畢業(yè)設(shè)計(jì)論文-DES算法的安全性及其應(yīng)用中英文對(duì)照(一)

1、D E S算法的安全性及其應(yīng)用摘要：對(duì)DEST法的加密進(jìn)行分析，提出DEST法安全性問(wèn)題，介紹了 DEST法的應(yīng)用，指出密鑰的長(zhǎng)度、多重DEST法、算法的安全管理、弱密鑰等安全性問(wèn)題必須給予重視。關(guān)鍵詞：DESB法；密鑰；加密；安全性；應(yīng)用.數(shù)據(jù)加密標(biāo)準(zhǔn)（Data Encryption standard , DES）!美國(guó)國(guó)家標(biāo)準(zhǔn)局研究，除美國(guó)國(guó)防部以外其他部門(mén)的計(jì)算機(jī)系統(tǒng)的數(shù)據(jù)加密標(biāo)準(zhǔn)，屬于分組密碼的一種，在具體的 應(yīng)用中還無(wú)法將這種加密算法完全破解掉，因此也被美國(guó)政府作為限制出口的一種技 術(shù) , 它目前仍被廣泛使用，具有較高的安全性。1. DESK法概述DES1一個(gè)對(duì)稱(chēng)算法：加密和解密用的

2、是同一算法（除密鑰編排不同以外），既可用于加密又可用于解密。它的核技術(shù)是：在相信復(fù)雜函數(shù)可以通過(guò)簡(jiǎn)單函數(shù)迭代若干圈得到的原則下，利用 F函數(shù)及對(duì)合等運(yùn)算，充分利用非線性運(yùn)算。DES以64位為分組對(duì)數(shù)據(jù)加密。每組64 位，最后一組若不足64 位以“0”補(bǔ)齊。密鑰通常表示為64位的數(shù)，但每個(gè)第8 位都用作奇偶校驗(yàn)，可以忽略，所以密鑰的長(zhǎng)度為56 位，密鑰可以是任意的56位的數(shù)，且可在任意的時(shí)候改變。其中極少量的數(shù)被認(rèn)為是弱密鑰，但能容易地避開(kāi)它們，所有的保密性依賴(lài)于密鑰。2. DES算法的加密分析3. 1 DES算法的基本思想DES對(duì)64位的明文分組進(jìn)行操作。通過(guò)一個(gè)初始置換，將明文分組分成左半部

3、分（L0）和右半部分（R0）,各32位長(zhǎng)。R0與子密鑰K1進(jìn)行F函數(shù)的運(yùn)算，輸出32位的 數(shù)，然后與L0執(zhí)行異或操作得到 Rl, L1則是上一輪的R0,如此經(jīng)過(guò)16輪后，左、右 半部分合在一起，經(jīng)過(guò)一個(gè)末置換（初始置換的逆置換） ，這樣該算法就完成了。2. 2 初始置換初始置換在第一輪運(yùn)算前執(zhí)行，對(duì)輸入分組實(shí)施如表1 所示的變換（此表應(yīng)從左向右、從上向下讀） 。例如，初始位置把明文的第58 位換到第1 位的位置，把第50位換到第2 位的位置，把第42 位換到第3 位的位置等等。初始置換和對(duì)應(yīng)的末置換并不影響DES勺安全性。它的主要目的是為了更容易地將明文與密文數(shù)據(jù)以字節(jié)大放入表1初始置換585

4、0，2 342618109605244362820121625.146 1383022146-645648.1 032241685749，11 332517915951133527191136153?1 537292113563554739312315- 72.3子密鑰的生成子密鑰的產(chǎn)生如圖1所示1。將64位密鑰進(jìn)行密鑰置換，不考慮每個(gè)字節(jié)的第8 位，DESg鑰由64位減至56位，56位密鑰被分成兩部分，前 28位為CQ后28位為 DO C0= K57K49K41 , K52K44K36,D0= K63K55K47 , K20K1 2K4。ml子密鑰的產(chǎn)生接著，根據(jù)輪數(shù)，C0和DO分別經(jīng)過(guò)LS

