Understanding Passwords: Key Concepts You Should Know

Understanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should Know

This “password” is not that “password”; key password knowledge you should know.

As of July 1, the newly revised “Commercial Password Management Regulations” have officially come into effect. With the acceleration of the digitalization process, commercial passwords are now applied in all aspects of our lives, providing security assurance.

The “password” referred to here is not the kind we usually understand as a series of strings, but rather a technology, product, and service that uses specific transformation methods to encrypt and protect information, as well as secure authentication.

(Specific transformations refer to various mathematical methods and implementation mechanisms for converting plaintext and ciphertext, while secure authentication means using specific transformations to verify the authenticity and reliability of subjects and information, thus protecting the authenticity of information sources, data integrity, and non-repudiation of actions.)

Here, I will popularize some password knowledge for everyone, so you won’t be a “password novice” anymore.

Understanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should Know

WeChat “Password” VS Passwords in Cryptography

Understanding Passwords: Key Concepts You Should Know

WeChat login passwords, Alipay passwords, bank card passwords, etc., are the passwords we usually refer to. In English, they are commonly represented by “password” or “pin”, which translates to “passphrase”. A passphrase acts more like a secret code, serving to identify us as “insiders” and thereby granting access permissions.

In contrast, the password in cryptography corresponds to the English term “cryptography”. It is a technology that can be used to handle information, thereby ensuring the authenticity, confidentiality, integrity, and non-repudiation of information during interactions in the digital world.

Authenticity: Judging the source of information and being able to identify counterfeit sources.

Confidentiality: Ensuring that data content is not leaked; encryption protection is a common means to achieve confidentiality requirements.

Integrity: Ensuring that the protected data content is complete and has not been tampered with. A common technique to guarantee integrity is digital signatures.

Non-repudiation: In a network environment, both parties in the information exchange cannot deny their actions of sending or receiving information during the exchange.

Understanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should KnowUnderstanding Passwords: Key Concepts You Should Know

Classification of Passwords

Understanding Passwords: Key Concepts You Should Know

Symmetric Password: The same key is used for both encryption and decryption. Symmetric passwords are also known as public key passwords, traditional passwords, private key passwords, and shared key passwords. National encryption standard algorithm: SM2.

Asymmetric Password (Public Key Password): Different keys are used for encryption and decryption, thus also known as asymmetric passwords. National encryption standard algorithm: SM4.

One-way Hash Function (Hash Algorithm): Protects information integrity: The data content in the information is genuine and not forged or tampered with. The obtained information is computed through a one-way hash function to produce a value known as the hash value, also referred to as the checksum, fingerprint, or information digest (these are all names for that value). This value is compared with the hash value provided by the sender; if they match, it proves that the information has not been forged, thus ensuring the integrity of the information. National encryption standard algorithm: SM3.

Real-life example: You buy an item through overseas shopping, and upon receiving it, you are unsure if it is genuine or counterfeit. The product box has a QR code for verification; you scan it with your phone and find out it is indeed genuine, which puts your mind at ease.

Message Authentication Code: By using message authentication code technology, it ensures that the message comes from the expected communication object and can also confirm whether the message has been tampered with.

Digital Signature: A technology that prevents impersonation of the sender, prevents tampering with the content of the information, and prevents the sender from denying having sent the message. The sender adds a digital signature to the content of the information, and the recipient can verify this digital signature. It mimics the technology of signing and stamping in the real world.

Understanding Passwords: Key Concepts You Should Know

Leave a Comment