document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19148 from silentdawn-zz/patch-5

Browse Source 
Finish and move:20200611 Never forget your password with this Python encryption algorithm.md
This commit is contained in:
Xingyu.Wang 2020-07-27 23:23:30 +08:00 committed by GitHub
commit c77aeb4a41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 261 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
sources/tech/20200611 Never forget your password with this Python encryption algorithm.md
View File

@ -1,262 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (silentdawn-zz)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Never forget your password with this Python encryption algorithm)
[#]: via: (https://opensource.com/article/20/6/python-passwords)
[#]: author: (Moshe Zadka https://opensource.com/users/moshez)
有了这个 Python 加密算法,你再也不会忘记密码了
======
本密码保护算法使用 Python 实现,基于 Shamir 秘密共享算法,可以有效避免黑客窃取和自己忘记。
![Searching for code][1]
很多人使用密码管理器来保密存储自己再用的各种密码。密码管理器的关键环节之一是主密码。主密码保护者所有其它密码,这种情况下,主密码本身就是风险所在。任何知道你的主密码的人,都可以在你的密码保护范围内畅行无阻。自然而然的,为了保证主密码的安全性,你会选用很难猜到的密码,牢记在脑子里,还有很多其它你能想到的 [方法][2]。
但是万一主密码泄露了或者忘记了,后果是什么?可能你会去个心仪的没有现代技术覆盖的岛上旅行个把月什么的,在开心戏水之后,想用美味菠萝的时刻,突然记不清自己的密码是什么了。是“山尖一寺一壶酒”?还是“一去二三里,烟村四五家”?反正当时选用的时候感觉精灵的很,现在没有那么精灵了。
![XKCD comic on password strength][3]
([XKCD][4], [CC BY-NC 2.5][5])
当然,你不会把自己的主密码告诉其它任何人,因为这是密码管理的首要原则。有没有其它变通的办法,免除这种难以承受的尴尬?
试试 **[Shamir 秘密共享算法][6]**, 一种可以将保密内容进行分块保存,且只能将所有片段拼合才能恢复保密内容的算法。
Let's take a look at Shamir's Secret Sharing in action through a story of ancient times and modern times.
This story does assume some knowledge of cryptography. You can brush up on it with this [introduction to cryptography and public key infrastructure][7].
### A story of secrets in ancient times
In an ancient kingdom, it came to pass that the king had a secret. A terrible secret:
```
def int_from_bytes(s):
    acc = 0
    for b in s:
        acc = acc * 256
        acc += b
    return acc
secret = int_from_bytes("terrible secret".encode("utf-8"))
```
So terrible, the king could entrust it to none of his offspring. He had five of them but knew that there would be dangers on the road ahead. The king knew his children would need the secret to protect the kingdom after his death, but he could not bear the thought of the secret being known for two decades, while they were still mourning him.
So he used powerful magic to split the secret into five shards. He knew that it was possible that one child or even two would not respect his wishes, but he did not believe three of them would:
```
from mod import Mod
from os import urandom
```
The king was well-versed in the magical arts of [finite fields][8] and _randomness_. As a wise king, he used Python to split the secret.
The first thing he did was choose a large prime—the 13th [Mersenne Prime][9] (`2**521 - 1`)—and ordered it be written in letters 10 feet high, wrought of gold, above the palace:
```
`P = 2**521 - 1`
```
This was not part of the secret: it was _public data_.
The king knew that if `P` is a prime, numbers modulo `P` form a mathematical [field][10]: they can be added, multiplied, subtracted, and divided as long as the divisor is not zero.
As a busy king, he used the PyPI [package `mod`][11], which implements modulus arithmetic.