5、i循環(huán)左移1位或2位。16次循環(huán)左 移的位數(shù)依據(jù)下列規(guī)則進(jìn)行：循環(huán)左移位數(shù) 1,1, 2, 2, 2, 2, 2, 2, 1,2, 2, 2, 2, 2, 2,1經(jīng)過(guò)循環(huán)左移得到的 Ci , Di經(jīng)過(guò)壓縮置換即得到子密鑰 Ki ( i = l , 2 , 1 6)。壓縮置換也稱(chēng)作置換選擇， 就是從56位中選出4 8位，表2定義了壓縮置換。 例如，處在第33位位置的那一位在輸出時(shí)移到了第 35位的位置，而處在第18位略去。2 . 4 1 6輪迭代過(guò)程DES算法有1 6次迭代，迭代如圖2所示2。從圖中可得到.）；閣3 F函數(shù)的實(shí)現(xiàn)原理擴(kuò)展置換也叫做 E盒，它將數(shù)據(jù)右半部分從 32位擴(kuò)展到48位，改

6、變了位的次序， 重復(fù)了某些位，比原輸入長(zhǎng)了 16位，數(shù)據(jù)位仍取決于原輸入。擴(kuò)展置換的 48位輸出 按順序分成8組，每組6位，分別輸入8個(gè)S子盒，每個(gè)子盒輸出4位，共32位。假 設(shè)將S盒的6位的輸入標(biāo)記為bl、b2、b3、b4、b5、b6,則bl和b6組合構(gòu)成了一個(gè) 2 位的數(shù)，從0到3,它對(duì)應(yīng)著S表中的一行。從b2到b5構(gòu)成了一個(gè)4位的數(shù)，從0到 15,對(duì)應(yīng)著表中的一列，行列交匯處的數(shù)據(jù)就是該S盒的輸出。每個(gè)S盒被看作一個(gè)4位輸入的代替函數(shù)：b2到b5直接輸入，輸出結(jié)果為 4位，bl和b6位來(lái)自臨近的分 組，它們從特定的S盒的4個(gè)代替函數(shù)中選擇一個(gè)。這是該算法的關(guān)鍵步驟，所有其 他的運(yùn)算都是線

7、性的，易于分析，而S盒是非線性的，它比 DESK他任何一步提供了更好的安全性。P盒轉(zhuǎn)換是把每個(gè)輸入位映射到輸出位，任意一位不能被映射兩次， 也不能被略去。2.5末置換末置換是初始置換的逆過(guò)程，DESft最后一輪后，左半部分和右半部分并未交換， 而是將R16和L16并在一起形成一個(gè)分組作為末置換的輸入。3 DES算法安全性問(wèn)題3.1 DESB法密鑰的長(zhǎng)度最初的羅斯福密碼中密鑰長(zhǎng)度為128位，D E S 的加密單位僅有64位二進(jìn)制，而且其中某些位還要用于奇偶校驗(yàn)或其他通訊開(kāi)銷(xiāo)，有效密鑰只有56位，這對(duì)于數(shù)據(jù)傳輸 來(lái)說(shuō)太小，各次迭代中使用的密鑰KI 是遞推產(chǎn)生的，這種相關(guān)性必然降低了密碼體制的安全性

8、。因此，人們會(huì)對(duì)56位密鑰的安全性產(chǎn)生質(zhì)疑，那么56位密鑰是否足夠，已成為人們爭(zhēng)論的焦點(diǎn)之一。至今，最有效的破解 DEST法的方法是窮舉搜約是 228, 493, 000年。但是，仍有學(xué)者認(rèn)為在可預(yù)見(jiàn)的將來(lái)用窮舉法尋找正確密鑰己趨于可行，所以若要安全保護(hù)10年以上的數(shù)據(jù)最好不用 DEST法。近年來(lái)有人提出用差分和線性攻擊方案來(lái)破解DES算法，雖然，從理論上來(lái)說(shuō)破譯的性能高于窮舉搜索法，但要有超高速計(jì)算機(jī)提供支持，以致于美國(guó)國(guó)家保密局和計(jì)算機(jī)科學(xué)技術(shù)學(xué)會(huì)組織各界專(zhuān)家研究DES®碼體制的安全性問(wèn)題后，得出樂(lè)觀的結(jié)論：沒(méi)有任何可以破譯DESg碼體制的系統(tǒng)分析法。若使用窮舉法，則在1990年

