如何提高存储应用程序设置的加密效率?
我目前正在使用 RC4 算法来存储应用程序设置,当我观察输出时,它看起来很容易解码。以相同字母开头的字符串的输出看起来是相同的。
短字符串导致短输出,较长字符串产生较长输出。
然而,我正在寻找能够为短字符串产生更长输出的东西。
是否有另一种算法即使使用短字符串也会创建更多“加扰”输出?
我还想在输入中添加一些我可以轻松识别并在解码后删除的数据作为后缀或前缀,以在输出上创建更多随机性。
我已经使用下面显示的 Rijndael 创建了新代码,但它仍然受到同样缺乏输出变化的影响。我怀疑需要一些额外的参数来在输出、IV、块填充等方面创建更多变化。
unit testform;
{$mode objfpc}{$H+}
interface
uses
Classes, SysUtils, FileUtil, LResources, Forms, Controls, Graphics, Dialogs,
StdCtrls, DCPrijndael, DCPsha1;
type
{ TForm1 }
TForm1 = class(TForm)
edtKeyString: TEdit;
edtInputText: TEdit;
edtEncryptedText: TEdit;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
procedure edtInputTextChange(Sender: TObject);
private
{ private declarations }
public
{ public declarations }
end;
var
Form1: TForm1;
implementation
{ TForm1 }
procedure TForm1.edtInputTextChange(Sender: TObject);
var
Cipher: TDCP_rijndael;
begin
Cipher:= TDCP_rijndael.Create(Self);
Cipher.InitStr(edtKeyString.Text,TDCP_sha1);
edtEncryptedText.Text := Cipher.EncryptString(edtInputText.Text);
Cipher.Burn;
Cipher.Free;
end;
initialization
{$I testform.lrs}
end.
I am currently using the RC4 algorithm to store application settings and when I observe output it looks easily decodable. The output of strings which start with the same letters appear to be the same.
Short strings lead to short output and longer strings produce longer output.
However I am looking for something that will produce longer output for short strings.
Is there another algorithm that will create more 'scrambled' output even with short strings?
I also want to suffix or prefix the input with some data that I can easily recognize and strip out after decoding to create more randomness on the output.
I have created new code using Rijndael displayed below, but it still suffers from the same lack of variation in the output. I suspect there are some additional parameters required to create more variation in the output, IVs, block padding and all that.
unit testform;
{$mode objfpc}{$H+}
interface
uses
Classes, SysUtils, FileUtil, LResources, Forms, Controls, Graphics, Dialogs,
StdCtrls, DCPrijndael, DCPsha1;
type
{ TForm1 }
TForm1 = class(TForm)
edtKeyString: TEdit;
edtInputText: TEdit;
edtEncryptedText: TEdit;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
procedure edtInputTextChange(Sender: TObject);
private
{ private declarations }
public
{ public declarations }
end;
var
Form1: TForm1;
implementation
{ TForm1 }
procedure TForm1.edtInputTextChange(Sender: TObject);
var
Cipher: TDCP_rijndael;
begin
Cipher:= TDCP_rijndael.Create(Self);
Cipher.InitStr(edtKeyString.Text,TDCP_sha1);
edtEncryptedText.Text := Cipher.EncryptString(edtInputText.Text);
Cipher.Burn;
Cipher.Free;
end;
initialization
{$I testform.lrs}
end.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
RC4 是一种流密码。您可能想看看像 AES 这样的分组密码。不要忘记也使用填充,例如 PKCS7。
编辑:不要添加后缀/前缀数据以“创建更多随机性”。加密算法将为您执行此操作(除非它是一种损坏的算法,在这种情况下选择不同的算法)。充其量这是毫无意义的;最坏的情况是添加一个“婴儿床”,使某人更容易攻击您的加密。
RC4 is a stream cipher. You might want to look at a block cipher like AES. Don't forget to use padding, too, e.g. PKCS7.
EDIT: Do not add suffix/prefix data in order to "create more randomness". The encryption algorithm will do that for you (unless it's a broken algorithm, in which case choose a different one). At best this is pointless; at worst this is adding a "crib" that will make it easier for someone to attack your encryption.