document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Finish Translation.

Browse Source
This commit is contained in:
SilentDawn 2020-07-27 22:54:06 +08:00 committed by GitHub
parent 3f37d1f5ad
commit d01c3907eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 50 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
sources/tech/20200611 Never forget your password with this Python encryption algorithm.md
View File

@ -9,28 +9,28 @@
有了这个 Python 加密算法,你再也不会忘记密码了
======
本密码保护算法使用 Python 实现,基于 Shamir 秘密共享算法,可以有效避免黑客窃取和自己忘记。
本密码保护算法使用 Python 实现,基于 Shamir 秘密共享算法,可以有效避免黑客窃取和自己不经意忘记引发的风险和不便
![Searching for code][1]
很多人使用密码管理器来保密存储自己再用的各种密码。密码管理器的关键环节之一是主密码。主密码保护者所有其它密码,这种情况下,主密码本身就是风险所在。任何知道你的主密码的人,都可以在你的密码保护范围内畅行无阻。自然而然的,为了保证主密码的安全性,你会选用很难猜到的密码,牢记在脑子里,还有很多其它你能想到的 [方法][2]。
很多人使用密码管理器来保密存储自己在用的各种密码。密码管理器的关键环节之一是主密码,主密码保护着所有其它密码。这种情况下,主密码本身就是风险所在。任何知道你的主密码的人,都可以视你的密码保护若无物,畅行无阻。自然而然,为了保证主密码的安全性,你会选用很难想到的密码,把它牢记在脑子里,甚至还有很多其它你能想到的 [各种方法][2]。
但是万一主密码泄露了或者忘记了,后果是什么?可能你会去个心仪的没有现代技术覆盖的岛上旅行个把月什么的,在开心戏水之后,想用美味菠萝的时刻,突然记不清自己的密码是什么了。是“山尖一寺一壶酒”?还是“一去二三里,烟村四五家”?反正当时选用的时候感觉精灵的很,现在没有那么精灵了
但是万一主密码泄露了或者忘记了,后果是什么?可能你要去个心仪的没有现代技术覆盖的岛上旅行上个把月,在开心戏水之后享用美味菠萝的时刻,突然记不清自己的密码是什么了。是“山尖一寺一壶酒”?还是“一去二三里,烟村四五家”?反正当时选密码的时候感觉浑身都是机灵,现在则后悔当初何必作茧自缚
![XKCD comic on password strength][3]
([XKCD][4], [CC BY-NC 2.5][5])
当然,你不会把自己的主密码告诉其它任何人,因为这是密码管理的首要原则。有没有其它变通的办法,免除这种难以承受的尴尬
当然,你不会把自己的主密码告诉其它任何人,因为这是密码管理的首要原则。有没有其它变通的办法,免除这种难以承受的密码之重
试试 **[Shamir 秘密共享算法][6]**, 一种可以将保密内容进行分块保存,且只能将所有片段拼合才能恢复保密内容的算法。
试试 **[Shamir 秘密共享算法][6]**, 一种可以将保密内容进行分块保存,且只能将片段拼合才能恢复保密内容的算法。
Let's take a look at Shamir's Secret Sharing in action through a story of ancient times and modern times.
先分别通过一个古代的和一个现代的故事,看看 Shamir 秘密共享算法究竟是怎么回事吧。
This story does assume some knowledge of cryptography. You can brush up on it with this [introduction to cryptography and public key infrastructure][7].
这些故事的隐含前提是你对密码学有起码的了解,必要的话,你可以先温习一下 [密码学与公钥基础设施引论][7].
### A story of secrets in ancient times
### 一个古代关于加解密的故事
In an ancient kingdom, it came to pass that the king had a secret. A terrible secret:
古代某国,王有个大秘密,很大很大的秘密:
```
@ -44,9 +44,9 @@ def int_from_bytes(s):
secret = int_from_bytes("terrible secret".encode("utf-8"))
```
So terrible, the king could entrust it to none of his offspring. He had five of them but knew that there would be dangers on the road ahead. The king knew his children would need the secret to protect the kingdom after his death, but he could not bear the thought of the secret being known for two decades, while they were still mourning him.
