我的密码(python脚本)有多安全? [英] How secure is my cipher (python script)?
问题描述
我已经提出了使用Python的加密例程,我很乐意任何人来看看。有一些我正在寻找的信息;有没有使用这种方法/变体,如果是这样,它是什么名字,它的安全性是多少?
I've come up with an encrypting routine in using Python that I'd appreciate anyone to take a look at. There's a few bit of information i'm looking for; Has this method/variation been used before and if so by what name does it go under and how secure is it?
想法是通过互联网传输的数据加密双方都知道的两个密码。
The idea is to transmitted data across the internet encrypted with two passwords that both parties are aware of.
它使用SHA1哈希来对密码进行编码,然后使用散列中的字符来创建偏移查找表。偏移值被添加到纯字符以生成加密字符。它使用一个方法而不是压缩或添加数据。
It uses the SHA1 hash to encode the passwords then uses the characters in the hash to create an offset lookup table. The offset value is added to a plain character to generate an encrypted character. It uses a one for one method rather than compressing or adding data.
如果两个SHA1哈希生成使用的字符串Hello StackOverflow生成,wPjOew6AdoNOYgjf7y 汉堡和肉一词。
The string, 'Hello StackOverflow' who generate, 'wPjOew6AdoNOYgjf7y' if the two SHA1 hashes were generated using the words 'burger' and 'meat'.
这是整个代码,对于额外的长字典数组,对不起:S
here's the entire code, sorry for the extra long dictionary array :S
代码运行使用:
Python 2.7.2(默认,2011年6月12日,15:08:59)[MSC v.1500 32位(Intel)]在win32上
Code run using: Python 2.7.2 (default, Jun 12 2011, 15:08:59) [MSC v.1500 32 bit (Intel)] on win32
import sys
# burger
sha1_pass1 = '7a86b15480e0a870f0b07a4d23a54ef8f9acac44'
# meat
sha1_pass2 = 'bb40f75a9c6038e0da200fc5c3a6f371c1592c66'
# Characters available to encrypt (can be extended)
valid_chars = '0123456789 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,!?' * 2
offset = {'00':0,
'01':1,
'02':2,
'03':3,
'04':4,
'05':5,
'06':6,
'07':7,
'08':8,
'09':9,
'0a':10,
'0b':11,
'0c':12,
'0d':13,
'0e':14,
'0f':15,
'10':16,
'11':17,
'12':18,
'13':19,
'14':20,
'15':21,
'16':22,
'17':23,
'18':24,
'19':25,
'1a':26,
'1b':27,
'1c':28,
'1d':29,
'1e':30,
'1f':31,
'20':32,
'21':33,
'22':34,
'23':35,
'24':36,
'25':37,
'26':38,
'27':39,
'28':40,
'29':41,
'2a':42,
'2b':43,
'2c':44,
'2d':45,
'2e':46,
'2f':47,
'30':48,
'31':49,
'32':50,
'33':51,
'34':52,
'35':53,
'36':54,
'37':55,
'38':56,
'39':57,
'3a':58,
'3b':59,
'3c':60,
'3d':61,
'3e':62,
'3f':63,
'40':64,
'41':65,
'42':66,
'43':0,
'44':1,
'45':2,
'46':3,
'47':4,
'48':5,
'49':6,
'4a':7,
'4b':8,
'4c':9,
'4d':10,
'4e':11,
'4f':12,
'50':13,
'51':14,
'52':15,
'53':16,
'54':17,
'55':18,
'56':19,
'57':20,
'58':21,
'59':22,
'5a':23,
'5b':24,
'5c':25,
'5d':26,
'5e':27,
'5f':28,
'60':29,
'61':30,
'62':31,
'63':32,
'64':33,
'65':34,
'66':35,
'67':36,
'68':37,
'69':38,
'6a':39,
'6b':40,
'6c':41,
'6d':42,
'6e':43,
'6f':44,
'70':45,
'71':46,
'72':47,
'73':48,
'74':49,
'75':50,
'76':51,
'77':52,
'78':53,
'79':54,
'7a':55,
'7b':56,
'7c':57,
'7d':58,
'7e':59,
'7f':60,
'80':61,
'81':62,
'82':63,
'83':64,
'84':65,
'85':66,
'86':0,
'87':1,
'88':2,
'89':3,
'8a':4,
'8b':5,
'8c':6,
'8d':7,
'8e':8,
'8f':9,
'90':10,
'91':11,
'92':12,
'93':13,
'94':14,
'95':15,
'96':16,
'97':17,
'98':18,
'99':19,
'9a':20,
