当加密不是块大小的偶数倍的数据时，我必须发送完整的最后一个块？ [英] When encrypting data that is not an even multiple of the block size do I have to send a complete last block?

问题描述

如果我正在使用块大小为128位的AES等块密码，如果我的数据不是128位的偶数倍，该怎么办？我正在处理数据包，不想在加密数据包时更改数据包的大小，但是我的数据不是128的数据。

If I am using a block cipher such as AES which has a block size of 128 bits, what do I do if my data is not an even multiple of 128 bits? I am working with packets of data and do not want to change the size of my packet when encrypting it, yet my data is not an even multiple of 128?

AES块密码允许处理一个简短的最终块，而不改变我的消息的大小一旦加密？

Does the AES block cipher allow handling of a final block that is short without changing the size of my message once encrypted?

推荐答案

细节取决于您使用的链接模式。链接模式是什么定义了您调用AES原语的次数。对于给定的输入消息。最简单的链接模式是简单地将输入数据分成连续的16字节块并独立地加密它们中的每一个;这被称为ECB（作为电子代码簿），并且已知具有弱点（即，如果两个输入块相同，在现实生活数据中频繁出现的话，那么两个相应的输出块也将彼此相等，任何人都可以看到）。

That kind of detail depends on the chaining mode which you use. The chaining mode is what defines how many times you invoke the AES primitive. and on what, for a given input message. The simplest chaining mode consists in simply splitting the input data into successive 16-byte blocks and encrypting each of them independently; this is called ECB (as "Electronic Code Book") and it is known to have weaknesses (namely, if two input blocks are identical, something which is frequent in "real life" data, then the two corresponding output blocks will be equal to each other as well, and anybody can see that).

某些链接模式放大数据，即加密的消息将略大于输入消息。其他链接模式（例如CTR）不。几乎所有的安全链接模式都需要处理一个初始值，它是一个不需要秘密但必须被发送者和接收者都知道的数据（通常与块的大小相同），并且必须是不同的为每个消息。一些模式（例如CBC）需要均匀随机的IV，而一些其他模式将对简单的计数器感到满意。通常将发送IV与加密消息一起发送。你也可以使用哈希函数从密钥本身导出IV。

Some chaining modes enlarge the data, i.e. the encrypted message will be slightly larger than the input message. Other chaining modes (e.g. CTR) do not. Almost all secure chaining modes require handling an "initial value", which is a piece of data (usually the same size than a block) which needs not be secret, but must be known to both the sender and the receiver, and must be distinct for each message. Some modes (e.g. CBC) require a uniformly random IV, whereas some other modes will be happy with a simple counter. It is customary to send the IV along with the encrypted message. You could also derive the IV from the secret key itself with a hash function.

这些东西很棘手，很难知道你是否做到了正确的：安全性不能被测试弱密码系统像任何其他应用程序一样编译和运行。不建议设计您自己的加密协议。在所有使用强大的原语不能保证结果是安全的。

These things are tricky, and it is difficult to know whether you did it right: security cannot be tested; a weak cryptosystem compiles and runs just like any other application. Designing your own cryptographic protocol is not recommended. At all. Employing robust primitives is no guarantee that the result will be secure.

这篇关于当加密不是块大小的偶数倍的数据时，我必须发送完整的最后一个块？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！