大到他自己的孩子都不能轻易信任。他有五个王子,但任然危机重重。他的孩子需要在他百年之后用这个秘密来保卫国家,而国王又不能忍受自己的孩子在还记得自己的时候就知道这些秘密,尤其是这种状态可能要持续几十年。
So he used powerful magic to split the secret into five shards. He knew that it was possible that one child or even two would not respect his wishes, but he did not believe three of them would:
所以,国王使用了大力魔术,将这个秘密分为了五个部分,因为他知道,可能有一两个孩子不会遵从他的遗嘱,但绝对不会出现三个:
```
@ -54,36 +54,36 @@ from mod import Mod
from os import urandom
```
The king was well-versed in the magical arts of [finite fields][8] and _randomness_. As a wise king, he used Python to split the secret.
国王精通 [有限域][8] 和 _随机理论_,当然,对他来说,使用 Python 分割这个秘密就是小菜一碟。
The first thing he did was choose a large prime—the 13th [Mersenne Prime][9] (`2**521 - 1`)—and ordered it be written in letters 10 feet high, wrought of gold, above the palace:
第一步是选择一个大质数——第 13 个 [梅森质数][9] (`2**521 - 1`),他让人把这个数誊写到纸上,封之金匮,藏之后殿:
```
`P = 2**521 - 1`
```
This was not part of the secret: it was _public data_.
但这不是要保守的秘密:这只是 _公钥_
The king knew that if `P` is a prime, numbers modulo `P` form a mathematical [field][10]: they can be added, multiplied, subtracted, and divided as long as the divisor is not zero.
国王知道,如果 `P` 是一个质数, 用 `P` 对数字取模,就形成了一个数学 [场][10]:在场中可以自由进行加、减、乘、除运算,当然,做除法运算时,除数不能为 0。
As a busy king, he used the PyPI [package `mod`][11], which implements modulus arithmetic.
国王日理万机,方便起见,他在做模运算时使用了 PyPI 中的 [`mod`][11] 模块,这个模块实现了各种模运算算法。
He made sure his terrible secret was less than `P`:
他确认过,自己的秘密比 `P` 要短:
```
`secret < P`[/code] [code]`TRUE`
```
And he converted it to its modulus `mod P`:
将秘密转换为 `P` 的模,`mod P`
```
`secret = mod.Mod(secret, P)`
```
In order to allow three offspring to reconstruct the secret, the king had to generate two more parts to mix together:
为了使任意三个孩子掌握的片段就可以重建这个秘密,他还得生成另外两个部分,并混杂到一起:
```
@ -95,9 +95,9 @@ len(polynomial)
[/code] [code]`3`
```
The king next needed to evaluate this [polynomial][12] at random points. Evaluating a polynomial is calculating `polynomial[0] + polynomial[1]*x + polynomial[2]*x**2 ...`
下一步就是在随机选择的点上计算某 [多项式][12] 的值,即计算 `polynomial[0] + polynomial[1]*x + polynomial[2]*x**2 ...`
While there are third-party modules to evaluate polynomials, they do not work with finite fields. The king needed to write the evaluation code himself:
虽然有第三方模块可以计算多项式的值,但那并不是针对有限域内的运算的,所以,国王还得亲自操刀,写出计算多项式的代码:
```
@ -110,7 +110,7 @@ def evaluate(coefficients, x):
    return acc
```
Next, the king evaluated the polynomial at five different points, to give one piece to each offspring:
再下一步,国王选择五个不同的点,计算多项式的值,并分别交给五个孩子,让他们各自保存一份:
```
@ -121,7 +121,7 @@ for i in range(5):
    shards[i] = (x, y)
```
Sadly, as the king feared, not all his offspring were honest and true. Two of them, shortly after his death, tried to figure out the terrible secret from the parts they had. Try as they could, they did not succeed. However, when the others learned this, they exiled them from the kingdom forever:
正如国王所虑,不是每个孩子都正直守信。其中有两个孩子,在他尸骨未寒的时候,就想从自己掌握的秘密片段中窥出些什么,但穷极所能,终无所获。另外三个孩子听说了这个事,合力将这两人永远驱逐:
```
@ -129,18 +129,18 @@ del shards[2]
del shards[3]
```
Twenty years later, as the king had decreed, the oldest sibling and the two youngest came together to figure out their father's terrible secret. They put together their shards:
二十年弹指一挥间,奉先王之命,三个孩子将合力恢复出先王的大秘密。他们将各自的秘密片段拼合在一起:
```
`retrieved = list(shards.values())`
```
For 40 days and 40 nights, they struggled with finding the king's secret. No easy task was it before them. Like the king, they knew Python, but none were as wise as he.