9、以前基本上不可能產(chǎn)生出每天能破譯一個(gè)DES®鑰的專(zhuān)用計(jì)算機(jī)。即使屆時(shí)能制造出這樣的專(zhuān)用機(jī)，它的破譯成功率也只會(huì)在0.1 到 0.2 之間，而且造價(jià)可能高達(dá)幾千萬(wàn)美元。 根據(jù)目前的計(jì)算技術(shù)和 DES勺分析情況，16一圈DES：采 用 16輪迭代）仍然是安全的，但提醒使用者不要使用低于16_圈的DES， 特別是 10_圈以下的DES盡管如此，我們?nèi)匀恍枰紤]對(duì) DESB法進(jìn)行改進(jìn)，使密鑰長(zhǎng)度增加 些，以實(shí)現(xiàn)更好的保密功能。3. 2多重DE潴法針對(duì)DESB法上的缺陷，各國(guó)專(zhuān)家彳門(mén)都在研究如何增強(qiáng)DES#法的安全性，現(xiàn)在已發(fā)展出幾十種改進(jìn)的 DES經(jīng)過(guò)比較，筆者認(rèn)為多重 DESM有較高的可行

10、性。為了增加密鑰的長(zhǎng)度，采用多重DE劭口密技術(shù)，將分組密碼進(jìn)行級(jí)聯(lián)，在不同的密鑰作用下，連續(xù)多次對(duì)一組明文進(jìn)行加密。針對(duì)DEST法，專(zhuān)家們的共識(shí)是采用 3重DES加密算法。3重DESJ法需要執(zhí)行3次常規(guī)的DES1密步驟，但最常用的 3重 DESB法中僅僅用兩個(gè) 56位DE儒鑰。假設(shè)這兩個(gè)密鑰為 K1與K2,其算法的步驟是：1 ）用密鑰K1進(jìn)行DES1口密；2 ）用步驟1的結(jié)果使用密鑰K2進(jìn)行DESW密；3 ）用步驟2的結(jié)果使用密鑰K1進(jìn)行DESt1口密。這個(gè)過(guò)程稱(chēng)為EDE （加密一解密一加密）三重DEST使加密密鑰長(zhǎng)度擴(kuò)展到 128位，其中有效112位。三重DES勺112位密鑰長(zhǎng)度在可以預(yù)見(jiàn)的

11、將來(lái)可認(rèn)為是合適的、安全的，據(jù)稱(chēng)，目前尚無(wú)人找到針對(duì)此方案的攻擊方法。因?yàn)橐谱g它可能需要嘗試256個(gè)不同的56位密鑰直到找到正確的密鑰。但是三重DES勺時(shí)間是DEST法的3倍，時(shí)間開(kāi)銷(xiāo)較大。3.3避開(kāi)DEST法漏洞，實(shí)現(xiàn)安全管理在DES®鑰KEY的使用、管理及密鑰更換的過(guò)程中，應(yīng)絕對(duì)避開(kāi)DESU法的應(yīng)用誤區(qū)，即：絕對(duì)不能把 KEY勺第8、16、2 4, 6 4位作為有效數(shù)據(jù)位，來(lái)對(duì) KEY 進(jìn)行管理。從上述DES 算法的描述中知道，每個(gè)字節(jié)的第8 位作為奇偶校驗(yàn)位以確保密鑰不發(fā)生錯(cuò)誤，這8 位不參與DES 運(yùn)算。因此，特別推薦給金融銀行界及非金融業(yè)界的領(lǐng)導(dǎo)及決策者們，尤其是負(fù)責(zé)管理

