在Adobe AIR / Flash的高性能加密 [英] high performance encryption in adobe air / flash

问题描述

当寻找加密相关的类/在动作脚本/空气/闪光功能，我看到的的 as3crypto 项目。

When looking for encryption related classes/functions in action script / air / flash, I saw the as3crypto project.

这一次提供了一个诉不错的选项，但我对当这些被用于解密本地媒体文件时，它选择要播放这些数字的presented表示有点担心。

This one provides a v. nice set of options, but I am a bit concerned on what the numbers presented means when these are used to decrypt a local media file when its selected about to be played.

我要寻找的安全性与性能的平衡。

对于视频/音乐，它需要去code以足够快的速度让玩家的播放自如 - 这恐怕是依赖在格式使用，但在任何情况下不到有延迟等待去code整个文件。

For video/music, it needs to decode at a fast enough pace so the player plays it smoothly - which is something that depends on the format used, but is in all cases less than the delay of having to wait to decode the whole file.

最难的部分是通过让使用它的闪存应用为好，因为AFAIK它需要为等待所有它做任何事情。除非这个假设是错误的，这就是在列表中as3crypto页面表现最好的算法似乎太慢即 1.5 MB x秒，则需20秒破译一个30 MB Flash应用程序

The hardest part comes from having to use it for flash apps as well, since afaik it needs to wait for all of it to do anything. Unless this assumption is wrong, this is where the best performance algorithm in the list in the as3crypto page seems too slow i.e. at 1.5 MB x sec, it would take 20 secs to decipher a 30 MB flash app.

在主要问题我对这个有：

• 是否有任何的其他库具有更高的性能？凡是在Adobe AIR可能？
• 对于视频/曲目，这将是对 MB x秒，它是可玩了好多个？
• 请问闪存等待，直到它在运行任何东西之前完全加载一个Flash应用程序？

• Are there any other libraries with higher performance? Anything in adobe air maybe?
• For videos/songs, what would be a good number of MB x sec for it to be playable?
• Does flash waits until loading completely a flash app before running anything of it?

推荐答案

至于性能，如果你可以流视频和放大器;音乐，即对其进行处理一块的时间，那么你只需要解密解密整个文件的一个块，而不是提前。这可能会不够好表现，无论算法。

Regarding performance, if you can stream the video & music, i.e. process them one block at a time, then you only need to decrypt one block ahead instead of decrypting the entire file. This will probably be good enough for performance no matter the algorithm.

有关最佳安全性的尝试AES-256，preferably在CTR模式（见的科林·珀西瓦尔的文章原理）。需要注意的是CTR模式转换的AES分组密码流加密相当于而不降低其安全性 - 这有一些有用的特性，如随机存取解密（对CBC这迫使你解密一切取决于你想要的数据）。

For the best security try AES-256, preferably in CTR mode (see Colin Percival's article for rationale). Note that CTR mode converts the AES block cipher to the equivalent of a stream cipher without reducing its security - this has some useful properties, like random-access decryption (vs. CBC which forces you to decrypt everything up to the data you want).

如果CPU负载过高，RC4是较弱的，但对于大多数应用已经足够了。一定要使用256位密钥。

If the CPU load is too high, RC4 is weaker but good enough for most uses. Be sure to use a 256-bit key.

最后，你的方式生成加密密钥时的很重要的：

Finally, the way you generate the encryption keys is very important:

如果您使用相同的基本密钥的所有文件进行加密，总是使用随机数（又名IV或初始化向量）加密时：

If you use the same base key to encrypt all the files, always use a nonce (a.k.a IV or "Initialization Vector") when encrypting:

• 在一个随机数/ IV是一组随机字节被保留的中明确旁边的密文（通常prepended以密文）
• 创建并使用不同的随机数/ IV每个加密文件
• 在CTR模式的API包括一个方法来设置IV /随机数，使用该库还支持它
• 如果您使用RC4：
  • 保存现时/ IV自己
  • 生成最终的加密密钥，使用HMAC-SHA256的基本密钥和随机数，就像提到这里
  • A nonce / IV is a group of random bytes that are kept in the clear next to your ciphertext (often prepended to the ciphertext)
  • Create and use a different nonce / IV for each encrypted file
  • CTR mode APIs include a way to set the IV / nonce, the library you use supports it
  • If you use RC4:
    • save the nonce / IV yourself
    • generate the final encryption key using HMAC-SHA256 with the base key and the nonce, like mentioned here

    如果用户输入密码，生成使用PBKDF2基加密密钥（再次，参见科林·珀西瓦尔的文章原理）。

    If the user enters a password, generate the base encryption key using PBKDF2 (again, see Colin Percival's article for rationale).

    既然你已经在图书馆的HMAC-SHA256执行可以很容易地实现PBKDF2-HMAC-SHA256自己，搜索网络左右的示例实现。

    Since you have an hmac-sha256 implementation in the library it's easy to implement PBKDF2-HMAC-SHA256 yourself, search the net or SO for sample implementations.

    这篇关于在Adobe AIR / Flash的高性能加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！