然后是 40 天没日没夜的苦干。这是个大工程,他们虽然都懂些 Python但都不如前国王精通。
Finally, the answer came to them.
最终,揭示结果的时刻到了。
The retrieval code is based on a concept called [lagrange interpolation][13]. It evaluates a polynomial at `0` based on its values in `n` other places, where `n` is the degree of the polynomial. The way it works is that you can explicitly find a formula for a polynomial that is `1` at `t[0]` and `0` at `t[i]` for `i` different from `0`. Since evaluating a polynomial is a linear function, you evaluate each of _these_ polynomials and interpolate the results of the evaluations with the values the polynomial has:
用于反算秘密的代码基于 [拉格朗日差值][13],它利用多项式在 `n` 个非 0 位置的值,来计算其在 `0` 处的值。前面的 `n` 指的是多项式的阶数。这个过程的原理是,可以为一个多项式找到一个显示方程,使其满足:其在 `t[0]` 处的值是 `1`,在 `i` 不为 `0` 的时候,其在 `t[i]` 处的值是 `0`。因多项式值的计算属于线性运算,需要计算 _这些_ 多项式各自的值,并使用多项式的值进行插值:
```
@ -160,31 +160,30 @@ def retrieve_original(secrets):
    return acc
```
It is no surprise this took them 40 days and 40 nights—this code is pretty complicated! But they ran it on the surviving shards, waiting with bated breath:
这代码是在太复杂了40 天能算出结果已经够快了。雪上加霜的是,他们只能利用五个秘密片段中的三个来完成这个运算,这让他们万分紧张:
```
`retrieved_secret = retrieve_original(retrieved)`
```
Did the children get the correct secret?
后事如何?
```
`retrieved_secret == secret`[/code] [code]`TRUE`
```
The beauty of math's magic is that it works reliably every time! The children, now older and able to understand their father's choices, used the terrible secret to defend the kingdom. The kingdom prospered and grew. 
数学这个魔术的优美之处就在于它每一次都是那么靠谱,无一例外。国王的孩子们,曾经的孩童,而今已是壮年,足以理解父皇的初衷,并以先辈的锦囊妙计保卫了国家,并得以繁荣昌盛!
### A modern story of Shamir's Secret Sharing
### 关于 Shamir 秘密共享算法的现代故事
In modern times, many of us are also burdened with a terrible secret: the master password to our password manager. While few people have one person they can trust completely with their deepest, darkest secrets, many can find a group of five where it is unlikely three will break their trust together.
现代,很多人都对类似的大秘密苦不堪言:密码管理器的主密码!几乎没有谁能有足够信任的人去完全托付自己最深的秘密,好消息是,找到至少有三个不会串通起来搞鬼的五人组不是个太困难的事。
Luckily, in these modern times, we do not need to split our secrets ourselves, as the king did. Through the modern technology of _open source_, we can use software that exists.
同样是在现代,比较幸运的是,我们不必再像国王那样自己动手分割要守护的秘密。拜现代 _开源_ 技术所赐,这都可以使用现成的软件完成。
Let's say you have five people you trust—not absolutely, but quite a bit: Your best friend, your spouse, your mom, a close colleague, and your lawyer.
假设你有五个不敢完全信任,但还可以有点信任的人:金、木、水、火、土。
You can install and run the program `ssss` to split the key:
安装并运行 `ssss` 分割密钥:
```
@ -198,25 +197,25 @@ Enter the secret, at most 128 ASCII characters: Using a 168 bit security level.
5-17da24ad63f7b704baed220839abb215f97d95f4f8
```
Ah, a strong, powerful, master password: `long legs travel fast`. Never can it be entrusted to a single soul, but you can send the five shards to your five guardians.
这确实是个非常牛的主密码:`long legs travel fast`,绝不能把它完整的托付给任何人!那就把五个片段分别交给还比较可靠的伙伴,金、木、水、火、土:
* You send `1` to your best friend, F.
* You send `2` to your spouse, S.
* You send `3` to your mom, M.
* You send `4` to your colleague, C.
* You send `5` to your lawyer, L.
* `1` 给金。
* `2` 给木。
* `3` 给水。
* `4` 给火。
* `5` 给土。
Now, say you go on a family vacation. For a month, you frolic on the warm sands of the beach. While you frolic, you touch not one electronic device. Soon enough, your powerful master password is forgotten.
然后,你开启你的惬意之旅,整整一个月,流连于海边温暖的沙滩,整整一个月,未接触任何电子设备。没用多久,把自己的主密码忘到了九霄云外。
Your loving spouse and your dear mother were with you on vacation. They kept their shards safe in their password manager—and they have forgotten _their passwords_.
木和水也在旅行中,你托付给他们保管的密钥片段保存的好好的,在他们各自的密码管理器中,但不幸的是,他们和你一样,也忘了自己的 _主密码_
This is fine.
没关系。
You contact your best friend, F, who gives you `1-797842b76d80771f04972feb31c66f3927e7183609`. Your colleague, who covered all your shifts, is glad to have you back and gives you `4-97c77a805cd3d3a30bff7841f3158ea841cd41a611`. Your lawyer charges you $150 per hour, goes into their password manager, and digs up `5-17da24ad63f7b704baed220839abb215f97d95f4f8`.
联系金,他保管的密钥片段是 `1-797842b76d80771f04972feb31c66f3927e7183609`;火,一直替你的班,很高兴你能尽快重返岗位,把自己掌握的片段给了你,`4-97c77a805cd3d3a30bff7841f3158ea841cd41a611`;土,收到你给的跑腿费才将自己保管的片段翻出来发给你,`5-17da24ad63f7b704baed220839abb215f97d95f4f8`。
With those three pieces, you run:
有了这三个密钥片段,运行:
```
@ -228,11 +227,11 @@ Share [3/3]: 5-17da24ad63f7b704baed220839abb215f97d95f4f8
Resulting secret: long legs travel fast
```
And so, with the technology of _open source_, you too can live like a king!
就这么简单,有了 _开源_ 技术加持,你也可以活的像国王一样滋润!
### Share safely for your safety
### 自己的安全不是自己一个人的事
Password management is an essential skill for today's online life. Create a complex password, of course, but don't stop there. Use the handy Shamir's Secret Sharing algorithm to safely share it with others.
密码管理是当今网络生活必备技能,当然要选择复杂的密码,来保证安全性,但这不是全部。来用 Shamir 秘密共享算法,和他人共同安全的存储你的密码吧。
--------------------------------------------------------------------------------
@ -240,7 +239,7 @@ via: https://opensource.com/article/20/6/python-passwords
作者:[Moshe Zadka][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[silentdawn-zz](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出