为什么更改 Triple DES 密钥或初始值中的一位不会给出不同的加密数据？

发布于 2024-08-02 20:18:46 字数 1695 浏览 4 评论 0原文

我正在使用 pyDes 来加密一些数据。我想证明，如果您更改密钥或初始值中的哪怕一位，加密的数据都会完全不同。我将 16 字节密钥设置为将最后一个字符更改 +/- 1，导致至少有一位不同。然而，即使我这样做，加密数据的 3 个不同实例也并不完全不同。

from pyDes import *

data = 'Hello'

# CBC : Cipher-Block-Chaining
# \0..\1: arbitrary initial value for CBC
# pad=None: let pyDes take care of padding bytes
k1 = triple_des("16-byte-key-here", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)
k2 = triple_des("16-byte-key-herf", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)
k3 = triple_des("16-byte-key-herd", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)

d1 = k1.encrypt(data)
d2 = k2.encrypt(data)
d3 = k3.encrypt(data)

assert d1 != d2
assert d2 != d3
assert d1 != d3

如果我只对键或初始值进行很小的更改，其中一个断言似乎会失败；我看到 d1 != d2 和 d1 != d3 都失败了，具体取决于我所做的更改。我还尝试将 'Hello' 更改为 'Hello' * 50 以确保这不仅仅是输入数据太短的情况。

如果我制作完全随机的密钥，则断言就会通过。对于如上所示的程序，d1 != d3 失败（这些密钥相隔一位；k1-k2 相差 2 位）。

我绝不是加密专家，但如果两个密钥仅相差一位，就会产生相同的加密数据，那么这意味着暴力破解密钥所需的工作量会减少两倍，对吧？

我错过了一些明显的东西吗？ Triple DES 是否不应该为非常相似的密钥提供唯一的结果？或者这是 PyDes 中的一个错误？也许其他人可以在另一个实现中确认这种行为？

@Chris Jester-Young had the answer that some of the bits in the key are parity bits. And as it turns out, according to this article:

请注意，虽然 DES 的输入密钥长度为 64 位，但 DES 使用的实际密钥长度仅为 56 位。每个字节中最不重要（最右边）的位是奇偶校验位，应设置为每个字节中始终有奇数个 1。这些奇偶校验位将被忽略，因此仅使用每个字节的 7 个最高有效位，从而得到 56 位的密钥长度。 这意味着 Triple DES 的有效密钥强度实际上是 168 位，因为三个密钥中的每一个都包含 8 个在加密过程中未使用的奇偶校验位。

（重点是我的）

并且这些奇偶校验位是正是我在示例中更改的位。

谢谢克里斯！

原文

I'm using pyDes to encrypt some data. I wanted to demonstrate that if you change even one bit in the key or initial value, the encrypted data would be totally different. I set up the 16-byte key to change the last character by +/- 1, causing at least one bit to be different. However, even when I do that, the 3 different instances of encrypted data are not all different.

from pyDes import *

data = 'Hello'

# CBC : Cipher-Block-Chaining
# \0..\1: arbitrary initial value for CBC
# pad=None: let pyDes take care of padding bytes
k1 = triple_des("16-byte-key-here", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)
k2 = triple_des("16-byte-key-herf", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)
k3 = triple_des("16-byte-key-herd", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5)

d1 = k1.encrypt(data)
d2 = k2.encrypt(data)
d3 = k3.encrypt(data)

assert d1 != d2
assert d2 != d3
assert d1 != d3

One of the assertions seems to fail if I only make a small change to either the key or initial value; I have seen both d1 != d2 and d1 != d3 fail depending on what I change. I have also tried changing 'Hello' to 'Hello' * 50 to make sure it wasn't just a case of the input data being too short.

If I make totally random keys, the assertions pass. With the program as seen above, d1 != d3 fails (those keys are one bit apart; k1-k2 are 2 bits different).

I am by no means an encryption expert, but if two keys only one bit apart result in the same encrypted data, then that means the effort it takes to brute-force the key just went down by a factor of two, right?

Am I missing something obvious? Is Triple DES not supposed to give unique results for very similar keys? Or is this a bug in PyDes? Maybe someone else could confirm this behavior in another implementation?

@Chris Jester-Young had the answer that some of the bits in the key are parity bits. And as it turns out, according to this article:

Note that although the input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not used during the encryption process.

(emphasis was mine)

And those parity bits were exactly the bits I was changing in the example.

Thanks Chris!

分享到QQ

分享到微博