VB.NET Rijndael 托管加密或 AES 的安全性如何?
我正在使用稍微修改过的版本 this代码。创建任务关键型应用程序。将被加密的文件非常重要。这必须从头开始完成,因为还有一些其他事情必须随之完成。
这有多安全?破解这个加密是不可能的吧?
非常抱歉,这是一个工作链接。 http://www.codeproject.com /Articles/12092/Encrypt-Decrypt-Files-in-VB-NET-Using-Rijndael
Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
'*************************
'** Global Variables
'*************************
Dim strFileToEncrypt As String
Dim strFileToDecrypt As String
Dim strOutputEncrypt As String
Dim strOutputDecrypt As String
Dim fsInput As System.IO.FileStream
Dim fsOutput As System.IO.FileStream
'*************************
'** Create A Key
'*************************
Private Function CreateKey(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytKey(31). It will hold 256 bits.
Dim bytKey(31) As Byte
'Use For Next to put a specific size (256 bits) of
'bytResult into bytKey. The 0 To 31 will put the first 256 bits
'of 512 bits into bytKey.
For i As Integer = 0 To 31
bytKey(i) = bytResult(i)
Next
Return bytKey 'Return the key.
End Function
'*************************
'** Create An IV
'*************************
Private Function CreateIV(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytIV(15). It will hold 128 bits.
Dim bytIV(15) As Byte
'Use For Next to put a specific size (128 bits) of bytResult into bytIV.
'The 0 To 30 for bytKey used the first 256 bits of the hashed password.
'The 32 To 47 will put the next 128 bits into bytIV.
For i As Integer = 32 To 47
bytIV(i - 32) = bytResult(i)
Next
Return bytIV 'Return the IV.
End Function
加密和解密
'****************************
'** Encrypt/Decrypt File
'****************************
Private Enum CryptoAction
'Define the enumeration for CryptoAction.
ActionEncrypt = 1
ActionDecrypt = 2
End Enum
Private Sub EncryptOrDecryptFile(ByVal strInputFile As String, _
ByVal strOutputFile As String, _
ByVal bytKey() As Byte, _
ByVal bytIV() As Byte, _
ByVal Direction As CryptoAction)
Try 'In case of errors.
'Setup file streams to handle input and output.
fsInput = New System.IO.FileStream(strInputFile, FileMode.Open, _
FileAccess.Read)
fsOutput = New System.IO.FileStream(strOutputFile, _
FileMode.OpenOrCreate, _
FileAccess.Write)
fsOutput.SetLength(0) 'make sure fsOutput is empty
'Declare variables for encrypt/decrypt process.
Dim bytBuffer(4096) As Byte 'holds a block of bytes for processing
Dim lngBytesProcessed As Long = 0 'running count of bytes processed
Dim lngFileLength As Long = fsInput.Length 'the input file's length
Dim intBytesInCurrentBlock As Integer 'current bytes being processed
Dim csCryptoStream As CryptoStream
'Declare your CryptoServiceProvider.
Dim cspRijndael As New System.Security.Cryptography.RijndaelManaged
'Setup Progress Bar
pbStatus.Value = 0
pbStatus.Maximum = 100
'Determine if ecryption or decryption and setup CryptoStream.
Select Case Direction
Case CryptoAction.ActionEncrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateEncryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
Case CryptoAction.ActionDecrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateDecryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
End Select
'Use While to loop until all of the file is processed.
While lngBytesProcessed < lngFileLength
'Read file with the input filestream.
intBytesInCurrentBlock = fsInput.Read(bytBuffer, 0, 4096)
'Write output file with the cryptostream.
csCryptoStream.Write(bytBuffer, 0, intBytesInCurrentBlock)
'Update lngBytesProcessed
lngBytesProcessed = lngBytesProcessed + _
CLng(intBytesInCurrentBlock)
'Update Progress Bar
pbStatus.Value = CInt((lngBytesProcessed / lngFileLength) * 100)
End While
'Close FileStreams and CryptoStream.
csCryptoStream.Close()
fsInput.Close()
fsOutput.Close()
我已经粘贴了主要代码从那里到这里。
I am using a slightly modified version of this code. to create a mission critical application. That files that will be encrypted are very important. This has to be done from scratch because there are some other things that has to be done along with this.
How secure is this? Its impossible to crack this encryption right?
Am very sorry here is a working link. http://www.codeproject.com/Articles/12092/Encrypt-Decrypt-Files-in-VB-NET-Using-Rijndael
Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
'*************************
'** Global Variables
'*************************
Dim strFileToEncrypt As String
Dim strFileToDecrypt As String
Dim strOutputEncrypt As String
Dim strOutputDecrypt As String
Dim fsInput As System.IO.FileStream
Dim fsOutput As System.IO.FileStream
'*************************
'** Create A Key
'*************************
Private Function CreateKey(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytKey(31). It will hold 256 bits.
Dim bytKey(31) As Byte
'Use For Next to put a specific size (256 bits) of
'bytResult into bytKey. The 0 To 31 will put the first 256 bits
'of 512 bits into bytKey.
For i As Integer = 0 To 31
bytKey(i) = bytResult(i)
Next
Return bytKey 'Return the key.
End Function
'*************************
'** Create An IV
'*************************
Private Function CreateIV(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytIV(15). It will hold 128 bits.
Dim bytIV(15) As Byte
'Use For Next to put a specific size (128 bits) of bytResult into bytIV.
'The 0 To 30 for bytKey used the first 256 bits of the hashed password.
'The 32 To 47 will put the next 128 bits into bytIV.
