Encryption

sehyoung·2022년 4월 27일
0

Golang

목록 보기
5/5
post-thumbnail

one-way (Hash)

  • Only encryption is possible, not decryption.
  • Hashing always returns a fixed-length hash value for variable-length data.
  • Hashing always returns the same output for the same input.
    => It causes rainbow attack.
  • The hash algorithm is designed to retrieve datas quickly.
    => It causes brute-force attack.

MD5

  • Message Digest Algorithm 5
  • This is an algorithm producing a 128-bit hash value.
  • Currently, This is not encouraged for sucurity.
  • It can still be used as a checksum to verify data integrity.

SHA

  • Secure Hash Algorithm
  • SHA-0 was quickly replaced to SHA-1 due to security problem.
  • SHA-1's hash collision was revealed by Google and CWI in 2017.
  • Currently, SHA-2 and SHA-3 is recommended to be used.
Algorithmhashvalue sizecollisionuse cases
SHA-0160 bitsox
SHA-1160 bitsogit, file verification
SHA-2 SHA-3224 256 384 512 bits-blockchain, SSL certificate, user info

one-way (Hash) + salting + key stretching

bycrypt

  • It's a password hashing function based on Blowfish cipher.
  • It's internally generates a random salt while encoding passwords and store that salt along with the encrypted password.

PBKDF2

Password Encryption Algorithm

SHA-2 is vulnerable to brute-force attack because the operation speed using GPU is very fast.
bcrpyt
PBKDF2

two-way

symmetric

DES

  • Data Encryption Standard
  • symmetric block cipher
  • DES has been withdrawn as a standard by NIST
  • It's insecure due to the short 56-bit key size.
  • It's not recommended to use.

AES

  • Advanced Encryption Standard
  • symmetric block cipher
  • It's takes plain text in blocks of 128 bits(16 bytes) and converts them to ciphertext using keys of 128, 192, and 256 bits.

Comparison of AES and DES

.AESDES
key length56 bits128/192/256 bits
block size64 bits128 bits
known attacksNo known attackBrute-force, Linear crypt- analysis
securityinsecuresecure
brute force2^552^127 (in 128 bits)

asymmetric

RSA

Cryptographic attacks

Brute Force attack

  • This is a hacking technique used to find out the credentials such as a password by trying out every possible combinations of credentials.
  • The time taken increases exponentially as the length and complexity of the password.

Dictionary attack

  • This makes a dictionary with usable patterns such as frequently used characters or words with specific meaning or target's informations.

Rainbow Table attack

  • This is a precomputed table(digest list) for caching the output of cryptographic hash functions.
    (Hash function always returns the same output from the same input.)

Note that

👉 Regulations


👉 Terms
digest means hash value
salt is a random data that is used as an additional input to a one-way hash function.
salting makes rainbow table meaningless using salt.
key strectching is used to make a relatively insecure value, such as password more secure against a brute force attack by increasing the time it takes. (This is to repeat creating a digest using the created digest.)

👉 ETC
scrypt, HMAC, argon2

practice

MD5

It can check whether the file is corrupted or not with the original file and the hash value.

	import (
    	"crypto/sha256"
		"encoding/hex"
    )
	import "crypto/md5
	f, err := os.Open("/Users/gom/image.png")
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()

	h := md5.New()
	if _, err := io.Copy(h, f); err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%w\n", h.Sum(nil))

=> d11d54a4dd7328dd37eb21f8985ca9c7

SHA

SHA2 "crypto/sha256" | "crypto/sha512"
hash algorithms as defined in FIPS 180-4.

SHA3 "golang.org/x/crypto/sha3"
hash algorithms as defined by FIPS-202.

	import (
	    "crypto/rand"
    	"crypto/sha256"
        "crypto/sha512"
		"encoding/hex"
        "encoding/base64"
    )
   	
    // 1
	f, err := os.Open("/Users/gom/image.png")
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()
	h := sha256.New()
	if _, err := io.Copy(h, f); err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%x\n", h.Sum(nil))
	
    // 2
	hh := sha256.New()
	hh.Write([]byte("abcd1234!@#$"))
	hashValue := hex.EncodeToString(h.Sum(nil))
	fmt.Println(hashValue)
    
    // 3
    salt := make([]byte, 16)
	_, err := rand.Read(salt)
	if err != nil {
		log.Fatal(err)
	}
	hhh := sha512.New()
	hhh.Write(append([]byte("abcd1234!!"), salt...))
	r := base64.URLEncoding.EncodeToString(hhh.Sum(nil))
	fmt.Println(r)

bcrypt

	import (
    	"golang.org/x/crypto/bcrypt"
    )
    
    // hash password
    password := "abcd1234!!"
    bytes, err := bcrypt.GenerateFromPassword([]byte(password), 10)
    
    // check password
    err := bcrypt.CompareHashAndPassword([]byte(bytes), []byte(password))

refrence

Regulations
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS217&mCode=D010030000&nttId=7041#LINK
https://blog.naver.com/16954/222681910557
Library
https://pkg.go.dev/crypto/md5
https://pkg.go.dev/crypto/sha256
https://pkg.go.dev/crypto/sha512
https://pkg.go.dev/golang.org/x/crypto/sha3
https://github.com/golang/crypto
https://pkg.go.dev/golang.org/x/crypto/bcrypt

profile
Keep turnin' the pages

0개의 댓글