安卓:不要随机SALT字节传递给AESObfuscator需要保持不变? [英] Android: Do the random SALT bytes passed to AESObfuscator need to stay the same?
问题描述
我实施许可在我的Android应用,并有20个字节需要被传递到了被传递到ServerManagedPolicy对象AESObfuscator阵列。可这阵随机每次code为运行时生成的,还是它必须是硬codeD?
现在,我随机生成的盐是这样的:
私有静态最后byte []的盐。
静态{
随机随机=新的随机();
random.setSeed(System.currentTimeMillis的());
byte []的BUF =新的字节[20];
random.nextBytes(BUF);
盐= BUF;
}
一个有点晚了,但是:盐必须保持不变,以便能够存储的值再次解密
基本上腌制方法随机密码短语,使字典攻击变得更加困难。 <一href="http://stackoverflow.com/questions/7178701/how-does-a-salt-protect-against-a-dictionary-attack">How没有盐防止字典攻击?
更新(一年后:)顺便说一句:使用SecureRandom的发电机在随机发生器代替字节 - 它的好的(我会细讲,但你可以找到其他地方为好。 http://docs.oracle.com/ JavaSE的/ 7 /文档/ API / Java的/安全/ SecureRandom.html )
I'm implementing licensing in my Android application, and there is an array of 20 bytes that need to be passed into the AESObfuscator that is passed to the ServerManagedPolicy object. Can this array be generated randomly every time the code is ran, or does it have to be hardcoded?
Right now I'm randomly generating the salt like this:
private static final byte[] SALT;
static {
Random random = new Random();
random.setSeed(System.currentTimeMillis());
byte[] buf = new byte[20];
random.nextBytes(buf);
SALT = buf;
}
A bit late, but yes: the salt must remain the same to be able to decrypt the stored values again.
Basically Salting means randomizing a passphrase to make dictionary attacks a lot harder. How does a salt protect against a dictionary attack?
Update (one year later :) By the way: use a SecureRandom generator for the bytes in stead of a Random generator - it's better (I could go into detail, but you can find that elsewhere as well. http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html)
这篇关于安卓:不要随机SALT字节传递给AESObfuscator需要保持不变?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!