重复加密给定文件有多实用?
我目前正在尝试公钥和个人文件加密。我使用的程序分别具有 2048 位 RSA 和 256 位 AES 级别的加密。作为这方面的新手(我刚刚成为密码朋克大约一个月 - 并且对信息系统有点陌生)我不熟悉 RSA 算法,但这与这里无关。
我知道,除非某个秘密实验室或国家安全局项目碰巧拥有一台量子计算机,否则目前不可能暴力破解这些程序提供的安全级别,但我想知道对文件进行加密和加密会安全多少?再来一次。
简而言之,我想知道的是:
- 当我使用 256 位 AES 加密文件,然后再次加密已经加密的文件(再次使用 256)时,我现在是否拥有相当于 512 位 AES 的内容安全?这几乎是一个暴力方法可能必须测试的可能密钥数量是否为 2 x 2 的 256 次方或 2 的问题256 次方平方。悲观地说,我认为是前者,但我想知道 512-AES 是否真的可以通过简单地用 256-AES 加密两次来实现?
- 一旦文件被加密多次,以至于您必须继续使用不同的密钥或在每个加密级别不断输入密码,那么有人**会识别出他们是否已经通过了第一级加密吗?我在想,也许 - 如果一个人要多次加密一个文件,需要几个不同的密码 - 破解者将无法知道他们是否突破了第一级加密,因为他们所拥有的一切仍然是加密的文件。
下面是一个示例:
- 解密文件
- DKE$jptid UiWe
- oxfialehv u%uk
假装最后一个序列是破解者必须处理的内容 - 要暴力破解回到原始文件,他们必须得到结果一旦突破第一级加密(在破解下一级别的加密之前),它们仍然看起来是一个完全无用的文件(第二行)。这是否意味着任何尝试使用暴力破解的人都无法返回原始文件,因为他们可能仍然只能看到加密文件?
这基本上是处理同一件事的两个问题:一遍又一遍加密同一文件的效果。我在网上搜索过重复加密对确保文件安全有何影响,但除了在某处读到第一个问题的答案是否定的轶事之外,我没有发现任何与同一主题的第二次旋转有关的内容。我对最后一个问题特别好奇。
**假设他们以某种方式通过弱密码进行暴力破解 - 因为如果您知道如何制作安全的密码,那么现在这似乎是 256-AES 的技术可能性......
I'm currently experimenting with both public-key and personal file encryption. The programs I use have 2048 bit RSA and 256 bit AES level encryption respectively. As a newbie to this stuff (I've only been a cypherpunk for about a month now - and am a little new to information systems) I'm not familiar with RSA algorithms, but that's not relevant here.
I know that unless some secret lab or NSA program happens to have a quantum computer, it is currently impossible to brute force hack the level of security these programs provide, but I was wondering how much more secure it would be to encrypt a file over and over again.
In a nutshell, what I would like to know is this:
- When I encrypt a file using 256-bit AES, and then encrypt the already encrypted file once more (using 256 again), do I now have the equivalent of 512-bit AES security? This is pretty much a question of whether or not the the number of possible keys a brute force method would potentially have to test would be 2 x 2 to the 256th power or 2 to the 256th power squared. Being pessimistic, I think it is the former but I was wondering if 512-AES really is achievable by simply encrypting with 256-AES twice?
- Once a file is encrypted several times so that you must keep using different keys or keep putting in passwords at each level of encryption, would someone** even recognize if they have gotten through the first level of encryption? I was thinking that perhaps - if one were to encrypt a file several times requiring several different passwords - a cracker would not have any way of knowing if they have even broken through the first level of encryption since all they would have would still be an encrypted file.
Here's an example:
- Decrypted file
- DKE$jptid UiWe
- oxfialehv u%uk
Pretend for a moment that the last sequence is what a cracker had to work with - to brute-force their way back to the original file, the result they would have to get (prior to cracking through the next level of encryption) would still appear to be a totally useless file (the second line) once they break through the first level of encryption. Does this mean that anyone attempting to use brute-force would have no way of getting back to the original file since they presumably would still see nothing but encrypted files?
These are basically two questions that deal with the same thing: the effect of encrypting the same file over and over again. I have searched the web to find out what effect repeated encryption has on making a file secure, but aside from reading an anecdote somewhere that the answer to the first question is no, I have found nothing that pertains to the second spin on the same topic. I am especially curious about that last question.
