当前位置: 文江博客 话题详情

如何修复无效的参数组合?

发布于 2025-02-07 11:16:52 字数 934 浏览 1 评论 0 原文

我有以下函数调用 scrypt()来自 hashlib 使用Python 3.7.9:

def aes_encrypt(msg, passwordStr):
    kdfSalt = urandom(16) # 16 bytes == 128 bits
    hashedKey = scrypt(passwordStr.encode(),salt=kdfSalt,n=16384,r=16,p=1, dklen=64) # 64 octets = 512 bits

当该代码运行时,我会收到错误:

  File "aes_scrypt_hmac.py", line 69, in <module>
    main()
  File "aes_scrypt_hmac.py", line 38, in main
    print(aes_encrypt(sampleData,testPassword))
  File "aes_scrypt_hmac.py", line 18, in aes_encrypt
    hashedKey = scrypt(passwordStr.encode(),salt=kdfSalt,n=16384,r=16,p=1, dklen=64) 
ValueError: Invalid parameter combination for n, r, p, maxmem.

我已经阅读 MaxMem 在文档中未提及的特定要求(例如 0 是什么意思?以及RFC中的测量单位是什么)。

原文

I have the following function call to scrypt() from hashlib using Python 3.7.9:

def aes_encrypt(msg, passwordStr):
    kdfSalt = urandom(16) # 16 bytes == 128 bits
    hashedKey = scrypt(passwordStr.encode(),salt=kdfSalt,n=16384,r=16,p=1, dklen=64) # 64 octets = 512 bits

When this code runs, I get the error:

  File "aes_scrypt_hmac.py", line 69, in <module>
    main()
  File "aes_scrypt_hmac.py", line 38, in main
    print(aes_encrypt(sampleData,testPassword))
  File "aes_scrypt_hmac.py", line 18, in aes_encrypt
    hashedKey = scrypt(passwordStr.encode(),salt=kdfSalt,n=16384,r=16,p=1, dklen=64) 
ValueError: Invalid parameter combination for n, r, p, maxmem.

I have read the documentation for scrypt, and it does not specify the expectations for the parameters; though it does link to the RFC and these params seem valid. maxmem's specific requirement is not mentioned in the documentation (e.g. what does 0 mean? And what the unit of measurement is) or in the RFC.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

溺深海 2025-02-14 11:16:52

我必须承认,我不确定您打算使用哪种API。根据Scrypt的Python软件包,API为 genterpt 解密 hash ,您正在使用我找不到的东西。

您的方法被命名为加密,但是该变量被称为 hashedkey ,因此我不确定您是否在哈希或加密,这些显然是不同的。

但是,这些参考可能会有所帮助。

https://github.com/holgern/py-scrypt/blob/master/scrypt/scrypt/scrypt.py”

def hash(password, salt, N=1 << 14, r=8, p=1, buflen=64):
    """
    Compute scrypt(password, salt, N, r, p, buflen).
    The parameters r, p, and buflen must satisfy r * p < 2^30 and
    buflen <= (2^32 - 1) * 32. The parameter N must be a power of 2
    greater than 1. N, r and p must all be positive.
    Notes for Python 2:
      - `password` and `salt` must be str instances
      - The result will be a str instance
    Notes for Python 3:
      - `password` and `salt` can be both str and bytes. If they are str
        instances, they wil be encoded with utf-8.
      - The result will be a bytes instance
    Exceptions raised:
      - TypeError on invalid input
      - scrypt.error if scrypt failed
    """

scrypt 软件包的脚本,一切都对我有用:

import scrypt
import os

def aes_encrypt(pwd):
    kdfSalt = os.urandom(16) # 16 bytes == 128 bits
    return scrypt.hash(pwd.encode(), salt=kdfSalt, N=16384, r=16, p=1, buflen=64)

GO的Scrypt软件包手册

键从密码,盐和成本参数派生,返回一个可以用作加密密钥的字节片。

n是CPU/内存成本参数,必须是大于1。R和P的功率。R和P必须满足R * P&lt; 2³⁰。如果参数不满足限制,则该函数将返回一个nil字节切片和错误。

例如,您可以通过执行:

来获取EG AES-256(需要32字节键)的派生密钥 

dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)

截至2017年,交互式登录的推荐参数为n = 32768,r = 8和p = 1。随着记忆潜伏期和CPU并行性的增加,应增加参数N,R和P。考虑将N设置为2的最高功率,您可以在100毫秒内得出。记住要获得良好的随机盐。

I have to admit I'm not sure which API you plan on using. According to scrypt's python package, the APIs are encrypt, decrypt and hash, and you are using something I can't find.

Your method is named encrypt, but the variable is called hashedKey, so I'm not sure if you are hashing or encrypting, and those are obviously different.

However, these references might help.

scrypt's python package implementation:

def hash(password, salt, N=1 << 14, r=8, p=1, buflen=64):
    """
    Compute scrypt(password, salt, N, r, p, buflen).
    The parameters r, p, and buflen must satisfy r * p < 2^30 and
    buflen <= (2^32 - 1) * 32. The parameter N must be a power of 2
    greater than 1. N, r and p must all be positive.
    Notes for Python 2:
      - `password` and `salt` must be str instances
      - The result will be a str instance
    Notes for Python 3:
      - `password` and `salt` can be both str and bytes. If they are str
        instances, they wil be encoded with utf-8.
      - The result will be a bytes instance
    Exceptions raised:
      - TypeError on invalid input
      - scrypt.error if scrypt failed
    """

When I run the following script using Python3 and the PyPi scrypt package, everything works for me:

import scrypt
import os

def aes_encrypt(pwd):
    kdfSalt = os.urandom(16) # 16 bytes == 128 bits
    return scrypt.hash(pwd.encode(), salt=kdfSalt, N=16384, r=16, p=1, buflen=64)

Go's scrypt package manual:

Key derives a key from the password, salt, and cost parameters, returning a byte slice of length keyLen that can be used as cryptographic key.

N is a CPU/memory cost parameter, which must be a power of two greater than 1. r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the limits, the function returns a nil byte slice and an error.

For example, you can get a derived key for e.g. AES-256 (which needs a 32-byte key) by doing:

dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)

The recommended parameters for interactive logins as of 2017 are N=32768, r=8 and p=1. The parameters N, r, and p should be increased as memory latency and CPU parallelism increases; consider setting N to the highest power of 2 you can derive within 100 milliseconds. Remember to get a good random salt.

回复 原文
~没有更多了~

关于作者

盛装女皇

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文