时间:2019-03-17 标签:c#bytearraysize
我正在使用由某人编写的 dll 进行加密(des)。Dll 包括加密、解密类,并且该类包括方法。Des 需要 8 字节(64 位)密钥。我描述了密钥的字符串。(一个字符是一个byte)。然后对字节进行编码。
string keyText= "abcdefghsdsdfsdfsdf";
UTF8Encoding encoding = new UTF8Encoding();
byte[] keyfile = new byte[8];
keyfile = UTF8Encoding.UTF8.GetBytes(keyValue);
上面的方式,即使我描述了字节数组的大小8,字节数组的大小溢出,它是字符串值的长度。
任何建议。 谢谢。
I'm using dll for cryptography(des) which written by someone.Dll includes encrypt,decyrpt class,and that classes includes methods.Des required 8 bytes(64 bit) key.I describes a string for key.(a character is one byte).And then encoding bytes.
string keyText= "abcdefghsdsdfsdfsdf";
UTF8Encoding encoding = new UTF8Encoding();
byte[] keyfile = new byte[8];
keyfile = UTF8Encoding.UTF8.GetBytes(keyValue);
above way,even though i described size of byte array 8,size of byte array overflow,it s been length of string value.
Any suggestion.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
要正确执行此操作,请查看 PasswordDeriveBytes 类,然后选择其中一个重载方法。
是的,您必须选择一个盐,但这可以是程序中包含的固定值。盐不必保密。
并回答技术问题,而不是安全相关问题:
此代码创建 2 数组。第一个是 8 个字节,但它立即被丢弃。
GetBytes()创建一个新的字节,其大小由其确定。您需要对该数组进行哈希处理,然后可以选择哈希值的前 8 个,这就是 PasswordDeriveBytes 为您所做的。To do it correctly, look at the PasswordDeriveBytes Class, and pick one of the overloaded methods.
Yes, you'll have to pick a Salt but that can be a fixed value baked into your program. A Salt does not have to be kept secret.
And to answer the technical, not security related question:
This code creates 2 arrays. The first one is 8 bytes but it is immediately discarded.
GetBytes()creates a new one with a size it determines. You need to hash that array and then you can pick the first 8 of the hash, which is what PasswordDeriveBytes does for you.将密钥文件初始化为空字节数组是没有意义的。 GetBytes 返回一个新的字节数组来替换最初的字节数组,并且它将根据需要编码整个输入。
为了获得八个字节的编码,为什么不只提供前八个字符呢?它们都是 ASCII,因此它们每个占用一个字节:
更重要的是,如果您使用 keyText 作为密码来合成加密密钥,这是一个非常糟糕的主意。您只需丢弃前八个字符之后的所有密码字符即可。相反,使用某种形式的加密哈希将密码转换为密钥。我刚刚注意到 Henk Holterman 的答案 指向一个合适的 API。
There is no point in initializing keyfile to an empty byte array. GetBytes returns a new byte array that replaces the initial one, and it will be as large as necessary to encode the entire input.
To get just eight bytes of the encoding, why don't you just supply the first eight characters? They are all ASCII, so they'll occupy one byte each:
More to the point, if you are using keyText as a password to synthesise a encryption key, this is a really bad idea. You are simply discarding any password characters after the first eight. Instead, use some form of cryptographic hash to convert passwords into keys. I just noticed Henk Holterman's answer points to an appropriate API.
您创建了一个包含 7 个项目(不是 8 个)的数组,但您根本没有使用该数组。
GetBytes方法返回一个新数组,并将该数组的引用放入变量中,将创建的数组留给垃圾收集器。如果要获取数组的前 8 个字节,请复制内容而不是替换数组:
You have created an array with 7 items (not 8), but you are not using that array at all. The
GetBytesmethod returns a new array, and you put the reference of that array in the variable, leaving the array that you created to the garbage collector.If you want to get the first 8 bytes of an array, copy the contents instead of replacing the array: