为什么RijndaelManaged的任何长度键都有效？ [英] Why does any length key work for RijndaelManaged?

问题描述

关于方法...

  RijndaelManaged.CreateDecryptor方法（Byte []，Byte []）
  

这里它描述了第一个参数...

密钥用于对称算法。键大小
必须是128,192或256位。

但我可以将键设置为任何长度string ...

  var key = Encoding.UTF8.GetBytes（whetever ...）; 
  

为什么字节数组的长度更加不够？

解决方案

这是不是真的，任何密钥大小的工作。

的LegalKeySizes sizes属性 RijndaelManaged 实际上报告以下值：

  MinSize = 128 
 MaxSize = 256 
 SkipSize = 64 
  

这应该表明只支持AES密钥大小：128,192和这基本上意味着 RijndaelManaged 没有完全实现Rijndael，这也允许160和224位作为键大小。其实，我不认为它允许160和224位的块大小。

现在你的问题提出了一些问号，所以我决定看看键大小实际上被接受而不引发异常，我得到以下令人惊讶的结果：

  8，9，10，11， 12，13，14，15，16，24，32 
  

  64,72,80,88,96,104,112,120,128,192,256 
  

因此 RijndaelManaged 似乎接受比指定的更多键大小，额外的键大小低于类别和Rijndael算法指定的最小长度。

现在使用这些无效的键大小加密一些东西： / p>

  064：1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b 
 072：1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b 
 080：1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b 
 088：1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b 
 096：4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c 
 104：4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c 
 112：4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c 
 120：4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c 
 128：66e94bd4ef8a2c3b884cfa59ca342b2e9434dec2d00fdac765f00c0c11628cd1 
 192：aae06992acbf52a3e8f4a96ec9300bd71045be567103016ac50b21b86fc5457e 
 256：dc95c078a2408989ad48a21492842087f3c003ddc4a7b8a94baedffc3d214c38 
  

注意：对于那些感兴趣的人：CBC与键的所有零，纯文本和IV只是16字节设置为零。测试在Windows 10上执行：

操作系统：Microsoft Windows NT 10.0.10240.0，CLR：4.0.30319.42000

因此，对于键值64,72,80,88,96,104,112,120，你只是得到一些无效的，未指定的结果。看代码基本上仅使用8字节作为密钥，并将其他字节设置为零，对于密钥大小8..11和12字节作为密钥大小12..15的密钥。在这种情况下，块大小将是128位，否则块大小将与密钥大小相同。因此，实现实际上在使用键之前从键的结尾剥离一到三个字节，用于键大小72,80,88,104,112和120位。

基本上这似乎是一个在实现中的错误。基本上你不应该在 LegalKeySizes 返回的值之外使用 RijndaelManaged 。

$ b b

---

如前所述，您应该使用 Rfc2898DeriveBytes 将密码转换为具有有效密钥大小的密钥。 p>

Regarding the method...

RijndaelManaged.CreateDecryptor Method (Byte[], Byte[])

Here it says about the first parameter...

The secret key to be used for the symmetric algorithm. The key size must be 128, 192, or 256 bits.

But I can set the key to be any length string...

var key = Encoding.UTF8.GetBytes("whetever...");

Why isn't it more fussy about the length of the byte array? And how does it determine which of the three key lengths to be used?

解决方案

It isn't true that any key size works. Only a specific set of key sizes should be allowed.

The LegalKeySizes sizes property of RijndaelManaged actually reports the following values:

MinSize = 128
MaxSize = 256
SkipSize = 64

Which should indicate that only the AES key sizes are supported: 128, 192 and of course 256. This basically means that RijndaelManaged does not fully implement Rijndael, which also allows 160 and 224 bit as key sizes. Actually, I don't think it allows 160 and 224 bit for the block size either.

Now your question raised some question marks with me, so I decided to look which key sizes were actually accepted without raising an exception, and I got the following surprising result:

8, 9, 10, 11, 12, 13, 14, 15, 16, 24, 32

or, in bits instead of bytes:

64, 72, 80, 88, 96, 104, 112, 120, 128, 192, 256

So RijndaelManaged seems to accept more key sizes than specified, and these additional key sizes are below the minimum length specified by the class and the Rijndael algorithm.

Now lets encrypt something with these invalid key sizes:

064 : 1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b
072 : 1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b
080 : 1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b
088 : 1903b797b48ce006e618cb605d356981cc9b231195420010916e449037d3ac5b
096 : 4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c
104 : 4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c
112 : 4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c
120 : 4002ae70943dafdec10d4fbe2f97dc95b0a61e7412277197623b6d3d3e0da31c
128 : 66e94bd4ef8a2c3b884cfa59ca342b2e9434dec2d00fdac765f00c0c11628cd1
192 : aae06992acbf52a3e8f4a96ec9300bd71045be567103016ac50b21b86fc5457e
256 : dc95c078a2408989ad48a21492842087f3c003ddc4a7b8a94baedffc3d214c38

Note: for those interested: CBC with key consisting of all zero's, plaintext and IV are just 16 bytes set to zero too. Testing was performed on Windows 10:

OS: Microsoft Windows NT 10.0.10240.0, CLR : 4.0.30319.42000

So you just get some invalid, unspecified result for key sizes 64, 72, 80, 88, 96, 104, 112, 120. Looking at the code it basically uses only 8 bytes as key and leaves the other bytes set to zero for key sizes 8..11 and 12 bytes as key for key sizes 12..15. In that case the block size will be 128 bits, otherwise the block size will be the same as the key size. So the implementation actually strips one to three bytes from the end of the key before it is used for key sizes 72, 80, 88, 104, 112 and 120 bits.

So basically this seems a bug in the implementation. Basically you should not use RijndaelManaged outside the values returned by LegalKeySizes.

---

As already indicated, you should use Rfc2898DeriveBytes to convert a password to a key with a valid key size.

这篇关于为什么RijndaelManaged的任何长度键都有效？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！