加密采用AES-256和初始化向量 [英] Encryption with AES-256 and the Initialization Vector
问题描述
我有关于在AES加密使用的初始化向量的问题。我引用下面的文章/职位,以建立加密到我的程序:
I have a question relating to the use of an Initialization Vector in AES encryption. I am referencing the following articles / posts to build encryption into my program:
[1] Java的256位AES加密
[2] <一个href="http://gmailassistant.sourceforge.net/src/org/freeshell/zs/common/Encryptor.java.html">http://gmailassistant.sourceforge.net/src/org/freeshell/zs/common/Encryptor.java.html
[1] Java 256bit AES Encryption
[2] http://gmailassistant.sourceforge.net/src/org/freeshell/zs/common/Encryptor.java.html
我本来继起的第一个链接埃里克森的解决方案,但是,从我可以告诉,PBKDF2WithHmacSHA1不支持我的实现。所以,我转向第二个链接以获得一个想法我自己的迭代的SHA-256散列创作。
I was originally following erickson's solution from the first link but, from what I can tell, PBKDF2WithHmacSHA1 is not supported on my implementation. So, I turned to the second link to get an idea for my own iterative SHA-256 hash creation.
我的问题来了如何将四被创建。一个实施([1])使用从Cypher支架类的方法来推导哪里是其他([2])使用第二16个字节的散列作为Ⅳ的四。很简单,为什么差异,这是从安全角度来看比较好?我有点困惑的IV的推导和使用,以及(我知道他们是用来做什么,只是没有了微妙的差别),因此任何的澄清也非常欢迎。
My question comes in how the IV is created. One implementation ([1]) uses methods from the Cypher class to derive the IV where are the other ([2]) uses the second 16 bytes of the hash as the IV. Quite simply, why the difference and which is better from a security standpoint? I am kinda confused to the derivation and use of IVs as well (I understand what they are used for, just not the subtler differences), so any clarification is also very welcome.
我注意到,第二个链接使用AES-128而不是AES-256这将表明,我认为我将不得不上升到SHA-512是我想用这个方法。这似乎是这将是一个不幸的要求,因为用户的密码必须为16个字符长,以确保远程安全哈希和这个程序是发往手机。
I noticed that the second link uses AES-128 rather than AES-256 which would suggest to me that I would have to go up to SHA-512 is I wanted to use this method. This seems like it would be an unfortunate requirement as the user's password would have to be 16 characters longer to ensure a remotely secure hash and this app is destined for a cell phone.
源代码可应要求提供,但它仍然是不完整的。
Source is available on request, though it is still incomplete.
感谢你在前进。
推荐答案
的第四不应从单独的口令生成
The IV should not be generated from the password alone.
这即使在相同的密钥和明文被再使用的Ⅳ的点,不同的密文将被产生。如果四仅从密码确定性产生的,你每次都得到相同的密文。在所引用的例子中,一个的盐的随机选择,所以一个新的密钥,即使使用相同的口令生成
The point of the IV that even with the same key and plaintext is re-used, a different ciphertext will be produced. If the IV is deterministically produced from the password only, you'd get the same ciphertext every time. In the cited example, a salt is randomly chosen, so a new key is generated even with the same password.
只需使用一个随机数生成器来选择一个IV。这就是密码被内部做的事情。
Just use a random number generator to choose an IV. That's what the cipher is doing internally.
我想强调的是,你必须与密文一起储存要么IV(如果使用第一种方法)或盐(如果你使用第二种方法)。你不会有,如果一切从密码派生良好的安全性;你需要的每封邮件在一些随机性。
I want to stress that you have to store either the IV (if you use the first method) or a salt (if you use the second method) together with the ciphertext. You won't have good security if everything is derived from the password; you need some randomness in every message.
这篇关于加密采用AES-256和初始化向量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