He made sure his terrible secret was less than `P`:
```
`secret < P`[/code] [code]`TRUE`
```
And he converted it to its modulus `mod P`:
```
`secret = mod.Mod(secret, P)`
```
In order to allow three offspring to reconstruct the secret, the king had to generate two more parts to mix together:
```
polynomial = [secret]
for i in range(2):
    polynomial.append(Mod(int_from_bytes(urandom(16)), P))
len(polynomial)
[/code] [code]`3`
```
The king next needed to evaluate this [polynomial][12] at random points. Evaluating a polynomial is calculating `polynomial[0] + polynomial[1]*x + polynomial[2]*x**2 ...`
While there are third-party modules to evaluate polynomials, they do not work with finite fields. The king needed to write the evaluation code himself:
```
def evaluate(coefficients, x):
    acc = 0
    power = 1
    for c in coefficients:
        acc += c * power
        power *= x
    return acc
```
Next, the king evaluated the polynomial at five different points, to give one piece to each offspring:
```
shards = {}
for i in range(5):
    x = Mod(int_from_bytes(urandom(16)), P)
    y = evaluate(polynomial, x)
    shards[i] = (x, y)
```
Sadly, as the king feared, not all his offspring were honest and true. Two of them, shortly after his death, tried to figure out the terrible secret from the parts they had. Try as they could, they did not succeed. However, when the others learned this, they exiled them from the kingdom forever:
```
del shards[2]
del shards[3]
```
Twenty years later, as the king had decreed, the oldest sibling and the two youngest came together to figure out their father's terrible secret. They put together their shards:
```
`retrieved = list(shards.values())`
```
For 40 days and 40 nights, they struggled with finding the king's secret. No easy task was it before them. Like the king, they knew Python, but none were as wise as he.
Finally, the answer came to them.
The retrieval code is based on a concept called [lagrange interpolation][13]. It evaluates a polynomial at `0` based on its values in `n` other places, where `n` is the degree of the polynomial. The way it works is that you can explicitly find a formula for a polynomial that is `1` at `t[0]` and `0` at `t[i]` for `i` different from `0`. Since evaluating a polynomial is a linear function, you evaluate each of _these_ polynomials and interpolate the results of the evaluations with the values the polynomial has:
```
from functools import reduce
from operator import mul
def retrieve_original(secrets):
    x_s = [s[0] for s in secrets]
    acc = Mod(0, P)
    for i in range(len(secrets)):
        others = list(x_s)
        cur = others.pop(i)
        factor = Mod(1, P)
        for el in others:
            factor *= el * (el - cur).inverse()
        acc += factor * secrets[i][1]
    return acc
```
It is no surprise this took them 40 days and 40 nights—this code is pretty complicated! But they ran it on the surviving shards, waiting with bated breath:
```
`retrieved_secret = retrieve_original(retrieved)`
```
Did the children get the correct secret?
```
`retrieved_secret == secret`[/code] [code]`TRUE`
```
The beauty of math's magic is that it works reliably every time! The children, now older and able to understand their father's choices, used the terrible secret to defend the kingdom. The kingdom prospered and grew. 
### A modern story of Shamir's Secret Sharing
In modern times, many of us are also burdened with a terrible secret: the master password to our password manager. While few people have one person they can trust completely with their deepest, darkest secrets, many can find a group of five where it is unlikely three will break their trust together.
Luckily, in these modern times, we do not need to split our secrets ourselves, as the king did. Through the modern technology of _open source_, we can use software that exists.
Let's say you have five people you trust—not absolutely, but quite a bit: Your best friend, your spouse, your mom, a close colleague, and your lawyer.
You can install and run the program `ssss` to split the key:
```
$ echo 'long legs travel fast' | ssss-split -t 3 -n 5
Generating shares using a (3,5) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 168 bit security level.
1-797842b76d80771f04972feb31c66f3927e7183609
2-947925f2fbc23dc9bca950ef613da7a4e42dc1c296
3-14647bdfc4e6596e0dbb0aa6ab839b195c9d15906d
4-97c77a805cd3d3a30bff7841f3158ea841cd41a611
5-17da24ad63f7b704baed220839abb215f97d95f4f8
```
Ah, a strong, powerful, master password: `long legs travel fast`. Never can it be entrusted to a single soul, but you can send the five shards to your five guardians.
* You send `1` to your best friend, F.
* You send `2` to your spouse, S.
* You send `3` to your mom, M.
* You send `4` to your colleague, C.
* You send `5` to your lawyer, L.
Now, say you go on a family vacation. For a month, you frolic on the warm sands of the beach. While you frolic, you touch not one electronic device. Soon enough, your powerful master password is forgotten.
Your loving spouse and your dear mother were with you on vacation. They kept their shards safe in their password manager—and they have forgotten _their passwords_.
This is fine.
You contact your best friend, F, who gives you `1-797842b76d80771f04972feb31c66f3927e7183609`. Your colleague, who covered all your shifts, is glad to have you back and gives you `4-97c77a805cd3d3a30bff7841f3158ea841cd41a611`. Your lawyer charges you $150 per hour, goes into their password manager, and digs up `5-17da24ad63f7b704baed220839abb215f97d95f4f8`.
