如何选择AES加密模式（CBC ECB CTR OCB CFB）？ [英] How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?

问题描述

在哪种情况下，哪一种是首选？

我想看看各种模式的评估标准清单，也可以讨论每个标准的适用性。

例如，
我认为其中一个标准是加密和解密的代码大小，这对于微代码嵌入式系统很重要，像802.11网络适配器。如果实现CBC所需的代码远远小于CTR所需的代码（我不知道这是真的，这只是一个例子），那么我可以理解为什么使用较小代码的模式是首选的。但是，如果我正在编写一个在服务器上运行的应用程序，而我正在使用的AES库实现了CBC和CTR，那么这个标准是无关紧要的。

看到我的意思是评估标准列表和每个标准的适用性？

这不是真正的编程相关，但它是算法相关的。

解决方案

• 如果使用相同的密钥加密多个数据块，则不应使用ECB。




• CBC ，OFB和CFB是相似的，但是OFB / CFB更好，因为你只需要加密而不是解密，这可以节省代码空间。




• 您需要良好的并行化（即速度），而不是CBC / OFB / CFB。




• 如果您对随机可访问数据进行编码，则最常见的是XTS模式（如硬盘或RAM）。




• OCB是迄今为止最好的模式，因为它允许在一次通过中进行加密和验证。但是在美国有专利。

你唯一需要知道的是，ECB不是被使用，除非你只加密1块。如果您正在加密随机访问的数据而不是流，则应使用XTS。

• 您每次加密时都应使用唯一的IV，他们应该是随机的。如果您不能保证它们是随机的，请使用OCB，因为它只需要一个随机数，而不是一个IV，并且有明显的区别。如果人们可以猜到下一个，那么一个随机数不会降低安全性，一个IV可能会导致这个问题。

Which of them are preferred in which circumstances?

I'd like to see the list of evaluation crtieria for the various modes, and maybe a discussion of the applicability of each criterion.

For example, I think one of the criteria is "size of the code" for encryption and decryption, which is important for micro-code embedded systems, like 802.11 network adapters. IF the code required to implement CBC is much smaller than that required for CTR (I don't know this is true, it's just an example), then I could understand why the mode with the smaller code would be preferred. But if I am writing an app that runs on a server, and the AES library I am using implements both CBC and CTR anyway, then this criterion is irrelevant.

See what I mean by "list of evaluation criteria and applicability of each criterion" ??

This isn't really programming related but it is algorithm related.

解决方案

• ECB should not be used if encrypting more than one block of data with the same key.

• CBC, OFB and CFB are similar, however OFB/CFB is better because you only need encryption and not decryption, which can save code space.

• CTR is used if you want good parallelization (ie. speed), instead of CBC/OFB/CFB.

• XTS mode is the most common if you are encoding a random accessible data (like a hard disk or RAM).

• OCB is by far the best mode, as it allows encryption and authentication in a single pass. However there are patents on it in USA.

The only thing you really have to know is that ECB is not to be used unless you are only encrypting 1 block. XTS should be used if you are encrypting randomly accessed data and not a stream.

• You should ALWAYS use unique IV's every time you encrypt, and they should be random. If you cannot guarantee they are random, use OCB as it only requires a nonce, not an IV, and there is a distinct difference. A nonce does not drop security if people can guess the next one, an IV can cause this problem.

这篇关于如何选择AES加密模式（CBC ECB CTR OCB CFB）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！