**Assuming hypothetically that they somehow brute-forced their way through weak passwords - since this appears to be a technological possibility with 256-AES right now if you know how to make secure ones...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
一般来说,如果您使用 k 位 AES 加密文件,然后再次使用 k 位 AES 加密,则通过中间人攻击,您只能获得 (k+1) 位安全性,而不是 2k 位安全性。这同样适用于大多数类型的加密,例如 DES。 (请注意,由于这个原因,三重 DES 并不是简单的三轮加密。)
此外,使用方法 A 然后使用方法 B 加密文件不需要与单独使用方法 B 加密一样强大! (不过,除非方法 A 存在严重缺陷,否则这种情况很少发生。)相比之下,你保证至少与方法 A 一样强大。(鼓励记住该定理名称的任何人留下评论;我'忘记了。)
通常,选择一种尽可能强大的方法会更好。
对于第二个问题:是的,通过大多数方法,攻击者都会知道第一层已被破坏。
In general, if you encrypt a file with k-bit AES then again with k-bit AES, you only get (k+1) bits of security, rather than 2k bits of security, with a man-in-the-middle attack. The same holds for most types of encryption, like DES. (Note that triple-DES is not simply three rounds of encryption for this reason.)
Further, encrypting a file with method A and then with method B need not be even as strong as encrypting with method B alone! (This would rarely be the case unless method A is seriously flawed, though.) In contrast, you are guaranteed to be at least as strong as method A. (Anyone remembering the name of this theorem is encouraged to leave a comment; I've forgotten.)
Usually you're much better off simply choosing a single method as strong as possible.
For your second question: Yes, with most methods, an attacker would know that the first layer had been compromised.
这里有更多意见...
首先,当计算机足够强大,可以对 AES-256 进行暴力攻击时,它也将用于相同的迭代...双倍或三倍的时间或精力在以下情况下是微不足道的:那个水平。
接下来,根据您尝试在其中使用此加密的应用程序,此类考虑因素可能会无效...您需要携带的“秘密”会变得更大(迭代次数以及您将需要的所有不同密钥,如果实际上它们不同),加密和解密的时间也需要增加。
我的预感是迭代加密并没有多大帮助。该算法要么足够强大,足以维持暴力连接,要么就不够强大。剩下的就是保护按键了。
更实际地说,如果您的前门上有三把相同或相似的锁,您认为您的房子会受到更多保护吗? (其中包括供您随身携带的钥匙数量,不要丢失这些钥匙,确保窗户和后门也已固定......)
More an opinion here...
First, when computer are strong enough to do a brute-force attack on AES-256 for example, it will be also for iterations of the same... doubling or tripling the time or effort is insignificant at that level.
Next, such considerations can be void depending on the application you are trying to use this encryption in... The "secrets" you will need to carry become bigger (number of iterations and all the different keys you will need, if in fact they are different), the time to do the encryption and the decryption will also need to increase.
My hunch is that iterating the encryption does not help much. Either the algorithm is strong enough to sustain a brute-force attach or it is not. The rest is all in the protection of the keys.
More practically, do you think your house is more protected if you have three identical or similar locks on your front door ? (and that includes number of keys for you to carry around, don't loose those keys, make sure windows and back door are secured also...)
问题一:
对于 256 位密钥和 512 位密钥的两次传递,解空间的大小将相同,因为 2^(256+256) = 2^512
每个解密() 的实际运行时间可能随着密钥大小的增长非线性地增加(这取决于算法),在这种情况下,我认为暴力破解 256+256 会比 2^512 运行得更快,但仍然不可行。
问题2:
可能有一些方法可以识别某些密文。如果许多算法留下一些可用于识别的签名或工件,我不会感到惊讶。
Question 1:
The size of the solution space is going to be the same for two passes of the 256-bit key as the 512-bit key, since 2^(256+256) = 2^512
The actual running time of each decrypt() may increase non-linearly as the key-size grows (it would depend on the algorithm), in this case I think brute forcing the 256+256 would run faster than the 2^512, but would still be infeasible.
Question 2:
There are probably ways to identify certain ciphertext. I wouldn't be surprised if many algorithms leave some signature or artifacts that could be used for identification.