With those three pieces, you run:
```
$ ssss-combine -t 3
Enter 3 shares separated by newlines:
Share [1/3]: 1-797842b76d80771f04972feb31c66f3927e7183609
Share [2/3]: 4-97c77a805cd3d3a30bff7841f3158ea841cd41a611
Share [3/3]: 5-17da24ad63f7b704baed220839abb215f97d95f4f8
Resulting secret: long legs travel fast
```
And so, with the technology of _open source_, you too can live like a king!
### Share safely for your safety
Password management is an essential skill for today's online life. Create a complex password, of course, but don't stop there. Use the handy Shamir's Secret Sharing algorithm to safely share it with others.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/6/python-passwords
作者:[Moshe Zadka][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/moshez
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/search_find_code_python_programming.png?itok=ynSL8XRV (Searching for code)
[2]: https://monitor.firefox.com/security-tips
[3]: https://opensource.com/sites/default/files/uploads/password_strength-xkcd.png (XKCD comic on password strength)
[4]: https://imgs.xkcd.com/comics/password_strength.png
[5]: https://creativecommons.org/licenses/by-nc/2.5/
[6]: https://en.wikipedia.org/wiki/Secret_sharing#Shamir's_scheme
[7]: https://opensource.com/article/18/5/cryptography-pki
[8]: https://en.wikipedia.org/wiki/Finite_field
[9]: https://en.wikipedia.org/wiki/Mersenne_prime
[10]: https://en.wikipedia.org/wiki/Field_(mathematics)
[11]: https://pypi.org/project/mod/
[12]: https://en.wikipedia.org/wiki/Polynomial
[13]: https://www.math.usm.edu/lambers/mat772/fall10/lecture5.pdf

261
translated/tech/20200611 Never forget your password with this Python encryption algorithm.md Normal file
View File

@ -0,0 +1,261 @@
[#]: collector: (lujun9972)
[#]: translator: (silentdawn-zz)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Never forget your password with this Python encryption algorithm)
[#]: via: (https://opensource.com/article/20/6/python-passwords)
[#]: author: (Moshe Zadka https://opensource.com/users/moshez)
有了这个 Python 加密算法,你再也不用担心忘记密码了
======
本密码保护算法使用 Python 实现,基于 Shamir 秘密共享算法,可以有效避免黑客窃取和自己不经意忘记引发的风险和不便。
![Searching for code][1]
很多人使用密码管理器来保密存储自己在用的各种密码。密码管理器的关键环节之一是主密码,主密码保护着所有其它密码。这种情况下,主密码本身就是风险所在。任何知道你的主密码的人,都可以视你的密码保护若无物,畅行无阻。自然而然,为了保证主密码的安全性,你会选用很难想到的密码,把它牢记在脑子里,甚至还有很多其它你能想到的 [各种方法][2]。
但是万一主密码泄露了或者忘记了,后果是什么?可能你要去个心仪的没有现代技术覆盖的岛上旅行上个把月,在开心戏水之后享用美味菠萝的时刻,突然记不清自己的密码是什么了。是“山尖一寺一壶酒”?还是“一去二三里,烟村四五家”?反正当时选密码的时候感觉浑身都是机灵,现在则后悔当初何必作茧自缚。
![XKCD comic on password strength][3]
([XKCD][4], [CC BY-NC 2.5][5])
当然,你不会把自己的主密码告诉其它任何人,因为这是密码管理的首要原则。有没有其它变通的办法,免除这种难以承受的密码之重?
试试 **[Shamir 秘密共享算法][6]**,一种可以将保密内容进行分块保存,且只能将片段拼合才能恢复保密内容的算法。
先分别通过一个古代的和一个现代的故事,看看 Shamir 秘密共享算法究竟是怎么回事吧。
这些故事的隐含前提是你对密码学有起码的了解,必要的话,你可以先温习一下 [密码学与公钥基础设施引论][7].
### 一个古代关于加解密的故事
古代某国,王有个大秘密,很大很大的秘密:
```
def int_from_bytes(s):
    acc = 0
    for b in s:
        acc = acc * 256
        acc += b
    return acc
secret = int_from_bytes("terrible secret".encode("utf-8"))
```
大到他自己的孩子都不能轻易信任。他有五个王子,但前程危机重重。他的孩子需要在他百年之后用这个秘密来保卫国家,而国王又不能忍受自己的孩子在他们还记得自己的时候就知道这些秘密,尤其是这种状态可能要持续几十年。
所以,国王动用大力魔术,将这个秘密分为了五个部分。他知道,可能有一两个孩子不会遵从他的遗嘱,但绝对不会同时有三个或三个以上这样:
```
from mod import Mod
from os import urandom
```
国王精通 [有限域][8] 和 _随机理论_,当然,对他来说,使用 Python 分割这个秘密也是小菜一碟。
第一步是选择一个大质数——第 13 个 [梅森质数][9] (`2**521 - 1`),他让人把这个数誊写到纸上,封之金匮,藏之后殿:
```
`P = 2**521 - 1`
```
但这不是要保守的秘密:这只是 _公钥_
国王知道,如果 `P` 是一个质数, 用 `P` 对数字取模,就形成了一个数学 [场][10]:在场中可以自由进行加、减、乘、除运算。当然,做除法运算时,除数不能为 0。
国王日理万机,方便起见,他在做模运算时使用了 PyPI 中的 [`mod`][11] 模块,这个模块实现了各种模运算算法。
他确认过,自己的秘密比 `P` 要短:
```
`secret < P`[/code] [code]`TRUE`
```
将秘密转换为 `P` 的模,`mod P`
```
`secret = mod.Mod(secret, P)`
```
为了使任意三个孩子掌握的片段就可以重建这个秘密,他还得生成另外两个部分,并混杂到一起:
```
polynomial = [secret]
for i in range(2):
    polynomial.append(Mod(int_from_bytes(urandom(16)), P))
len(polynomial)
[/code] [code]`3`
```
下一步就是在随机选择的点上计算某 [多项式][12] 的值,即计算 `polynomial[0] + polynomial[1]*x + polynomial[2]*x**2 ...`
虽然有第三方模块可以计算多项式的值,但那并不是针对有限域内的运算的,所以,国王还得亲自操刀,写出计算多项式的代码:
```
def evaluate(coefficients, x):
    acc = 0
    power = 1
    for c in coefficients:
        acc += c * power
        power *= x
    return acc
```
再下一步,国王选择五个不同的点,计算多项式的值,并分别交给五个孩子,让他们各自保存一份:
```
shards = {}
for i in range(5):
    x = Mod(int_from_bytes(urandom(16)), P)
    y = evaluate(polynomial, x)
    shards[i] = (x, y)
```
正如国王所虑,不是每个孩子都正直守信。其中有两个孩子,在他尸骨未寒的时候,就想从自己掌握的秘密片段中窥出些什么,但穷极所能,终无所获。另外三个孩子听说了这个事,合力将这两人永远驱逐:
```
del shards[2]
del shards[3]
```
二十年弹指一挥间,奉先王遗命,三个孩子将合力恢复出先王的大秘密。他们将各自的秘密片段拼合在一起:
```
`retrieved = list(shards.values())`
```
然后是 40 天没日没夜的苦干。这是个大工程,他们虽然都懂些 Python但都不如前国王精通。
最终,揭示秘密的时刻到了。
用于反算秘密的代码基于 [拉格朗日差值][13],它利用多项式在 `n` 个非 0 位置的值,来计算其在 `0` 处的值。前面的 `n` 指的是多项式的阶数。这个过程的原理是,可以为一个多项式找到一个显示方程,使其满足:其在 `t[0]` 处的值是 `1`,在 `i` 不为 `0` 的时候,其在 `t[i]` 处的值是 `0`。因多项式值的计算属于线性运算,需要计算 _这些_ 多项式各自的值,并使用多项式的值进行插值:
```
from functools import reduce
from operator import mul
def retrieve_original(secrets):
    x_s = [s[0] for s in secrets]
    acc = Mod(0, P)
    for i in range(len(secrets)):
        others = list(x_s)
        cur = others.pop(i)
        factor = Mod(1, P)
        for el in others:
            factor *= el * (el - cur).inverse()
        acc += factor * secrets[i][1]
    return acc
```
这代码是在太复杂了40 天能算出结果已经够快了。雪上加霜的是,他们只能利用五个秘密片段中的三个来完成这个运算,这让他们万分紧张:
```
`retrieved_secret = retrieve_original(retrieved)`
```
后事如何?
