm provided by an embodiment of the present disclosure.
Fig. 3 is a flow chart of an anticreeper method provided in an embodiment of the present disclosure.
FIG. 4 is a flow chart of another anticreeper method provided by an embodiment of the present disclosure
Fig. 5 is a schematic block diagram of a data encryption apparatus provided by an embodiment of the present disclosure.
Fig. 6 is a schematic hardware structure of an electronic device according to an embodiment of the disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless it is specifically stated otherwise.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of exemplary embodiments may have different values.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
< method example one >
Please refer to fig. 1, which is a flowchart illustrating a data encryption method according to an embodiment of the disclosure. The method may be implemented by an electronic device, which may be a terminal device or a server, and is not limited herein.
As shown in fig. 1, the method of the present embodiment may include the following steps S1100-S1300, which are described in detail below.
Step S1100, obtaining the original data to be encrypted.
The original data may be any data to be encrypted.
Specifically, the original data may be user password, text, video, etc. data when the user logs on to the network platform, which is not limited herein.
In one embodiment, in the anticreep scenario, the original data may be data content for generating the encryption parameter, where the original data may be generated according to a request address corresponding to a data request to be sent by the terminal device, that is, content such as URL and request parameter. For example, the URL corresponding to the data request to be sent by the terminal device is "https:// www.xxx.com/api/", and the original request parameter in the data request is: param1=val1 and param2=val2, the original data may be obtained by concatenating the request address and the original request parameter, i.e. the original data may be in the form of "https:// www.xxx.com/api/param1=val1 param2=val2".
Step 1200, performing encryption processing on the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by performing user-defined processing on encryption logic of the original encryption algorithm; and executing step S1300, and obtaining a target ciphertext according to the plurality of intermediate ciphertexts.
The original encryption algorithm may be an existing algorithm for encrypting data, for example, may be a message digest algorithm, for example, an MD5 algorithm, or may also be an algorithm such as a symmetric encryption algorithm or an asymmetric encryption algorithm; in the embodiments of the present disclosure, the original encryption algorithm is taken as an MD5 algorithm in the information digest algorithm as an example, unless otherwise specified.
Specifically, in the existing anticreeper method, the terminal device may generally encrypt data based on the MD5 algorithm to generate encryption parameters. However, due to the popularization of the MD5 algorithm and the free nature of the MD5 algorithm, various programming languages perform better encapsulation on the data, so that when a user encrypts the data based on the MD5 algorithm, the user does not pay attention to the bottom implementation of the data, but the interfaces encapsulated based on the programming languages are directly used, which is convenient for the user to use, but since the ciphertext length obtained after the data is encrypted by the MD5 algorithm is usually fixed, namely, 128 bits, the data length of encryption parameters in the data request is easily caused by a crawler engineer, and the data is easily analyzed to be obtained by encrypting the data based on the MD5 algorithm, so that the limitation of anti-crawler measures is broken through; especially, under the condition that the ciphertext after one MD5 calculation, the ciphertext after two MD5 calculations and even the ciphertext after 3 MD5 calculations of the existing common password are calculated and are arranged in a rainbow table (RainbowTable), the anticreeper method taking the ciphertext obtained by encryption based on the existing MD5 algorithm as an encryption parameter is easier to crack by a crawler engineer.
For this reason, in the embodiment of the present disclosure, in order to increase the difficulty of cracking the ciphertext to ensure the security of the data, in one embodiment, the target encryption algorithm may be obtained by performing at least one of the following user-defined processes on the encryption logic of the MD5 algorithm: a first item: at least one of an initial value of a link variable of the MD5 algorithm, a plaintext block, a constant block and a shift number used in each encryption loop logic processing is subjected to self-defining processing; the second item: and acquiring a target encryption function, and adding a process of circularly encrypting data based on the target encryption function to the encryption circulation logic process by modifying the circulation times of an original encryption function under the condition of ensuring that the total circulation times of the encryption circulation logic process of an MD5 algorithm are unchanged, wherein the target encryption function is a nonlinear function different from the original encryption function.
The principle of the MD5 algorithm is specifically as follows: the MD5 code processes the input data in 512-bit packets, and loops through each 512-bit packet for processing, and when each 512-bit packet is processed, it is further divided into 16 sub-packets of 32 bits, and after a series of encryption loop logic processing, the four output 32-bit packets are spliced into a 128-bit hash value as the ciphertext of the input data.
