AES加密16字节无盐 [英] AES encryption of 16 bytes without salt

问题描述

使用AES将16个字节的数据加密为单个块有多安全?没有盐/IV，没有操作模式，数百万个不同的16字节块被加密.我对加密还不很了解，但这使我闻起来.

How secure is it to encrypt 16 bytes of data as a single block with AES? No salt/IV, no mode of operation, millions of different 16 byte blocks encrypted. I don't know enough about crypto but this smells to me.

要提供更多细节，这与加密消息无关，而与数据库表列有关，其中纯文本长度恰好是16个字节.数据不是完全随机的(前8个字节通常是相同的)，并且有一个校验和来标识成功的解密.

to give a bit more detail this is not about encrypting a message but a database table column where the plain text length happens to be 16 bytes. The data is not totally random (the first 8 bytes will frequently be the same) and there is a checksum to identify a successful decryption.

下周我将与提议的家伙们开会，如果有问题，将不胜感激一些指向参考资料的指针，我可以用它们证明设计是不安全的.我对系统并不完全熟悉，但是我认为这可能需要进行重大的重新设计才能解决，因此可能会遇到很多阻力.涉及的大多数人员(和权力)都在业务方面，其动机是获得一个工作系统...

I'm going into a meeting with the guys proposing this next week and, if there is a problem, would greatly appreciate some pointers to reference material with which I can show that the design is insecure. I'm not totally familiar with the system but I think this could require a major redesign to get around so there is likely to be a lot of resistance. Most of the people (and the power) involved are on the business side where the motivation is to get a working system...

推荐答案

ECB不能安全地用于一般用途.给定的纯文本始终会加密为相同的密文，因此可以显示出模式.但是，在某些特殊情况下它是安全的，此应用程序可能就是其中之一.

ECB is not secure for general use. A given plain text always encrypts to the same cipher text, so patterns can be revealed. However, there are special cases where it is safe, and this application may be one of them.

引用应用密码学，第二版，第pg.190，关于分组密码的ECB模式:

Quoting Applied Cryptography, second edition pg. 190, with regard to ECB mode for a block cipher:

从好的方面来说，没有安全性加密多封邮件的风险用相同的键.实际上，每个块可以看作是单独的使用相同密钥加密的邮件.

On the plus side, there is no security risk in encrypting multiple messages with the same key. In fact, each block can be looked at as a separate message encrypted with the same key.

稍后(第208页)，施耐尔说:

Later on (p. 208), Schneier says:

如果简单和速度是您的主要目标令人担忧的是，欧洲央行是最容易做到的使用分组密码的最快模式.它也是最弱的.除了被容易受到重放攻击，ECB模式下的算法最简单进行密码分析.我不建议欧洲央行用于邮件加密.

If simplicity and speed are your main concerns, ECB is the easiest and fastest mode to use a block cipher. It is also the weakest. Besides being vulnerable to replay attacks, an algorithm in ECB mode is the easiest to cryptanalyze. I don't recommend ECB for message encryption.

用于加密随机数据，例如其他键，ECB是很好的使用模式.由于数据简短且随机，欧洲央行的缺点都不重要此应用程序.

For encrypting random data, such as other keys, ECB is a good mode to use. Since the data is short and random, none of the shortcomings of ECB matter for this application.

您所用的通用前缀和校验位不会产生通用密文.仅当复制 entire 纯文本块时，才会发生这种情况.根据您的描述，您的应用程序可能非常适合ECB，特别是如果每​​个纯文本值作为一个整体都是唯一的.

The common prefix and check digit in your case won't produce common ciphertext. This happens only if an entire plaintext block is duplicated. From what you've described, your application may be a good fit for ECB—especially if each plain text value, as a whole, is unique.

这篇关于AES加密16字节无盐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！