如果密码无效,则使AES解密失败 [英] Making AES decryption fail if invalid password
问题描述
我最近在一个使用PyCrypto进行的项目中使用AES编写了自己的加密方法。我使用哈希生成一个32字节的密码,并使用CBC将其提供给AES-256位加密。输入的文件使用PKCS#7填充进行填充,以使其可以被16整除。
I've written my own encryption method using AES in a project I've been working on lately using PyCrypto. I use a hash to generate a 32-byte password and feed that to AES-256bit encryption using CBC. The file input is padding using PKCS#7 padding to conform to be divisible by 16.
我可以对文件进行加密和解密而不会发生意外,输入文件原本与输出文件具有相同的SHA-256哈希值。
I can encrypt and decrypt the file without incident and the input file originally encrypted along with the output file have the same SHA-256 hash.
我发现的唯一问题是,如果我提供了错误密码,则解密仍然发生。这是我正在做的问题,因为如果密码短语错误,我需要使解密快速失败。
The only problem I'm finding is that if I supply the wrong passphrase, decryption still happens. This is a problem for what I'm doing, as I need to have decryption fail fast if the passphrase is wrong.
我该如何实现?我听说过AES加密的其他方法,但是PyCrypto似乎仅支持ECB,CBC,CFB,OFB,CTR和OpenPGP。
How can I make this happen? I've heard of other methods of AES encryption, but it seems that PyCrypto only supports ECB, CBC, CFB, OFB, CTR, and OpenPGP. How can I implement cryptographically strong AES which will fail decryption without the right passphrase?
推荐答案
与AES无关的东西(或其他任何东西)加密算法)可以让您知道您是否拥有正确的密钥。就是说,当您实际上想在数学领域之外使用加密时,这是一个非常有用的功能。
There is nothing about AES (or any other encryption algorithm for that matter) that could allow you to know whether you have the correct key. That said, it's a very useful feature when you actually want to use cryptography outside of the realm of mathematics.
您需要做的是添加一个具有已知值的块在消息的开头,以这种方式解密第一个块后,您可以将其与已知值进行比较,并知道您是否使用了错误的密钥。如果要加密的数据具有已知的标头,则可以改用该标头。
What you need to do is add a block with a known value at the start of your message, that way after decrypting the first block you can compare it against the known value and know whether you have the wrong key. If the data you're encrypting has a known header you could use this instead.
或者,您也可以发送密钥的加密哈希(例如SHA-256)收到该消息后,攻击者只有破坏了哈希才能恢复密钥。
Alternatively you could send a cryptographic hash (for example SHA-256) of the key along with the message, an attacker would only be able to recover the key if they could break the hash.
这篇关于如果密码无效,则使AES解密失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
