为什么在 Triple DES 密钥或初始值中更改一位不会给出不同的加密数据? [英] Why does changing one bit in a Triple DES key or initial value not give different encrypted data?

问题描述

我正在使用 pyDes 来加密一些数据.我想证明，如果您更改密钥或初始值中的一位，加密的数据将完全不同.我设置了 16 字节的密钥以将最后一个字符更改 +/- 1，从而导致至少一位不同.但是，即使我这样做，加密数据的 3 个不同实例也并非完全不同.

I'm using pyDes to encrypt some data. I wanted to demonstrate that if you change even one bit in the key or initial value, the encrypted data would be totally different. I set up the 16-byte key to change the last character by +/- 1, causing at least one bit to be different. However, even when I do that, the 3 different instances of encrypted data are not all different.

from pyDes import *

data = 'Hello'

# CBC : Cipher-Block-Chaining
# ..1: arbitrary initial value for CBC
# pad=None: let pyDes take care of padding bytes
k1 = triple_des("16-byte-key-here", CBC, "1", pad=None, padmode=PAD_PKCS5)
k2 = triple_des("16-byte-key-herf", CBC, "1", pad=None, padmode=PAD_PKCS5)
k3 = triple_des("16-byte-key-herd", CBC, "1", pad=None, padmode=PAD_PKCS5)

d1 = k1.encrypt(data)
d2 = k2.encrypt(data)
d3 = k3.encrypt(data)

assert d1 != d2
assert d2 != d3
assert d1 != d3

如果我只对键或初始值做一个小的改变，其中一个断言似乎失败了；我已经看到 d1 != d2 和 d1 != d3 都失败了，这取决于我所做的更改.我还尝试将 'Hello' 更改为 'Hello' * 50 以确保这不仅仅是输入数据太短的情况.

One of the assertions seems to fail if I only make a small change to either the key or initial value; I have seen both d1 != d2 and d1 != d3 fail depending on what I change. I have also tried changing 'Hello' to 'Hello' * 50 to make sure it wasn't just a case of the input data being too short.

如果我制作完全随机的密钥，断言就会通过.对于如上所示的程序，d1 != d3 失败(这些密钥相距一位；k1-k2 相差 2 位).

If I make totally random keys, the assertions pass. With the program as seen above, d1 != d3 fails (those keys are one bit apart; k1-k2 are 2 bits different).

我绝不是加密专家，但如果两个密钥仅相隔一点导致相同的加密数据，那么这意味着暴力破解密钥所需的努力减少了两倍，对吧?

I am by no means an encryption expert, but if two keys only one bit apart result in the same encrypted data, then that means the effort it takes to brute-force the key just went down by a factor of two, right?

我是否遗漏了一些明显的东西?三重 DES 不应该为非常相似的密钥提供唯一结果吗?或者这是 PyDes 中的错误?也许其他人可以在另一个实现中确认这种行为?

Am I missing something obvious? Is Triple DES not supposed to give unique results for very similar keys? Or is this a bug in PyDes? Maybe someone else could confirm this behavior in another implementation?

---

@Chris Jester-Young 的答案是密钥中的某些位是奇偶校验位.事实证明，根据这篇文章:

请注意，尽管 DES 的输入密钥长度为 64 位，但 DES 使用的实际密钥长度仅为 56 位.每个字节中最不重要(最右边)的位是奇偶校验位，并且应该设置为每个字节中总是有奇数个 1.这些奇偶校验位被忽略，因此只使用每个字节的七个最高有效位，从而导致密钥长度为 56 位.这意味着三重 DES 的有效密钥强度实际上是 168 位，因为三个密钥中的每一个都包含 8 个在加密过程中未使用的奇偶校验位.

Note that although the input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not used during the encryption process.

(重点是我的)

那些奇偶校验位正是我在示例中更改的位.

And those parity bits were exactly the bits I was changing in the example.

谢谢克里斯！

推荐答案

在 DES 中，密钥的某些位是奇偶校验位，实际上并不影响加密/解密.

In DES, some bits of the key are parity bits, and don't actually affect the encryption/decryption.

这篇关于为什么在 Triple DES 密钥或初始值中更改一位不会给出不同的加密数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！