CryptographyXuHui,CISSPEmail:china.xuhui@gmail.com12013/2/4密码学CISSPExpectationsUnderstandtheapplicationanduseofcryptographyDataatrest,e.g.,harddriveDataintransit,e.g.,“Onthewire”UnderstandtheencryptionconceptsFoundationalconcepts(基本概念)Symmetriccryptography(对称加密)Asymmetriccryptography(非对称加密)Hybridcryptography(混合加密)Messagedigests(消息摘要)Hashing(杂凑算法)2CISSPExpectation->理解密码学的应用理解密码学概念CISSPExpectationsUnderstandKeyManagementProcessCreationanddistribution(创建和分发)Storageanddestruction(存储和销毁)Recovery(密钥恢复)Keyescrow(密钥托管)UnderstanddigitalsignaturesUnderstandnonrepudiation3CISSPExpectation->理解密钥管理流程理解数字签名理解不可抵赖CISSPExpectationsUnderstandmethodsofcryptanalyticattacksChosenplaintext(选择明文攻击)Socialengineeringforkeydiscovery(社会工程学)Bruteforce(暴力破解)Ciphertextonly(唯密文攻击)Knownplaintext(已知明文攻击)Frequencyanalysis(频率分析)Chosenciphertext(选择密文攻击)Implementationattacks(针对实施的攻击)4CISSPExpectation->理解密码攻击方法CISSPExpectationsEmploycryptographyinnetworksecurityUsecryptographytomaintainemailsecurityUnderstandpublickeyinfrastructureUnderstandcertificaterelatedissuesUnderstandinformationhidingalternatives,e.g.,steganography,watermarking5CISSPExpectation->在网络安全中使用密码学技术使用密码学技术保护电子邮件安全理解PKI公钥技术设施理解数字证书和相关概念理解信息隐藏技术Topics※0.CISSPExpectation※1.CryptographyHistory※2.SymmetricCipher※3.AsymmetricCipher※4.HashCipher※5.CipherApplication※6.Cryptanalysis※7.More6密码学历史对称密码非对称密码杂凑密码密码应用密码分析学1.CRYPTOGRAPHYHISTORY7密码学历史ATBASH密码•Aleph(thefirstletter)-Tav(thelast)-Beth(thesecond)-Shin(onebeforelast)–600-500BCbyHebrew(希伯来人于公元前600年-前500年发明)–scribeswritingdownthebookofJeremiahusedreversed-alphabetsimplesubstitutioncipher–MonoalphabeticSubstitutionCipher(单字母替换密码)•Demo–CipherSpe...