'9b':21,
'9c':22,
'9d':23,
'9e':24,
'9f':25,
'a0':26,
'a1':27,
'a2':28,
'a3':29,
'a4':30,
'a5':31,
'a6':32,
'a7':33,
'a8':34,
'a9':35,
'aa':36,
'ab':37,
'ac':38,
'ad':39,
'ae':40,
'af':41,
'b0':42,
'b1':43,
'b2':44,
'b3':45,
'b4':46,
'b5':47,
'b6':48,
'b7':49,
'b8':50,
'b9':51,
'ba':52,
'bb':53,
'bc':54,
'bd':55,
'be':56,
'bf':57,
'c0':58,
'c1':59,
'c2':60,
'c3':61,
'c4':62,
'c5':63,
'c6':64,
'c7':65,
'c8':66,
'c9':0,
'ca':1,
'cb':2,
'cc':3,
'cd':4,
'ce':5,
'cf':6,
'd0':7,
'd1':8,
'd2':9,
'd3':10,
'd4':11,
'd5':12,
'd6':13,
'd7':14,
'd8':15,
'd9':16,
'da':17,
'db':18,
'dc':19,
'dd':20,
'de':21,
'df':22,
'e0':23,
'e1':24,
'e2':25,
'e3':26,
'e4':27,
'e5':28,
'e6':29,
'e7':30,
'e8':31,
'e9':32,
'ea':33,
'eb':34,
'ec':35,
'ed':36,
'ee':37,
'ef':38,
'f0':39,
'f1':40,
'f2':41,
'f3':42,
'f4':43,
'f5':44,
'f6':45,
'f7':46,
'f8':47,
'f9':48,
'fa':49,
'fb':50,
'fc':51,
'fd':52,
'fe':53,
'ff':54,}
cipher = []
# create the lookup table in cipher
for n in range(40):
sp1 = sha1_pass1[n]
sp2 = sha1_pass2[n]
cipher.append(offset[sp1 + sp2])
# get a user defined string
ask = raw_input('\n\n>>> ')
print ('\n') # make some space
# exit if return
if not ask:
sys.exit(1)
cipher_pos = 0
# progress through the user string
for n in range(len(ask)):
c = ask[n] # character n
# get the position of character in string
p = valid_chars.find(c)
if p == -1: sys.exit(1) # if not found then end
p += cipher[cipher_pos] # add the offset created by the passwords
cipher_pos += 1
if cipher_pos == 40: cipher_pos = 0 # reset lookup table position so it repeats
# get new character
x = valid_chars[p]
sys.stdout.write(x)
sys.stdout.flush()
print('\n')
推荐答案
您的代码是Vigenère密码,密码长度40个字符。所以你可以简单地查看链接的维基百科页面的弱点。
Your code is a Vigenère cipher with a password length of 40 characters. So you can simply look up its weaknesses on the linked wikipedia page.
最明显的攻击是:
频率分析
一旦密钥的长度已知,密文可以重写为多列,每列对应一个单字母的键。每列由通过单个凯撒密码加密的明文组成;凯撒键(shift)只是用于该列的Vigenère键的字母。使用类似于打破凯撒密码的方法,可以发现密文中的字母。
Once the length of the key is known, the ciphertext can be rewritten into that many columns, with each column corresponding to a single letter of the key. Each column consists of plaintext that has been encrypted by a single Caesar cipher; the Caesar key (shift) is just the letter of the Vigenère key that was used for that column. Using methods similar to those used to break the Caesar cipher, the letters in the ciphertext can be discovered.
你有点落后时间,你的计划已经在1553年发明了。
You're a bit behind the times, your scheme was already invented in 1553.
代码的另一个问题是它是一个异步流密码,无初始化向量。这些密码具有通用的弱点,使用密钥多次允许攻击者减去两个密文,消除密钥。其结果是纯文本的区别。实际上,这通常足以获得两个明文。
Another issue with your code is that it's a synchronous stream cipher without initialization vector. These ciphers have the generic weakness, that using a key more than once allows an attacker to subtract the two cipher texts, eliminating the key. The result of this is the difference of the plain texts. In practice this is often enough to obtain both plaintexts.
这篇关于我的密码(python脚本)有多安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
