密码、Salt 和 IV，我需要所有这些吗? [英] Passphrase, Salt and IV, do I need all of these?

问题描述

如果我使用 Rijndael CBC 模式，我不知道为什么我们需要盐.我的理解是，即使人们知道密码，但没有IV，他也无法获取数据.所以在我看来，password + IV 似乎足够安全了.

If I am using Rijndael CBC mode, I have no idea why we would need salt. My understanding is even if people know the password, but he cannot get the data without IV. So from my perspective, password + IV seem to be sufficent secure.

我有什么问题吗?

推荐答案

是的，您需要所有这些东西.

Yes, you need all of these things.

盐(和迭代计数")用于从密码中派生出密钥.有关详细信息，请参阅 PKCS #5.用于密钥派生的盐和迭代计数不必是秘密的.然而，盐应该是不可预测的，最好随机选择.

Salt (and an "iteration count") is used to derive a key from the password. Refer to PKCS #5 for more information. The salt and iteration count used for key derivation do not have to be secret. The salt should be unpredictable, however, and is best chosen randomly.

CBC 模式需要一个初始化向量.这是由加密随机数生成器为每条消息生成的随机数据块.它用作密文的虚拟初始块.与密钥推导盐一样，它不必保密，通常与密文一起传输.

CBC mode requires an initialization vector. This is a block of random data produced for each message by a cryptographic random number generator. It serves as the dummy initial block of ciphertext. Like the key-derivation salt, it doesn't have to be kept secret, and is usually transmitted along with the cipher text.

密码和由此派生的密钥必须保密.即使攻击者有密钥推导和加密的参数和密文，没有密钥他也无能为力.

The password, and keys derived from it, must be kept secret. Even if an attacker has the parameters for key derivation and encryption, and the ciphertext, he can do nothing without the key.

更新:

密码不是随机选择的；一些密码比其他密码更有可能.因此，攻击者不是生成给定长度的所有可能密码(穷举暴力搜索)，而是维护一个密码列表，按概率递减排序.

Passwords aren't selected randomly; some passwords are much more likely than others. Therefore, rather than generating all possible passwords of a given length (exhaustive brute-force search), attackers maintain a list of passwords, ordered by decreasing probability.

从密码推导加密密钥的速度相对较慢(由于密钥推导算法的迭代).为数百万个密码派生密钥可能需要数月时间.这将促使攻击者从他最有可能的密码列表中派生一次密钥，并存储结果.有了这样的列表，他就可以快速尝试用列表中的每个密钥进行解密，而无需花费数月的计算时间再次推导出密钥.

Deriving an encryption key from a password is relatively slow (due to the iteration of the key derivation algorithm). Deriving keys for a few million passwords could take months. This would motivate an attacker to derive the keys from his most-likely-password list once, and store the results. With such a list, he can quickly try to decrypt with each key in his list, rather than spending months of compute time to derive keys again.

然而，每一位盐都会使存储派生密钥所需的空间加倍，以及为每个可能的密码派生密钥所需的时间.几个字节的盐，很快就无法创建和存储这样的列表.

However, each bit of salt doubles the space required to store the derived key, and the time it takes to derive keys for each of his likely passwords. A few bytes of salt, and it quickly becomes infeasible to create and store such a list.

盐是防止预计算攻击所必需的.

Salt is necessary to prevent pre-computation attacks.

IV(或带有计数器模式的随机数)使相同的纯文本产生不同的密文.这可以防止攻击者利用纯文本中的模式从一组加密消息中获取信息.

An IV (or nonce with counter modes) makes the same plain text produce different cipher texts. The prevents an attacker from exploiting patterns in the plain text to garner information from a set of encrypted messages.

需要一个初始化向量来隐藏消息中的模式.

An initialization vector is necessary to hide patterns in messages.

一个用于增强密钥的安全性，另一个用于增强使用该密钥加密的每条消息的安全性.两者都是必要的.

One serves to enhance the security of the key, the other enhances the security of each message encrypted with that key. Both are necessary together.

这篇关于密码、Salt 和 IV，我需要所有这些吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！