Generally, the MD5 algorithm can be divided into four steps: the four steps of original text processing, initial value setting, cyclic processing and splicing result are respectively described in the following.
The processing original text is that the pointer fills the input data so that the input data meets the processing rule of the MD5 algorithm, specifically, the binary length of the input data is calculated with 512 by taking bits as a unit, whether the request result is equal to 448 is judged, if 448 is equal to 448, the input data is indicated to meet the processing rule; otherwise, the input data needs to be filled so as to meet the processing rule.
Setting initial values refers to setting initial values of link variables of the MD5 encryption round logic process, and generally, the initial values of link variables of the MD5 algorithm are a=0x67452301, b=0xefcdab89, c=0x98badcfe, and d=0x 10325476, respectively.
Referring to fig. 2, the round processing refers to dividing the input data by 512 bits as a group, and performing a preset number of times, that is, 64 times of encryption round logic processing on each group, in the single encryption logic processing shown in fig. 2, performing encryption operations based on initialized four link variables, 4 original encryption functions F (), a plaintext block M, a constant block K and different bit shifts, and performing the next round of operations in a round by taking the value of A, B, C, D obtained in this round as the initial value of the 4 link variables of the next round, and adding A, B, C, D obtained after all rounds to the initial A, B, C, D to obtain a final encrypted value.
Wherein in the cyclic processing step, the 4 original encryption functions are FF (X, Y, Z) = (X & Y) | ((-X) and Z), GG (X, Y, Z) = (X & Z) | (Y & (-Z)), HH (X, Y, Z) =x X Y Z and II (X, Y, Z) =y (x| (-Z)), each function loop is executed 16 times per loop.
The concatenation result is ciphertext obtained by adding the result obtained by performing encryption loop logic processing on the last 512 packets and the value of the initial link variable thereof, and then performing concatenation to obtain input data.
The foregoing is a simple description of the principles of the existing MD5 algorithm, and the detailed processing procedure thereof is not described herein. In the embodiment of the disclosure, to improve the difficulty of ciphertext being decrypted, the target encryption algorithm may be obtained by performing user-defined processing on a link variable in the existing MD5 algorithm, that is, an initial value of A, B, C, D, performing user-defined processing on a plaintext block, a constant block, a shift number, and the like used in each encryption round logic processing, or may also perform user-defined processing on a target encryption function JJ (X, Y, Z) = (((Y ζ) & X) & lt) Z), and add the user-defined target encryption function to the encryption round logic processing by modifying the round number of the original encryption function while ensuring that the total round number of the original encryption round logic processing is unchanged, that is, while still being 64.
For example, in the original MD5 algorithm, 4 original encryption functions FF (), GG (), HH (), II () are each looped 16 times, and for this purpose, the data can be subjected to encryption processing based on the target encryption function JJ () in the last four loops by changing the number of loops of the 4 original encryption functions to 15 times each loop, to obtain the target encryption algorithm.
After the encryption logic of the original encryption algorithm is subjected to user-defined processing according to any one of the above items to obtain a target encryption algorithm, in a specific implementation, the original data can be directly subjected to one or more times of encryption processing based on the target encryption algorithm, and the obtained ciphertext is used as a target ciphertext. For example, the original data may be encrypted once based on the target encryption algorithm to obtain the ciphertext 1, then the ciphertext 1 is encrypted, and so on to encrypt for multiple times, and the ciphertext obtained by encrypting for multiple times is used as the final target ciphertext. However, although this can improve the difficulty of cracking the ciphertext to a certain extent, the ciphertext obtained by the method still has a relatively fixed length, that is, 128, and the ciphertext still has the possibility of being cracked.
To solve this problem, in one embodiment, before the original data is encrypted based on the target encryption algorithm, the method further includes: acquiring a random character string, and performing splicing processing on the random character string and the original data based on a third preset rule to obtain updated original data, wherein the random character string comprises a millisecond time stamp representing the current time; in this embodiment, the encrypting the original data based on the target encryption algorithm obtains a plurality of intermediate ciphertexts, including: and encrypting the updated original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts.
