为什么每次浏览器加载时CryptoJS都会产生不同的价值 [英] Why CryptoJS produced different value every time the browser loads
问题描述
以下代码通过脚本标签在网页上运行。每次加载页面或在浏览器控制台中运行代码时,我都会得到不同的值...
var key = 'key-123:456';
var uid = 1234567890;
var crypto = CryptoJS.AES.encrypt(id,key);
crypto.toString();
无论加载多少次,如何为单个ID设置单个加密值页面或在控制台中运行代码?
AES是一种块密码,这意味着它可以确定地对从明文到密文的固定长度块进行操作(反之亦然)。反之亦然。但是,通常(通常是首选)使用 )使用哈希,给定的输入 A 始终会哈希到相同的哈希值 H ,因此您可以比较 Hash(A)==哈希(B)以查看 A == B 。 (这不是一个完美的比较,因为哈希具有无限的输入空间和有限的输出空间,但是经过精心设计的哈希使得非常,很难找到两个产生相同输出的输入。)这是网站安全存储密码的方式:服务存储 Hash(password)而不是密码本身,然后当用户提交密码条目时,站点将比较哈希(输入)和 Hash(password)来查看输入是否正确。
var hash = CryptoJS.SHA3(message);
但是,如果确实需要将转换后的值转换回纯文本,而不仅仅是将其与另一个哈希值,则需要加密。在这种情况下,您可以使用密码劣等的ECB模式,该模式具有上述缺点。在CryptoJS中,您可以通过为选项对象提供 mode 属性来实现:
CryptoJS.AES.encrypt(msg,key,{mode:CryptoJS.mode.ECB});
Following code is run on a web page via script tag. Every time I load the page or run the code in the browser console - I am getting different value...
var key = 'key-123:456';
var uid = 1234567890;
var encrypted = CryptoJS.AES.encrypt(id, key);
encrypted.toString();
How can I have single "encrypted value"for "single id" regardless of how many times I load the page or run the code in console?
AES is a "block" cipher, which means it operates deterministically on fixed-length blocks from plaintext to ciphertext (and vice versa). However, it's typical (and generally preferred) to use a "mode of operation" that adds non-determinism to the encryption process. For example, CBC mode (which CryptoJS uses by default) XORs a random initialization vector with the plaintext before encrypting it (and, correspondingly, after decrypting it):
This is vastly preferred because otherwise an eavesdropper can detect duplicate blocks, which might allow an attacker to eventually understand what is being communicated -- undoing the entire point of your encryption.
However, it sounds like you want your encryption to have this specific weakness, which suggests to me that maybe you don't really want encryption at all. Instead, you might want a hash, which is a deterministic one-way transformation. (CryptoJS supports several hashes.) With a hash, a given input A will always hash to the same hash value H, so you can compare Hash(A) == Hash(B) to see if A == B. (This isn't a perfect comparison, since hashes have an infinite input space and finite output space, but hashes are deliberately designed so that it's very, very difficult to find two inputs that produce the same output.) This is how websites securely store your password: the service stores Hash(password) instead of password itself, then when a user submits a password entry, the sites compares Hash(entry) and Hash(password) to see if the entry is correct.
var hash = CryptoJS.SHA3(message);
However, if you really do need to reverse the transformed value back into plaintext and not just compare it to another hashed value, then you do need encryption. In that case, you can use the cryptographically inferior ECB mode, which has the weaknesses described above. In CryptoJS, you can do this by supplying an options object with a mode property:
CryptoJS.AES.encrypt(msg, key, { mode: CryptoJS.mode.ECB });
这篇关于为什么每次浏览器加载时CryptoJS都会产生不同的价值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
