对称整数到整数加密
我需要一些关于如何将一个 int 加密为另一个 int 的实际示例,并且需要一个密钥来解密该值。
类似这样的:
encrypt(1, "secret key") == 67123571122
decrypt(67123571122, "secret key") == 1
这个人问了几乎相同的问题:整数的对称双射算法< br> 然而我是一个完全加密的“n00b”,我想要一些更实际的例子,如果可能的话,用Python。
我知道我需要使用某种块密码,但是我对保持加密结果仍然是数字并且有点短(可能是长而不是整数)的部分感到非常迷失
任何指针?谢谢
更新- 我为什么要这样做?
我有一个网络服务,其中每个“对象”都有一个 URL,例如: example.com/thing/123456/
现在,这些 ID 是连续的。我想隐藏它们是连续的(数据库 ID)这一事实。
这些页面上的内容不是“绝密”或类似的内容,但对于某人来说,窥探其他随机对象并不像仅仅增加 URL 中的 ID 那样容易。
因此,通过某种双向数字加密,URL ID 根本不会是连续的,并且需要花费相当多的时间才能找到更多这些对象。 (此外,请求受到限制)
我想要保留这个数字而不是任意字符串的唯一原因是这样的更改是完全的直接替换,并且无需任何其他代码更改即可正常工作。
另外,我不能只是生成新的随机数据库 ID。我必须在应用程序中处理此加密/解密。
I need some pointers or a practical example on how to encrypt an int to another int, and a secret key would be required to decrypt the value.
Something like:
encrypt(1, "secret key") == 67123571122
decrypt(67123571122, "secret key") == 1
This guy asks pretty much the same question: Symmetric Bijective Algorithm for Integers
however me being a total encryption "n00b" I would like some more practical examples, in python if possible.
I understand I need to use some kind of block cipher, but I'm pretty lost on the part about keeping the encrypted result still be numeric and somewhat short (maybe a long instead of an int)
Any pointers? Thanks
UPDATE-
Why do I want to do this?
I have a web service where each "object" gets a URL, e.g.:example.com/thing/123456/
Right now, those IDs are sequential. I want to hide the fact that they're sequential (database IDs).
The stuff on those pages is not "top secret" or anything like that, but it shouldn't be as easy for someone to snoop in some other random' object as just incrementing that ID in the URL.
So with some kind of two-way numeric encryption, the URL IDs will not be sequential at all, and it would take someone quite a bit of time to find more of these objects. (Additionally, requests are throttled)
And the only reason I want to keep this numeric instead of an arbitrary string is so that the change is a total drop-in replacement, and things will just work without any other code changes.
Also, I can't just generate new random database IDs. I have to handle this encrypt/decrypt in the application.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这取决于您想要的加密安全程度。对于不太安全的情况(在加密意义上 - 如果您并不真正期望受到严重攻击,则可能适合日常使用),那么使用固定密钥的异或将起作用。请注意,它很容易受到一些相当基本的密码分析的影响。
如果您想要真正的加密,您可能必须使用像 RC4 这样的流密码。您可以获取 32 位密钥流并将其与您的值进行异或以对其进行加密。只要您为每个值获取新的 32 位密钥流,就可以了。
然而,RC4 有一些警告,因此请先阅读它。
在这种情况下,分组密码不会成为您的朋友,因为它们的块大小都是 64 位或更多。这意味着您需要将 32 位整数填充为 64 位,然后您将得到 64 位……但您无法选择保留哪一个 32 位。你将无法仅用一半的位来解密它。如果您愿意转向长整型,那么您可以使用 3DES 或 Blowfish。
这完全取决于您要加密的内容以及加密的原因,因此很难给出明确的答案。我希望这至少能让您知道从哪里开始。
It depends how cryptographically secure you want to be. For not-very-secure (in the crypto sense - probably fine for everyday use if you don't really expect serious attack) then XOR with a fixed secret key will work. Just be aware that it will be vulnerable to some fairly basic cryptanalysis.
If you want real encryption, you'll probably have to use a stream cipher like RC4. You can grab 32 bits of keystream and XOR it with your value to encrypt it. As long as you get a new 32 bits of keystream for each value you'll be fine.
RC4 has some caveats, however, so read up on it first.
Block ciphers will not be your friend in this case as they all have block sizes of 64 bits or more. This means you need to pad your 32 bit integer to 64 bits and you'll get 64 bits back out...but you can't choose which 32 to keep. You won't be able to decrypt it with only half the bits. If you're happy to move to longs then you can use 3DES or Blowfish.
It all depends on exactly what you are encrypting and why, so it's hard to give a definitive answer. I hope this gives an idea of where to start, at least.
您可以查看这篇论文: 带小块的完美分组密码和幻灯片在 FSE 2007 会议上的演讲。
本文解释了如何随机选择 n 个元素的排列(例如 0 到 n-1 之间的整数),这可以被视为这组 n 个元素的密码。
You may look at this paper: Perfect Block Ciphers with Small Blocks and the slides of the presentation at the FSE 2007 conference.
The paper explains how to randomly select a permutation of n elements (e.g. the integer between 0 and n-1) which can be viewed as a cipher for this set of n elements.
我对该问题发布的答案也适用于您的问题:使用短分组密码。假设您的标识符是 64 位,事实上,您可以简单地按原样使用 XTEA 密码,以64位整数作为数据块。
The answer I posted to that question applies to yours as well: use a short block cipher. Assuming your identifiers are 64 bits, in fact, you can simply use the XTEA cipher as-is, with a 64 bit integer as the data block.
您只想加密一个“int”,即 32/64 位数字?
那么最简单的方法就是将其与 32/64 位密钥进行异或。
You want to encrypt just a single 'int' ie q 32/64 bit number?
Then the easiest way is to just XOR it with a 32/64bit secret key.
简单的异或不能称为加密。混淆是一个更合适的词。
我开发了一种紧凑、快速且安全的算法,我称之为 Ayden。它位于公共领域,可以从 Github 下载 。希望它有用。
Simple XOR cannot be called encryption. Obfuscation is a more appropriate word for it.
I have developed a compact, fast and hopefully secure algorithm that I call it Ayden. It is on public domain and can be downloaded from Github. Hope it is useful.