先進加密標準
先進加密標準
目前大家還熱衷于傳統的DES、3DES、Blowfish等加密算法,可是我看到的資料表明:在芯片技術和計算技術高速發展的今天,它們越來越不適應安全需求。1997年9月美國標準技術研究機構NIST提出了征求新的加密標準——AES (Advanced Encryption Standard)的建議,作為一種取代DES的二十世紀加密標準技術。這種算法執行速度快且易于設計。下面是小編為您收集整理的先進加密標準,供大家參考!
先進加密標準
Advanced Encryption Standard
For the past three years,the National Institute of Standards and Technology (NIST) has been working to develop a new encryption standard to keep government information secure.The organization is in the final stages of an open process of selecting one or more algorithms,or data-scrambling formulas,for the new Advanced Encryption Standard (AES) and plans to make adecision by late summer or early fall.The standard is slated to go into effect next year.
AES is intended to be a stronger,more efficient successor to Triple Data Encryption Standard(3DES),which replaced the aging DES,which was cracked in less than three days in July 1998.
“Until we have the AES,3DES will still offer protection for years to come.So there is no need to immediately switch over,”says Edward Roback, acting chief of the computer security division at NIST and chairman of the AES selection committee.“What AES will offer is a more efficient algorithm.It will be a federal standard,but it will be widely implemented in the IT community.”
According to Roback,efficiency of the proposed algorithms is measured by how fast they can encrypt and decrypt information,how fast they can present an encryption key and how much information they can encrypt.
The AES review committee is also looking at how much space the algorithm takes up on a chip and how much memory it requires.Roback says the selection of a more efficient AES will also result in cost savings and better use of resources.
“DES was designed for hardware implementations,and we are now living in a world of much more efficient software,and we have learned an awful lot about the design of algorithms,”says Roback.“When you start multiplying this with the billions of implementations done daily,the saving on overhead on the networks will be enormous.”
The process of selecting the algorithm for AES has been notable for its openness and transparency.This is a marked departure from the government's past inclination toward secrecy in discussing encryption standards,which led to the public cracking of DES after critics questioned the government's assertion that the standard was still secure.
NIST kicked off the selection process in September 1997.Conferences were held in August 1998 and March 1999; cryptographers from around the world discussed the algorithm candidates and helped narrow the list to 15 and then to five finalists: IBM's MARS; RSA Laboratories* RC6; Joan Daemen and Vincent Rijmen's Rijndael; Ross Andersen,Eli Baham and Lars Knudsen's Serpent; and Counterpane Labs* Twofish.
While most evaluators of the algorithms want to avoid complexity by selecting one to serve as a standard,there's a minority that wants to select more than one.
在過去三年中,(美國)國家標準與技術局(NIST)已在研究開發一種新的加密標準,以確保政府的信息安全。該組織目前正處于為新的先進加 密標準(AES)選擇一齷蚣父鏊惴ɑ蚴?荽蚵夜?降目?毆?痰淖詈蠼錐危?⒓蘋?諳哪┗蚯锍踝鞒鼉齠ā4吮曜寄詼?髂曄凳??/p>
AES預定為比三層數據加密標準(3DES)更強、更高效的后續標準,3DES替代了老化的DES加密標準,DES在1998年7月在不到三天的時間內就 被破譯了。
NIST計算機安全部的代理主管兼AES選擇委員會主席Edward Roback說 :“在我們擁有AES之前,3DES還將在今后幾年提供保護。所以沒有必要馬上轉換。AES所提供的是一種更有效的算法。它將是一項聯邦標準,但它將在IT界 廣泛實施。”
據Roback稱,提議中的算法的效率是通過對信息加密和解密有多快、給出加密密鑰有多快以及能對多少信息加密等幾個方面進行測量的。
AES評價委員會也要看算法占據芯片上多少空間和需要多少內存。Roback說,選擇一個更高效的AES也會帶來成本的節省和資源的更好利用。
Roback說:“DES是為硬件實現而設計的,而我們現在處于軟件更高效的世界,我們對算法的設計有極多的了解。當我們開始大規模使用此算法,每天實現幾十億次的加密時,(算法帶來的)網絡開銷的節省將是巨大的。”
為AES選擇算法的過程是以其公開性和透明度稱著。這標志著政府從以往討論加密標準時傾向于保密的做法一刀兩斷,它導致了政府在斷言DES 標準仍是安全時被公開破譯。
NIST在1997年9月開始這個選擇過程。1998年8月和 1999年3月召開了會議,來自全世界的密碼專家討論了候選的算法,幫助把算法縮小到15 個,最后到了5個:IBM的MARS算法,RSA實驗室的RC6算法、Joan Daemen和Vincent Rijmen兩人的Rijndael算法、Eli Baham和Lars Knudsen兩人的Serpent算法以及Counterpane 實驗室的Twofish算法。
大多數算法鑒定者都選擇一個作標準以避免復雜性,但也有一小部分人要選擇多個算法。
數據通信系統
Data Communication Systems
There are five basic types of data communication system:
Off-line data transmission is simply the use of a telephone or similar link to transmit data without involving a computer system.The equipment used at both ends of such a link is not part of a computer, or at least does not immediately make the data available for computer process, that is, the data when sent and/or received are 'off-line'. This type of data communication is relatively cheap and simple.
Remote batch is the term used for the way in which data communication technology is used geographically to separate the input and /or output of data from the computer on which they are processed in batch mode.
On-line data collection is the method of using communications technology to provide input data to a computer as such input arises-the data are then stored in the computer(say on a magnetic disk)and processed either at predetermined intervals or as required.
Enquiry-response systems provide, as the term suggests, the facility for a user to extract information from a computer.The enquiry facility is passive, that is, does not modify the information stored.The interrogation may be simple, for example, 'RETRIEVE THE RECORD FOR EMPLOYEE NUMBER 1234' or complex.Such systems may use terminals producing hard copy and /or visual displays.
Real-time systems are those in which information is made available to and processed by a computer system in a dynamic manner so that either the computer may cause action to be taken to influence events as they occur(for example as in a process control application)or human operators may be influenced by the accurate and up-to-date information stored in the computer, for example as in reservation systems.
有五種基本的數據通信系統:
脫機數據傳輸是簡單地利用電話或類似的鏈路來傳輸數據,不包括計算機系統。這樣一條鏈路兩端所使用的設備不是計算機的部件,或至少不是立刻把數據提供給計算機處理,即數據在發送或接收時是脫機的。這種數據通信相對來說比較便宜和簡單。
遠程批處理一詞適用于這樣一種方法:采用數據通信技術來使數據的輸入和輸出在地理上遠離按批處理模式處理處理它們的計算機。
聯機數據收集指的是用數據通信技術來向計算機即時提供剛產生的輸入數據這種方法。數據于是存儲在計算機里(比如磁盤上),并按預定時間間隔或者根據需要進行處理。
詢問——應答系統,顧名思義,是為用戶提供從計算機提取信息的功能。詢問功能是被動的。也就是說,它不修改所存儲的信息。提問可以很簡單,例如:"檢索雇員號碼為1234的記錄"也可以是復雜的。這類系統可能要使用能產生硬拷貝和(或)可視顯示的終端。
實時系統是這樣一類系統,其中計算機系統是在動態情況下取得和處理信息,以便可使計算機采取動作來影響正在發生的事件(比如在過程控制應用中)或者可通過存儲在計算機里的準確且不斷更新的信息來影響人(操作員),比如在預售系統中。