当前位置: 文江博客话题详情

仅使用密码的加密示例...无盐。有效吗?

发布于 2024-11-01 15:20:22 字数 1046 浏览 0 评论 0原文

我一直在研究创建用于 .NET 应用程序的加密/解密类。我一次又一次地读到除了秘密密码之外还需要盐。今天我遇到了一种仅使用单个密码的加密/解密方法。该代码使用的加密方法是否有问题,因为它似乎没有使用盐?

Public Shared Function EncryptString(ByRef input As String, ByRef password As String) As String
  Dim RijndaelManagedObject As New RijndaelManaged
  Dim crypto As ICryptoTransform, MD5Obj As New MD5CryptoServiceProvider
  Dim EncryptedBytes As Byte()
  Dim HashedBytes As Byte() = New ASCIIEncoding().GetBytes(password)
  Dim PlainTextBytes As Byte() = New ASCIIEncoding().GetBytes(input)

  RijndaelManagedObject.BlockSize = 128
  RijndaelManagedObject.KeySize = 128
  RijndaelManagedObject.Mode = CipherMode.ECB
  RijndaelManagedObject.Padding = PaddingMode.Zeros
  RijndaelManagedObject.Key = MD5Obj.ComputeHash(HashedBytes)
  crypto = RijndaelManagedObject.CreateEncryptor()
  EncryptedBytes = crypto.TransformFinalBlock(PlainTextBytes, 0, PlainTextBytes.Length)

  If EncryptedBytes.Length > 0 Then
    Return Convert.ToBase64String(EncryptedBytes)
  Else
    Return String.Empty()
  End If
End Function
原文

I have been doing some research on creating an encryption/decryption class for use in .NET application. Time after time I read that a salt was needed in addition to the secret password. Today I have come across an encryption/decryption method that only makes use of a single password. Is there something wrong with the encryption methods used by this code as it does not seem make use of a salt?

Public Shared Function EncryptString(ByRef input As String, ByRef password As String) As String
  Dim RijndaelManagedObject As New RijndaelManaged
  Dim crypto As ICryptoTransform, MD5Obj As New MD5CryptoServiceProvider
  Dim EncryptedBytes As Byte()
  Dim HashedBytes As Byte() = New ASCIIEncoding().GetBytes(password)
  Dim PlainTextBytes As Byte() = New ASCIIEncoding().GetBytes(input)

  RijndaelManagedObject.BlockSize = 128
  RijndaelManagedObject.KeySize = 128
  RijndaelManagedObject.Mode = CipherMode.ECB
  RijndaelManagedObject.Padding = PaddingMode.Zeros
  RijndaelManagedObject.Key = MD5Obj.ComputeHash(HashedBytes)
  crypto = RijndaelManagedObject.CreateEncryptor()
  EncryptedBytes = crypto.TransformFinalBlock(PlainTextBytes, 0, PlainTextBytes.Length)

  If EncryptedBytes.Length > 0 Then
    Return Convert.ToBase64String(EncryptedBytes)
  Else
    Return String.Empty()
  End If
End Function

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

梦一生花开无言 2024-11-08 15:20:22

此代码有许多缺陷:

  1. 如果 inputpassword 不是 ASCII,则会发生静默降级。特别是非 ascii input 将无法正确解密。
  2. 您不会使用很多迭代,这意味着暴力破解真的很快。
  3. 与密码散列相比,缺少盐在这里更难被利用,因为散列不是直接已知的。但是,如果您使用已知的起始块(这在许多文件头中很常见)加密文件,那么就可以为这种格式构建彩虹表。但与往常一样,如果您只是尝试破解单个文件/哈希,彩虹表不会为您带来任何好处。只有当您需要破解以相同方式使用的许多不同密码时,它们才会受益。
  4. 不推荐使用 ECB 模式,因为它单独加密每个块。这使得 3) 的问题变得更糟,因为您只需要知道任何块的明文即可构建表。特别是最后一个块通常具有较低的熵。我预计每 16 组数据中只有 8 位熵。哎哟。
  5. 我不确定 PaddingMode.Zeros 是如何工作的。但由于填充的长度未编码,因此可能无法去除填充。所以解密后你可能会得到一些额外的0字节。

电子密码本(ECB)模式单独加密每个块。同一消息中的任何相同的明文块,或者使用相同密钥加密的不同消息中的任何明文块都将转换为相同的密文块。重要提示:不建议使用此模式,因为它为多种安全漏洞打开了大门。如果待加密的明文包含大量重复,则一次破解密文是可行的。还可以使用块分析来确定加密密钥。此外,主动对手可以在不被发现的情况下替换和交换单个块,这使得块可以在其他点保存并插入到流中而不被发现。

This code has a number of flaws:

  1. If input or password are not ASCII a silent degradation occurs. In particular non ascii input won't be decrypted correctly.
  2. You don't use many iterations, this means that brute-forcing if really fast.
  3. The lack of salt is harder to expoit here than with password hashes since the hash is not directly known. But if you encrypt files with a known beginning block(which is common with many file headers) then one could build a rainbow table for this one format. But as always rainbow tables don't gain you anything if you just try to crack a single file/hash. They only gain if you need to crack many different passwords used in the same way.
  4. The ECB mode isn't recommended, since it encrypts each block separately. This makes the problem of 3) much worse, since you just need to know the plaintext of any block to build a table. In particular the last block usually has low entropy. I'd expect every 16th set of data to have only 8 bits of entropy in it. Ouch.
  5. I'm not sure how PaddingMode.Zeros works. But it might not be possible to strip the padding since its length isn't encoded. So you might have some additional 0 bytes after decrypting.

The Electronic Codebook (ECB) mode encrypts each block individually. Any blocks of plain text that are identical and in the same message, or that are in a different message encrypted with the same key, will be transformed into identical cipher text blocks. Important: This mode is not recommended because it opens the door for multiple security exploits. If the plain text to be encrypted contains substantial repetition, it is feasible for the cipher text to be broken one block at a time. It is also possible to use block analysis to determine the encryption key. Also, an active adversary can substitute and exchange individual blocks without detection, which allows blocks to be saved and inserted into the stream at other points without detection.

回复 原文
我偏爱纯白色 2024-11-08 15:20:22

不,这没有什么问题。

对密码加盐是为了在存储这些哈希密码时防止彩虹表攻击。在这种情况下,密码将用于生成加密/解密密钥,并且不会被存储。

No, there's nothing wrong with this.

Salting passwords is to prevent rainbow table attacks when you store those hashed passwords. In this case the password is being used to generate an encryption / decryption key and is not being stored.

回复 原文
~没有更多了~

关于作者

予囚

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文