For i As Integer = 32 To 47
bytIV(i - 32) = bytResult(i)
Next
Return bytIV 'Return the IV.
End Function
Encryption and Decryption
'****************************
'** Encrypt/Decrypt File
'****************************
Private Enum CryptoAction
'Define the enumeration for CryptoAction.
ActionEncrypt = 1
ActionDecrypt = 2
End Enum
Private Sub EncryptOrDecryptFile(ByVal strInputFile As String, _
ByVal strOutputFile As String, _
ByVal bytKey() As Byte, _
ByVal bytIV() As Byte, _
ByVal Direction As CryptoAction)
Try 'In case of errors.
'Setup file streams to handle input and output.
fsInput = New System.IO.FileStream(strInputFile, FileMode.Open, _
FileAccess.Read)
fsOutput = New System.IO.FileStream(strOutputFile, _
FileMode.OpenOrCreate, _
FileAccess.Write)
fsOutput.SetLength(0) 'make sure fsOutput is empty
'Declare variables for encrypt/decrypt process.
Dim bytBuffer(4096) As Byte 'holds a block of bytes for processing
Dim lngBytesProcessed As Long = 0 'running count of bytes processed
Dim lngFileLength As Long = fsInput.Length 'the input file's length
Dim intBytesInCurrentBlock As Integer 'current bytes being processed
Dim csCryptoStream As CryptoStream
'Declare your CryptoServiceProvider.
Dim cspRijndael As New System.Security.Cryptography.RijndaelManaged
'Setup Progress Bar
pbStatus.Value = 0
pbStatus.Maximum = 100
'Determine if ecryption or decryption and setup CryptoStream.
Select Case Direction
Case CryptoAction.ActionEncrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateEncryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
Case CryptoAction.ActionDecrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateDecryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
End Select
'Use While to loop until all of the file is processed.
While lngBytesProcessed < lngFileLength
'Read file with the input filestream.
intBytesInCurrentBlock = fsInput.Read(bytBuffer, 0, 4096)
'Write output file with the cryptostream.
csCryptoStream.Write(bytBuffer, 0, intBytesInCurrentBlock)
'Update lngBytesProcessed
lngBytesProcessed = lngBytesProcessed + _
CLng(intBytesInCurrentBlock)
'Update Progress Bar
pbStatus.Value = CInt((lngBytesProcessed / lngFileLength) * 100)
End While
'Close FileStreams and CryptoStream.
csCryptoStream.Close()
fsInput.Close()
fsOutput.Close()
I have pasted the main codes from there to here.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
正如所说,没有什么是不可能破解的,您只能遵循最佳实践,让任何潜在的攻击者尽可能地难以破解。
实际上,您链接到的代码不再被视为最先进的(如果曾经是)。它通过散列密码创建对称加密密钥。这很糟糕,因为密码通常不具有足够的熵来阻止基于字典的复杂攻击。此外,它不使用任何 salt 或等效项,因此非常简单用预先计算的表来攻击这个问题。
只要有可能,您就应该使用安全的 PRNG(伪随机数生成器)生成对称密钥。如果没有特别需要涉及密码,请不要这样做。如果绝对必须是密码,请使用 PKCS5 中的 PBKDF2 或类似的替代方案bcrypt 或 scrypt。
IV 还应始终从安全的 PRNG 生成,并且尽可能不要重复使用。也不需要从密码中派生它,如您链接的示例所示。
IV 是公共信息,这意味着您可以安全地发布它 - 但它必须保持不可预测和随机 - 否则您很容易受到一些 专用攻击,除非您使用的是经过身份验证的加密模式(例如 GCM)。
如果您不熟悉这些主题并且有疑问,我强烈建议您咨询专家。如果要保护的数据像您所说的那么重要,那么额外的钱应该花得值。如果您没有该领域的经验,那么您在手工制定自己的解决方案时很可能会忽略一些重要的事情。
As stated nothing is impossible to crack, you can only follow best practices to make it as hard as possible for any potential attacker.
Actually, the code you linked to is not regarded as state-of-the-art anymore (if it ever was). It creates the symmetric encryption key by hashing a password. This is bad because passwords generally don't possess enough entropy to thwart sophisticated attacks based on dictionaries. In addition, it doesn't use any salt or equivalent, so it's quite easy to attack this with precomputed tables.
Whenever you can, you should generate symmetric keys with a secure PRNG (pseudo-random number generator). If there's no particular need for involving passwords, don't do it. If it absolutely has to be passwords, use PBKDF2 from PKCS5 or alternatives like bcrypt or scrypt.
The IV should also always be generated from a secure PRNG, and never reused if possible. There's no need to derive it from the password, too, as is shown in the example you linked.
The IV is public information, that means you may safely publish it - but it is mandatory that it stays unpredictable and random - otherwise you are susceptible to some dedicated attacks unless you are using an Authenticated Encryption mode such as GCM.
If you are unfamiliar with these topics and in doubt, I would strongly recommend to consult specialists. If the data to be secured is as important as you say, the extra money should be well spent. If not experienced in the area, chances are just too high that you may overlook something important when hand-crafting your own solution.
没有什么是不可能的,尤其是当您使用弱 IV 或密钥时。然而,它在统计上微不足道,因此您应该能够在晚上睡个好觉。如果您问其他人是否使用此算法进行关键任务加密,答案绝对是肯定的。
Nothing is ever impossible, especially if you use a weak IV or key. However it's so statistically insignificant that you should be able to sleep well at night. If you're asking if other people use this algorithm for mission-critical encryption, the answer is most definitely yes.