That is, in order to increase the randomness of the encrypted content, after the original data is obtained, a random string may be obtained before the encryption processing is performed, and the random string may be spliced with the original data, for example, the random string may be spliced at the rear of the original data to increase the randomness of the encrypted content, so that the ciphertext obtained after each encryption processing is different even for the same original data.
For example, in the anticreeper scenario, after the original data is obtained by concatenating the request address corresponding to the data request and all the original request parameters, the current timestamp may also be concatenated after the original data to update the original data and increase the randomness of the original data, that is, in the case that the original data is "https:// www.xxx.com/api/param1=val1 param2=val2", the original data may be updated to https:// www.xxx.com/api/param1=val1 param2=val2 timestamp= 1642570636000 by concatenating the timestamp at the current time.
The above describes how to update the original data by using the random string as a millisecond time stamp representing the current time, so as to increase the randomness of the original data; in specific implementations, the random string may also be generated based on other random algorithms, and is not particularly limited herein.
In one embodiment, the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts includes: encrypting the original data based on a target encryption algorithm to obtain a first ciphertext; splicing the first ciphertext and the preset ciphertext according to a first preset rule to obtain first data to be encrypted; encrypting the first data based on a target encryption algorithm to obtain a second ciphertext; and obtaining a target ciphertext according to the first ciphertext, the second ciphertext and the preset ciphertext.
Specifically, in order to further improve the difficulty of cracking the obtained target ciphertext, so as to ensure the safety of user data, when the method is implemented, the original data can be firstly subjected to primary encryption processing based on a target encryption algorithm to obtain a first ciphertext, namely a hash1, then, when secondary encryption is performed, a preset character string can be spliced on the first ciphertext, namely a seasoning is added as first data to be encrypted, then, the encryption processing is continuously performed on the first data added with the seasoning, so as to obtain a second ciphertext, namely a hash2. In this embodiment, the splicing processing is performed on the first ciphertext and the preset ciphertext according to the first preset rule, which may be splicing the preset ciphertext before, after or in the middle of the first ciphertext, which is not particularly limited herein; in addition, the preset ciphertext may be a character string composed of the large letter, the number, the english symbol and the chinese symbol at the same time, for example, may be in the form of "td9#kn_p vUw".
After the first ciphertext and the second ciphertext are obtained through the above processing, the target ciphertext is obtained according to the first ciphertext, the second ciphertext and the preset ciphertext, and the first ciphertext, the second ciphertext and the preset ciphertext may be spliced according to a second preset rule to obtain the target ciphertext.
Specifically, the first ciphertext hash1, the second ciphertext hash2 and the preset ciphertext may be spliced together in sequence, so as to obtain the target ciphertext as a hash1+hash 2+preset ciphertext. Of course, in the specific implementation, the first ciphertext, the second ciphertext and the preset ciphertext may be spliced based on other modes, for example, when the preset ciphertext is shorter in length, after the preset ciphertext is spliced, the hash1 and the hash2 may be alternatively spliced, and the splicing mode is not limited in particular.
As can be seen from the above description, the length of the target ciphertext obtained by the method according to the embodiment is the length of hash 1+the length of hash 2+the length of the preset ciphertext, that is, 128 bits+128 bits+the length of the preset ciphertext, which can hide the characteristic that the length of the ciphertext obtained by encrypting based on the existing MD5 algorithm is fixed to 128 bits, thereby further improving the difficulty of cracking the target ciphertext.
The data encryption method provided by the embodiment of the present disclosure is described in detail above, and when the data encryption method is implemented in a specific manner, the data encryption method may be applied to an anticreeper scenario, specifically when a terminal device sends an original request for requesting data to a server, the original request to be sent is obtained, and according to a request address corresponding to the original request and at least one clothe moth original request parameter included in the original request, first data to be encrypted is generated, and then, encryption processing is performed on the first data to be encrypted based on the data encryption method provided by the embodiment of the present disclosure, and the obtained ciphertext is used as a target encryption parameter; the target request may then be generated by adding the target encryption parameter to the original request and by sending the target request to the server.
In this scenario, after receiving the target request sent by the terminal device, the server may first generate second encrypted data based on a request address corresponding to the target request and other original request parameters except for the target encryption parameter in the target request, and encrypt the second encrypted data based on the data encryption method provided by the embodiment of the present disclosure, and use the obtained message as a check ciphertext; then, whether the data request sent by the terminal equipment is a normal request or a request sent by the web crawler can be determined by checking whether the target encryption parameter is consistent with the check ciphertext, if so, the data request is not the data request sent by the web crawler, at the moment, the server can normally respond to the target request and send the acquired response message to the terminal equipment; if the two are inconsistent, the target request may be a data request sent by the web crawler, and the server may not respond to the target request.
It should be noted that, in the implementation, if a random string is spliced in the original data, for example, a millisecond string representing the current time is spliced, then the terminal device needs to use the random string as a request parameter at the same time in the process of obtaining the target encryption parameter and generating the target request, so that after the server obtains the target request, the server can obtain a check ciphertext based on the same data to check the target request, and the detailed processing process thereof is not repeated here.
It should be noted that, how to apply the data encryption method in the anti-crawler scenario is described above, and when the method is implemented, the method may also be applied in other scenarios, for example, in a verification scenario of a file or a video transmitted over a network, so as to ensure that the file, the video, etc. are completely transmitted.
In summary, according to the data encryption method provided by the embodiment of the present disclosure, for original data to be encrypted, first, encryption processing is performed on the original data by a target encryption algorithm obtained by performing user-defined processing on encryption logic of the original encryption algorithm, so as to obtain a plurality of intermediate ciphertexts; and then acquiring a final target ciphertext based on the plurality of intermediate ciphertexts. Compared with the method for encrypting data based on a single encryption algorithm in the prior art, the method has the advantages that the encryption logic of the original encryption algorithm is subjected to user-defined processing, so that on one hand, the complexity of the intermediate ciphertext obtained through encryption can be improved, on the other hand, the target ciphertext is generated according to the obtained plurality of intermediate ciphertexts, the problem that the ciphertext obtained through the encryption processing of the existing encryption algorithm is relatively fixed can be avoided, the problem that the ciphertext is reversely analyzed to obtain a generation rule can be avoided, encryption parameters are generated based on the data encryption algorithm to perform anti-crawler processing, and the pressure caused by a web crawler on a server and the problem of user privacy data leakage possibly caused can be effectively reduced.
< method example two >
Please refer to fig. 3, which is a flowchart of an anti-crawler method according to an embodiment of the present disclosure, where the method may be applied to a terminal device, for example, a mobile phone, a tablet computer, a personal computer, etc.
As shown in fig. 3, the method includes steps S3100 to S3500:
in step S3100, an original request to be sent is obtained, where the original request includes at least one original request parameter.
In step S3200, first data to be encrypted is generated according to the request address corresponding to the original request and the at least one original request parameter.
In step S3300, encryption processing is performed on the first data to be encrypted according to any one of the methods in the method embodiment, and the obtained ciphertext is used as a target encryption parameter.
Step S3400, obtaining a target request according to the original request and the target encryption parameter.
Step S3500, sending the target request to a server.
< method example three >
Please refer to fig. 4, which is a flowchart of another anti-crawler method according to an embodiment of the present disclosure, which may be applied in a server.
As shown in fig. 4, the method includes steps S4100 to S4400:
in step S4100, a target request sent by the terminal device is received, where the target request includes at least one original request parameter and a target encryption parameter.
Step S4200, generating second data to be encrypted according to the request address corresponding to the target request and the at least one original request parameter.
Step S4300, based on the method according to any one of the method embodiments, performing encryption processing on the second data to be encrypted, and taking the obtained ciphertext as the check ciphertext.
Step S4400, checking whether the target encryption parameter is consistent with the check ciphertext, and if so, acquiring a response message corresponding to the target request, and transmitting the response message to the terminal device.
< device example >
In this embodiment, as shown in fig. 5, the apparatus 500 may include an original data obtaining module 510, an intermediate ciphertext obtaining module 520, and a target ciphertext obtaining module 530.
The raw data obtaining module 510 is configured to obtain raw data to be encrypted; the intermediate ciphertext obtaining module 520 is configured to encrypt the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, where the target encryption algorithm is obtained by performing user-defined processing on encryption logic of the original encryption algorithm; the target ciphertext obtaining module 530 is configured to obtain a target ciphertext according to the plurality of intermediate ciphertexts.