```
`retrieved_secret == secret`[/code] [code]`TRUE`
```
数学这个魔术的优美之处就在于它每一次都是那么靠谱,无一例外。国王的孩子们,曾经的孩童,而今已是壮年,足以理解先王的初衷,并以先王的锦囊妙计保卫了国家,并继之以繁荣昌盛!
### 关于 Shamir 秘密共享算法的现代故事
现代,很多人都对类似的大秘密苦不堪言:密码管理器的主密码!几乎没有谁能有足够信任的人去完全托付自己最深的秘密,好消息是,找到至少有三个不会串通起来搞鬼的五人组不是个太困难的事。
同样是在现代,比较幸运的是,我们不必再像国王那样自己动手分割要守护的秘密。拜现代 _开源_ 技术所赐,这都可以使用现成的软件完成。
假设你有五个不敢完全信任,但还可以有点信任的人:金、木、水、火、土。
安装并运行 `ssss` 分割密钥:
```
$ echo 'long legs travel fast' | ssss-split -t 3 -n 5
Generating shares using a (3,5) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 168 bit security level.
1-797842b76d80771f04972feb31c66f3927e7183609
2-947925f2fbc23dc9bca950ef613da7a4e42dc1c296
3-14647bdfc4e6596e0dbb0aa6ab839b195c9d15906d
4-97c77a805cd3d3a30bff7841f3158ea841cd41a611
5-17da24ad63f7b704baed220839abb215f97d95f4f8
```
这确实是个非常牛的主密码:`long legs travel fast`,绝不能把它完整的托付给任何人!那就把五个片段分别交给还比较可靠的伙伴,金、木、水、火、土:
* 把 `1` 给金。
* 把 `2` 给木。
* 把 `3` 给水。
* 把 `4` 给火。
* 把 `5` 给土。
然后,你开启你的惬意之旅,整整一个月,流连于海边温暖的沙滩,整整一个月,未接触任何电子设备。没用多久,把自己的主密码忘到了九霄云外。
木和水也在旅行中,你托付给他们保管的密钥片段保存的好好的,在他们各自的密码管理器中,但不幸的是,他们和你一样,也忘了自己的 _主密码_
没关系。
联系金,他保管的密钥片段是 `1-797842b76d80771f04972feb31c66f3927e7183609`;火,一直替你的班,很高兴你能尽快重返岗位,把自己掌握的片段给了你,`4-97c77a805cd3d3a30bff7841f3158ea841cd41a611`;土,收到你给的跑腿费才将自己保管的片段翻出来发给你,`5-17da24ad63f7b704baed220839abb215f97d95f4f8`。
有了这三个密钥片段,运行:
```
$ ssss-combine -t 3
Enter 3 shares separated by newlines:
Share [1/3]: 1-797842b76d80771f04972feb31c66f3927e7183609
Share [2/3]: 4-97c77a805cd3d3a30bff7841f3158ea841cd41a611
Share [3/3]: 5-17da24ad63f7b704baed220839abb215f97d95f4f8
Resulting secret: long legs travel fast
```
就这么简单,有了 _开源_ 技术加持,你也可以活的像国王一样滋润!
### 自己的安全不是自己一个人的事
密码管理是当今网络生活必备技能,当然要选择复杂的密码,来保证安全性,但这不是全部。来用 Shamir 秘密共享算法,和他人共同安全的存储你的密码吧。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/6/python-passwords
作者:[Moshe Zadka][a]
选题:[lujun9972][b]
译者:[silentdawn-zz](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/moshez
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/search_find_code_python_programming.png?itok=ynSL8XRV (Searching for code)
[2]: https://monitor.firefox.com/security-tips
[3]: https://opensource.com/sites/default/files/uploads/password_strength-xkcd.png (XKCD comic on password strength)
[4]: https://imgs.xkcd.com/comics/password_strength.png
[5]: https://creativecommons.org/licenses/by-nc/2.5/
[6]: https://en.wikipedia.org/wiki/Secret_sharing#Shamir's_scheme
[7]: https://opensource.com/article/18/5/cryptography-pki
[8]: https://en.wikipedia.org/wiki/Finite_field
[9]: https://en.wikipedia.org/wiki/Mersenne_prime
[10]: https://en.wikipedia.org/wiki/Field_(mathematics)
[11]: https://pypi.org/project/mod/
[12]: https://en.wikipedia.org/wiki/Polynomial
[13]: https://www.math.usm.edu/lambers/mat772/fall10/lecture5.pdf