12、密鑰的人，要對(duì)此點(diǎn)予以高度重視。有的銀行金融交易網(wǎng)絡(luò)，利用定期更換DES 密鑰 KEY 的辦法來(lái)進(jìn)一步提高系統(tǒng)的安全性和可靠性，如果忽略了上述應(yīng)用誤區(qū)，那么，更換新密鑰將是徒勞的，將威脅到金融交易網(wǎng)絡(luò)的安全運(yùn)行, 所以更換密鑰一定要保證新KEY 與舊 KEY 真正的不同即除了第8 、 1 6 、 2 4 , 6 4 位以外其它位數(shù)據(jù)發(fā)生了變化，這樣才能保證DES 算法安全可靠發(fā)揮作用，須務(wù)必對(duì)此保持高度重視。現(xiàn)代密碼學(xué)的特征是算法可以公開(kāi)。保密的關(guān)鍵是如何保護(hù)好自己的密鑰，而破密的關(guān)鍵則是如何能破解得到密鑰。統(tǒng)的安全主管者，要根據(jù)本系統(tǒng)實(shí)際所使用的密鑰長(zhǎng)度與其所保護(hù)的信息的敏感程度、重要程度以

13、及系統(tǒng)實(shí)際所處安全環(huán)境的惡劣程度，在留有足夠的安全系數(shù)的條件下來(lái)確定其密鑰和證書(shū)更換周期的長(zhǎng)短。同時(shí)，將已廢棄的密鑰和證書(shū)放入黑庫(kù)歸檔，以備后用。密鑰更換周期的正確安全策略是系統(tǒng) 能夠安全運(yùn)行的保障，是系統(tǒng)的安全管理者最重要、最核心的日常工作任務(wù)。3. 4 弱密鑰在DES算法中存在12個(gè)半弱密鑰和4個(gè)弱密鑰。由于在子密鑰的產(chǎn)生過(guò)程中，密鑰被分成了2 個(gè)部分， 如果這 2 個(gè)部分分成了全0 或全 1 , 那么每輪產(chǎn)生的子密鑰都是相同的，當(dāng)密鑰是全0 或全 1 ，或者一半是1 或 0 時(shí)，就會(huì)產(chǎn)生弱密鑰或半弱密鑰， DES 算法的安全性就會(huì)變差。在設(shè)定密鑰時(shí)應(yīng)避免弱密鑰或半弱密鑰的出現(xiàn)。4. DE

14、S 算法的應(yīng)用自 DES 算法頒布之后，引起了學(xué)術(shù)界和企業(yè)界的廣泛重視。許多廠家很快生產(chǎn)出實(shí)現(xiàn) DES 算法的硬件產(chǎn)品，廣大用戶在市場(chǎng)上買(mǎi)到高速而又廉價(jià)的DES 硬件產(chǎn)品之后，開(kāi)始用它加密自己的重要數(shù)據(jù)，從而大大推廣了密碼技術(shù)的使用。DE璃法的入口參數(shù)有 3個(gè)：KEY DATA MODE其中KEY% 8個(gè)字節(jié)共64位，是DESt 法的工作密鑰；DAT她為8個(gè)字節(jié)64位，是要被加密或被解密的數(shù)據(jù)； MODEDES勺 工作方式，有兩種：加密和解密。DE潴法是這樣工作的：如 MODE加密，則用KEY*把數(shù)據(jù)DATAS行力口密，生成 DATA勺密碼形式（64位）作為DES的輸出結(jié)果；如 MOD囪解密，

15、則用 KEY去把密碼 形式的數(shù)據(jù)DATAW密，還原為 DATA勺明碼形式（64位）作為DES勺輸出結(jié)果。在通 信網(wǎng)絡(luò)的兩端，雙方約定了一致的KEY在通信白源點(diǎn)用 KEYM核心數(shù)據(jù)進(jìn)行DES1 口密，然后以密碼形式在公共通信網(wǎng)（如電話網(wǎng)）中傳輸?shù)酵ㄐ啪W(wǎng)絡(luò)的終點(diǎn)，數(shù)據(jù)到達(dá) 目的地后，用同樣的KEY寸密碼數(shù)據(jù)進(jìn)行解密，便再現(xiàn)了明碼形式的核心數(shù)據(jù)。 這樣， 便保證了核心數(shù)據(jù)在公共通信網(wǎng)中傳輸?shù)陌踩院涂煽啃? 。通過(guò)定期在通信網(wǎng)絡(luò)的源端和目的端同時(shí)改用新的KEY便能更進(jìn)一步提高數(shù)據(jù)的保密性，這正是現(xiàn)在金融交易網(wǎng)絡(luò)的流行做法。在.NET開(kāi)發(fā)系統(tǒng)中，微軟公司提供了DE必用密鑰的加密類(lèi)，使用它，我們可以自己