< device example >
In this embodiment, there is also provided an electronic device, as illustrated in fig. 6, the electronic device 600 may include a processor 620 and a memory 610, the memory 610 for storing executable instructions; the processor 620 is configured to operate the electronic device according to control of the instructions to perform a method according to any embodiment of the present disclosure.
< computer-readable storage Medium embodiment >
The present embodiment provides a computer-readable storage medium having stored therein executable instructions that, when executed by a processor, perform the method described in any of the method embodiments of the present specification.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present description. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, implementation by software, and implementation by a combination of software and hardware are all equivalent.
The embodiments of the present specification have been described above, and the above description is illustrative, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the application is defined by the appended claims.
Claims (9)
1. A data encryption method, comprising:
acquiring original data to be encrypted;
encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out self-defining processing on at least one of plaintext blocks, constant blocks, shifting numbers and cycle times of the original encryption algorithm, which are used in each encryption cycle logic processing, on an initial value of a link variable of the original encryption algorithm, and the original encryption algorithm is an MD5 algorithm;
obtaining a target ciphertext according to the plurality of intermediate ciphertexts,
the step of performing the custom processing on the cycle number of the original encryption algorithm to obtain the target encryption algorithm includes:
acquiring a target encryption function, adding the processing of circularly encrypting data based on the target encryption function to the encryption circulation logic processing of the original encryption algorithm, and setting the circulation times of the target encryption function and the circulation times of the original encryption algorithm to obtain the target encryption algorithm; the sum of the cycle times of the target encryption function in the target encryption algorithm and the cycle times of the original encryption algorithm in the target encryption algorithm is consistent with the cycle times of the original encryption algorithm in the original encryption algorithm, and the target encryption function is a nonlinear function different from the original encryption function.
2. The method according to claim 1, wherein the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts includes:
encrypting the original data based on the target encryption algorithm to obtain a first ciphertext;
splicing the first ciphertext and the preset ciphertext according to a first preset rule to obtain first data to be encrypted;
encrypting the first data based on the target encryption algorithm to obtain a second ciphertext;
and obtaining the target ciphertext according to the first ciphertext, the second ciphertext and the preset ciphertext.
3. The method according to claim 2, wherein the obtaining the target ciphertext from the first ciphertext, the second ciphertext, and the preset ciphertext comprises:
and performing splicing processing on the first ciphertext, the second ciphertext and the preset ciphertext according to a second preset rule to obtain the target ciphertext.
4. The method of claim 1, wherein prior to the step of encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts, the method further comprises:
acquiring a random character string, and performing splicing processing on the random character string and the original data based on a third preset rule to obtain updated original data, wherein the random character string comprises a millisecond time stamp representing the current time;
the encrypting processing is carried out on the original data based on the target encrypting algorithm to obtain a plurality of intermediate ciphertexts, and the method comprises the following steps:
and encrypting the updated original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts.
5. An anticreeper method, applied to a terminal device, comprising:
acquiring an original request to be sent, wherein the original request comprises at least one original request parameter;
generating first data to be encrypted according to a request address corresponding to the original request and the at least one original request parameter;
encrypting the first data to be encrypted based on the method of any one of claims 1-4, and taking the obtained ciphertext as a target encryption parameter;
obtaining a target request according to the original request and the target encryption parameter;
and sending the target request to a server.
6. An anticreeper method, applied to a server, comprising:
receiving a target request sent by terminal equipment, wherein the target request comprises at least one original request parameter and a target encryption parameter;
generating second data to be encrypted according to the request address corresponding to the target request and the at least one original request parameter;
encrypting the second data to be encrypted based on the method of any one of claims 1-4, and taking the obtained ciphertext as a verification ciphertext;
and checking whether the target encryption parameter is consistent with the check ciphertext, acquiring a response message corresponding to the target request under the condition of consistency, and sending the response message to the terminal equipment.
