基于密码的加密在技术上是如何工作的? [英] How does password-based encryption technically work?

问题描述

假设我有一些数据和密码，我想加密数据，使其只能使用正确的密码才能恢复.

Say I have some data and a password, and I want to encrypt the data in such a way that it can only be recovered with the right password.

这在技术上是如何工作的(即如何实施)?我经常听到人们使用位移来加密，但是你如何基于密码呢?基于密码的加密如何工作?

How does this technically work (i.e. how to implement this)? I often hear people use bitshifting for encryption, but how do you base that on a password? How does password-based encryption work?

一个例子是 Mac OS X FileVault

An example is Mac OS X FileVault

谢谢.

如果您提供示例代码，最好是 C、Objective-C 或伪代码.

If you give sample code, preferably in C, Objective-C or pseudocode.

推荐答案

对于(对称)加密，您需要一个用于加密和解密的密钥.

For (symmetric) encryption you need a secret key for encryption and decryption.

通常，您提供的密码用作此密钥的来源.出于各种安全原因，密码不(并且由于使用的密码的要求，通常不能)直接用作密钥.相反，密钥派生函数用于从密码.

Usually, the password you supply is used as the source of this key. For various security reasons, the password is not (and often cannot, due to requirements of the cipher used) directly used as the key. Instead, a key derivation function is used to generate the key from the password.

这就是加密密码必须长且相当随机的原因:否则生成的密钥将仅来自可能密钥的极小子集，然后可以简单地全部尝试，从而强制加密.

This is why passwords for encryption must be long and fairly random: Otherwise the resulting key will only come from a very small subset of possible keys, and these can then simply all be tried, thus brute-forcing the encryption.

对于代码示例，有几种可能:

As to code examples, there are several possibilities:

• 查看加密库的源代码，例如 OpenSSL
• 查看实现加密的程序的源代码，例如GnuPG
• google 一些简单加密算法或密钥派生函数的示例源代码，并尝试理解它

这取决于你想学什么.

这篇关于基于密码的加密在技术上是如何工作的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！