16、編制自己的標(biāo)準(zhǔn) DESfc密算法。在任何一個(gè)單位，程序員只要設(shè)計(jì)此程序就能對(duì) 零散離散文件進(jìn)行加密傳輸，而如果要和其他單位交換數(shù)據(jù)，由于使用的公用算法， 只需要向?qū)Ψ教峁┟荑€及算法說(shuō)明即可，使用非常方便。 參考文獻(xiàn)： 1 盧開(kāi)澄 . 計(jì)算機(jī)密碼學(xué)一計(jì)算機(jī)網(wǎng)絡(luò)中的數(shù)據(jù)保密與安全：第3版 M. 北京：清華大學(xué)出版社，2 0 0 3.2 馮登國(guó)，吳文玲?分組密碼的設(shè)計(jì)與分析M. 北京：清華大學(xué)出版社， 2 0 0 0.畢業(yè)設(shè)計(jì)（ 論文 ）英文翻譯目：基于混合密碼的數(shù)字簽名方案設(shè)計(jì)院、系（部）：電子信息工程學(xué)院專(zhuān)業(yè)及班級(jí)：0 7 0 4 0 5 姓名：劉軍飛學(xué)號(hào)：070405114 指導(dǎo)教師：張艷玲日

17、期：2011.05.02DES algorithm safety and its applicationAbstract: the encryption algorithm for DES,the article analyzes the safety problems DES algorithm is introduced, and points out that the application of the proposed algorithm is DESkey lengths, multiple DESalgorithm, algorithm of safety management,

18、such as weakkey safety problems must be addressed.Keywords: DES algorithms; Key; Encryption; Safety; applicationData encryption standard (DES) is the U. S. national bureau of outside the U. S. defense department, in addition to other departments of the computer system data encryption standard, belon

19、gs to a block cipher in the specific application, still unable to break the encryption algorithm, so completely off by the United States government as a technology export restrictions, it is still widely used, has higher security.1 DES algorithm overviewDES is a symmetric algorithm: encryption and d

20、ecryption is the same algorithm with (except the key organises different outside), can be used not only can be used to encrypt and decrypt. It is the core technology in believe complex function can: through simple iterative several laps () function gets under the principle of DuiGe using F function

21、and such operations, make full use of nonlinear operations. DES to 64-bit data encryption for grouping. Each group 64-bit, if one last set of less than 6 bits to "0" fill neat. Key usually expressed as a 64-bit number, but each article 8 bits are used as parity and can be ignored, so dense

22、 length is 56， keycan be arbitrary 56 number, and can in any time change. One of very few number is considered weak key, but can easily avoid them, all the secrecy dependent on the keys.2 DES algorithm encryption analysis3 . IThe basic idea of 210 DES algorithmDES 64-bit expressly grouping of operat

23、ion. Through an initial displacement, will expressly group into left brain part (LO) and the right-side part (RO), each 32 bits long. RO and son key K1 used, and on F function output 32-bit number, then and LO executive xor operator get Rl, LI is the last round RO, so after 16 rounds, left, right af

24、ter partial together, after a late replacement (initial displacement inversereplacement), so this algorithm is completed.2. 2 initial displacementInitial displacement in the first round of input, former executive computing group implement such as table 1 shows transform (this form should, from left

25、to right to read) for example, the initial position of the proclaimed to the 58th a change of position, one of the first 50 change to second place position, put the first 4 to third position, etc. Initial displacement and the corresponding end displacement does not affect the safety of DES. Its main

26、 purpose is to will be more easily with ciphertext data in bytes written in DES chip the size.2. 3The key to generate sonThe key to produce as shown in figure 1 son shown 1. Will 64-bit decryption key, den' t consider key replacement each byte number eight, DS keys consists of a 64-bit to 56, 56

27、 key is divided into two parts, the first 28 bits after CO, for28 for DO. CO= K57K49K4L. K52K44K36,DO= K63K55K47. K20K12K4.Then, according to round number, CO and DOLSi cycle respectively after moves left in 1 or 2 bits. 16 times cycle of digit movesleft the following rules: cycle according 1,1,2,2,

28、 2, 2 , 2, 2, 1,2 , 2, 2, 2, 2, 21 left shift several.表1初始置換58504234261810or60521.36282012625446383022146645648 1403224168臉0/494133251791595113352719113 n61534537292113563554739312315?After cycle of Ci, moves left get Di after compression replacement namely get son Ki (1 = 1 key,., 16). Compression

29、replacement also called replacement choice,is selected from 56 48 bits, table 2 defines compression replacement. For example, in the positions is 33 output moved in a position of # 35 in 18th place, and that a position omitting .2.4 16 iteration processDESalgorithm has 16 iterations, the iterative a

30、s figure2shows 2. From the graph can get Li = Ri - 1, Ri = Li - 1十F (Ri - 1 , Ki), 1 = 1, 2, 315 , 16.圖1子密鑰的產(chǎn)生the results are different,and P box after convertingF function realization principle is to expand Ri - 1 Ki after displacement andand the output content or executive S box of alternative get

31、 F (Ri - 1, Ki), ts principle fig. 03 shows1. Expandreplacement also called E box, it will data from the right part32-bit expanded to 48 bits, changed a sequence, repeat some bits, compared tothe original input long 16， data bits, still depends on the original input.Extension of the replacement of 4

32、8 bits in sequence into eight groups output, each group of six, eight S respectively input son box, each child box output four, a total of 32. Assumptions will S box six input marked bl, b2, b3, b4, b5, b6, then bl and b6 constitute a 2 bits number, from 0 to 3， it corresponds to S the line.Watch Fr

33、om b2 to b5 constituted a 4 digit number, from 0 to 15， corresponding totable a column in the ranks of the data interchange, is that the S box output. Each S box can be viewed as a four input to replace function: b2 to b5 direct input, output results for four, bl and b6 participants from neighboring

34、 grouping, them from specific S box 4 instead of function choose a. This is the key step in the algorithm, and all other operations are linear, easy to analysis, and S box is nonlinear, it any other step than DESprovides better security. P boxes each input a transition is mapped to output a, any one

35、 cannot be mapped twice, also cannot be cut out.2. 5 end displacementThe replacement of the initial replacement is the inverse process, DESduring the last round, right and left parts, but will not exchange part R16 and L16 and together to form a group as the input end displacement.3 DES algorithm sa

36、fety issues3. 1 DES algorithm key lengthsInitial Roosevelt password for 128-bit key length, DES56bits, this is too small for data transmission, the keys used in every iteration of the recursive Ki is produced, this correlation inevitable reduces the password system security. Therefore, people will t

37、o 56 keys have cast doubt on the safety, then 56 key whether enough, has become one of the focuses of debate.So far, the most effective cracked DESalgorithm methodis exhaustively search method. 56 need 228, 493, 000 years is about. Still, some scholars think in the foreseeable future exhaustion meth

38、od with finding the right key has already become more and more feasible, so if want security protection of 10 years of above data had better not use DES algorithm.R, ,(32?)P盒鈴換I f(Rm, k)閣3 F函數(shù)的實(shí)現(xiàn)原理In recent years someproposed with difference and linear attack schemeto crack, though, from DEShlgorith

39、m theoretically decipher than the performance Exhaustively search method, but must have the super-fast computers provide support, that American state secrecy bureau and computer science and technology institute organizing.World experts research DES password system, it is concluded that the problem o

40、f safety in the conclusion of optimism after: without any can decipher DESpassword system system analysis. If use exhaustively method, is in before 1990 basically impossible to produce each day to decipher a DES key special computer. Even when can produce such steels, it will only in deciphering suc

41、cess rate between 0.1 to 0. 2 , and cost could be as high as millions dollars. According to the present computing and DESanalysis situation, 16 - circle DES(with 16 iteration) is still safe, but warn users don't use less than 16 - circle DES, especially 10 - circle the following DES. Nevertheles

42、s, we still need to consider to DES algorithm was improved, add some key length, in order to achieve better confidential function.3. 2 multiple DES algorithmAimed at the defects of algorithm, DES nations experts are studying how to enhance the security of DES algorithm, has now developed dozens of i

43、mproved DES, after comparison, the author thinks that multiple DES has the high feasibility.In order to increase the key lengths, using multiple DESencryption technology group password, cascade, in a different key function, continuous Many times for a group of plaintext encrypted. According to the e

44、xperts, DES algorithm adopts triple DES consensus is encryption algorithm. Triple DES method needs to perform three conventional DESencrypted steps, but the most commonlyused three heavy DES algorithm using only two 56 DESkeys. Suppose this two keys with K2, its algorithm triassic-paleogene the step

45、s are:1) for DES encrypted with key Kl;2) the results in step 1 to use a keyK2 to DES decryption;3) the results in step 2 to use a keyKl for DES encrypted.This process is called EDE (encryption - decryption - encryption).Triple DES can make the encryption key length expanded to 128-bit, Including ef

46、fective 112. The 112 triple DES key length in the foreseeable future can think is appropriate, safe, allegedly, at present there is no people find in this scheme method of assault. Because want Decipher it may need to try to 256 different 56 key until you find the right key. But triple DEStime is th

47、ree times the DESalgorithm, time consuming is bigger.3. 3 avoid DES algorithm loophole, realize safe managementIn DES keys use and management of the Key specific and Key change s process, should absolutely avoid DESalgorithm application pitfalls, namely: definitely not the Key specific section 8, 16

48、, 24. 64 bit as valid data bits, to manage to Key specific. From the description of the above DES algorithm, each byte of the first that eight as parity to ensure the key not errors occur, the eight not participation DES operations. Therefore, particularly recommended for financial banking and non-f

49、inancial industry leadership and decision makers, especially responsible for managing the people, which key point pay serious attention. Some Banks financial transaction network, use change regularly DES keys to Key specific to further improve reliability and safety of the system, if you ignore the

50、above application pitfalls, then, change the new Key will be in vain, and threaten financial transaction network safety running, so change Key must ensure new Key specific and old Key specific real different that, in addition to the first 8, 16， 24. 64 bit beyond other bits of data changed, so that

51、wecan guarantee DESalgorithm safe and reliable work, must make sure to keep high attention.Modern cryptography features is algorithm can open. The key is how to protect the confidentiality of their keys, and the key is broken secret key. Howcan get hacking The security of the system, this system acc

52、ording to the director of the actual use of key length and the sensitive degree of protection of information, important degree and the actual place security environment system of degree, in bad with sufficient safety coefficient conditions from determine its key and certificate change cycle length.

53、Meanwhile, will have abandoned key and certificate in black library archive, away for future use. Key change cycle right security strategy is system can safe operation of the system5 s safety protection, is the most important and the most managers of daily tasks.3. 4 weak keysIn DESalgorithm 12 and

54、a half existsweak key and four weak keys. Because thekey in the son produced process, the key is divided into 2 parts, if this2 parts into full 0 or total 1 ， so each wheel produces daughter keys are the same, and when keys are all 0 or 1， or half full 1 or 0， can produce weak keys, or halfa weak th

55、e safety of keys, DES algorithm will become poor. In setting key should avoid weak keys, or half a weak key to appear.4 DES use of the algorithmAfter since DES algorithm, caused promulgated by academic and corporate attention. Manymanufacturers soon produce realize DESalgorithm Hardware products, us

56、ers in the market to buy high speed and cheap DES hardware products, to start using it after the important data encryption himself, thus greatly promote the use of a password techniques.DES algorithm entry parameters have 3: Key specific, Data, Mode. One Key specific for 8 byte 64 bits, which is the

57、 Key; DES algorithm work Data also for 8 byte 64-bit, is to be encrypted or message decrypted Data; Mode for DES way of working, have two kinds: encryption and decryption. DESalgorithm is howit works: such as Mode for encryption, then use the Data to Key specific Data encrypt Data and generate the password form (64 bit