7. A data encryption apparatus, comprising:
the original data acquisition module is used for acquiring original data to be encrypted;
the intermediate ciphertext obtaining module is used for carrying out encryption processing on the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out self-defining processing on at least one of a plaintext block, a constant block, a shifting number and the circulation times of the original encryption algorithm, which are used in each encryption circulation logic processing, on an initial value of a link variable of the original encryption algorithm, and the original encryption algorithm is an MD5 algorithm;
a target ciphertext obtaining module for obtaining a target ciphertext according to the plurality of intermediate ciphertexts,
wherein, the intermediate ciphertext obtaining module is further configured to:
acquiring a target encryption function, adding the processing of circularly encrypting data based on the target encryption function to the encryption circulation logic processing of the original encryption algorithm, and setting the circulation times of the target encryption function and the circulation times of the original encryption algorithm to obtain the target encryption algorithm; the sum of the cycle times of the target encryption function in the target encryption algorithm and the cycle times of the original encryption algorithm in the target encryption algorithm is consistent with the cycle times of the original encryption algorithm in the original encryption algorithm, and the target encryption function is a nonlinear function different from the original encryption function.
8. An electronic device, comprising:
a memory for storing executable instructions;
a processor for executing the method according to any of claims 1-6, according to control of the instructions, by the electronic device.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program readable for execution by a computer for performing the method according to any of claims 1-6 when being read by the computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115092.2A CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115092.2A CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114531284A CN114531284A (en) | 2022-05-24 |
| CN114531284B true CN114531284B (en) | 2024-02-09 |
Family
ID=81622699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210115092.2A Active CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114531284B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6141421A (en) * | 1996-12-10 | 2000-10-31 | Hitachi, Ltd. | Method and apparatus for generating hash value |
| CN106911712A (en) * | 2017-03-31 | 2017-06-30 | 杭州翼兔网络科技有限公司 | A kind of encryption method and system for being applied to distributed system |
| CN110995415A (en) * | 2019-12-31 | 2020-04-10 | 浪潮云信息技术有限公司 | Encryption algorithm based on MD5 algorithm |
| CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
-
2022
- 2022-02-03 CN CN202210115092.2A patent/CN114531284B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6141421A (en) * | 1996-12-10 | 2000-10-31 | Hitachi, Ltd. | Method and apparatus for generating hash value |
| CN106911712A (en) * | 2017-03-31 | 2017-06-30 | 杭州翼兔网络科技有限公司 | A kind of encryption method and system for being applied to distributed system |
| CN110995415A (en) * | 2019-12-31 | 2020-04-10 | 浪潮云信息技术有限公司 | Encryption algorithm based on MD5 algorithm |
| CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
Non-Patent Citations (2)
| Title |
|---|
| 基于网络处理器的VoIP网关设计;朱芳;章坚武;;杭州电子科技大学学报(05);全文 * |
| 智能卡加密应用;许颖;;硅谷(06);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114531284A (en) | 2022-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10103888B2 (en) | Method of performing keyed-hash message authentication code (HMAC) using multi-party computation without Boolean gates | |
| CN114124480B (en) | Communication authentication method, server, client, electronic device and storage medium | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN108347419A (en) | Data transmission method and device | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN109981285B (en) | Password protection method, password verification method and system | |
| CN112637836A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN113711564A (en) | Computer-implemented method and system for encrypting data | |
| CN105450413A (en) | Password-setting method, device, and system | |
| CN113572743A (en) | Data encryption and decryption method and device, computer equipment and storage medium | |
| CN115883052A (en) | Data encryption method, data decryption method, device and storage medium | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| Goyal et al. | Cryptographic security using various encryption and decryption method | |
| US10200356B2 (en) | Information processing system, information processing apparatus, information processing method, and recording medium | |
| CN114531284B (en) | Data encryption method, device, electronic equipment and storage medium | |
| Somaiya et al. | Implementation and evaluation of EMAES–A hybrid encryption algorithm for sharing multimedia files with more security and speed | |
| CN110912683B (en) | Password storage method and device and password verification method and device | |
| CN111382451A (en) | Security level identification method and device, electronic equipment and storage medium | |
| CN114329415A (en) | Mobile Web login password encryption method based on random image scheme | |
| Bojanova et al. | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) | |
| Yap et al. | Security analysis of GCM for communication | |
| CN112069472A (en) | User login authentication method and system | |
| KR20150103394A (en) | Cryptography system and cryptographic communication method thereof | |
| Haller | Cloud storage systems: From bad practice to practical attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |