如何查看解密是否成功?
当使用openssl库中的blowfish算法时,可以加密和解密任何数据。
此外,任何数据都可以使用任何密钥进行加密(解密)。 openssl 中没有办法判断解密是否成功。这只是一些数学变换。
那么,我应该怎么做才能确保加密成功:某些数据是使用与加密相同的密钥/iv 进行解密的?
我是否应该在解密后应检查的数据前面添加一些 MAGIC 字节?
When using blowfish algorithm from openssl library, one can encrypt and decrypt any data.
Furthermore any data can be encrypted (decrypted) with any key\iv. There is no way in openssl to tell whether decryption was successful or not. It's just some mathematical transformation.
So, what should I do to be sure that encryption was successful: that some data was decrypted with same key/iv which it was encrypted?
Should I add some MAGIC bytes in front of data that should be checked after decryption?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您可以在文件末尾添加校验和(例如原始内容的 MD5)。解密后,最后 16 个字节必须再次等于 md5(content-16 bytes)
You can add a checksum (for instance, MD5 of the original content) at the end of the file. After you decrypt it, the last 16 bytes must again be equal to md5(content-16 bytes)
在许多可能的解决方案中,也许可以考虑使用 CRC。
Of the many possible solutions, maybe consider using a CRC.
我认为数据末尾的校验和方法是最好的,但是它需要您解密整个内容直到最后。
从这个角度来看,开头的魔术字节将是一个优势,因为您可以决定在第一个块解密是否成功。然而,有人可能会认为,通过检查源代码,攻击者可能具有优势(部分已知的明文场景)。
所以我所做的(最终在一个高效的软件中)是使用密钥本身作为第一个块(而不是使用常量或可预测的魔术字节)。这会为攻击者带来以下额外知识:
我没有找到证据表明,如果您使用 AES,这对于攻击者来说是有用的提示。也许有人对此了解更多。
the checksum method at the end of the data is best I think, however it needs you to decrypt the entire content up to the end.
from this point of view, magic bytes at the beginning would be an advantage, because you can decide if decryption was successful at the very first block. however, one could argue that by inspection of your sourcecode, an attacker has a possible advantage (partially known plaintext scenario).
so what I did (finally within a productive software) was using the key itself for the first block (instead of using constant or predictable magic bytes). this results in the following additional knowledge for an attacker:
I didn't find a proof that this would be a useful hint for an attacker if you use e.g. AES. maybe someone knows more to this.
魔术字节、校验和和加密的加密密钥都使暴力攻击变得更加容易,因为攻击者只需要运行 2ˆ256 种可能性,他可以通过解密运行消息并在解密数据中查找魔术或校验和或密钥。
如果他没有什么可寻找的,那么他就很难打破它,这意味着他可能会打破它而永远不会意识到。
Magic bytes, checksums and encrypted encryption key all makes brute force attacks much easier as the attacker then only need to run through the 2ˆ256 possibilities where he can run the message through decrypt and look for that magic or the checksum or the key inside the decrypted data.
It is much harder for him to break it if he has nothing to look for, meaning that he may break it and never realize it.