在编写自己的密码学方法时，您使用了哪些技术? [英] What techniques do you use when writing your own cryptography methods?

问题描述

多年来，也许是 10 年，我一直对密码学着迷.我读了一本关于基于 XOR 位的加密的书，从那以后就迷上了.

For years, maybe 10, I've been fascinated with cryptography. I read a book about XOR bit-based encryption, and have been hooked ever since thing.

我想更公平地说，我对那些能够破解各种加密方法的人着迷，但我离题了.

I guess it's more fair to say that I'm fascinated by those who can break various encryption methods, but I digress.

直截了当——你在编写密码学时使用了哪些方法?混淆在密码学中好吗?

To the point -- what methods do you use when writing cryptography? Is obfuscation good in cryptography?

我使用两个基于密钥的 XOR 加密、密钥上的各种散列技术 (SHA1) 以及一些简单的东西，例如在这里和那里反转字符串等.

I use two key-based XOR encryption, various hashing techniques (SHA1) on the keys, and simple things such as reversing strings here and there, etc.

我很想看看其他人在编写一种不那么开箱即用的加密方法时的想法和尝试.此外——任何关于专业人士如何破解"各种加密技术的信息也会很有趣.

I'm interested to see what others think of and try when writing a not-so-out-of-the-box encryption method. Also -- any info on how the pros go about "breaking" various cryptography techniques would be interesting as well.

澄清一下——我不想在任何生产代码或我的任何代码中使用它.我很感兴趣通过玩弄而不是重新发明轮子来了解它是如何工作的.:)

伊恩

推荐答案

为了与其他人到目前为止所说的相矛盾，去做吧！ 是的，你的代码可能存在缓冲区溢出漏洞，并且可能会很慢、有问题等，但您这样做是为了FUN！我完全理解玩加密货币的娱乐乐趣.

To contradict what everyone else has said so far, go for it! Yeah, your code might have buffer overflow vulnerabilities in it, and may be slow, buggy, etc, but you're doing this for FUN! I completely understand the recreational enjoyment found in playing with crypto.

话虽如此，密码学根本不基于混淆(或至少不应该).好的加密将继续工作，即使 Eve 已经通过你的混淆代码并完全了解正在发生的事情.IE:许多报纸都有替代代码谜题，读者在早餐时尝试破解.如果他们开始做一些事情，比如反转整个字符串，是的，这会更难，但 Joe Reader 仍然能够打破它，neve tuohtiw gnieb dlot.

That being said, cryptography isn't based on obfuscation at all (or at least shouldn't be). Good crypto will continue to work, even once Eve has slogged through your obfuscated code and completely understands what is going on. IE: Many newspapers have substitution code puzzles that readers try and break over breakfast. If they started doing things like reversing the whole string, yes, it'd be harder, but Joe Reader would still be able to break it, neve tuohtiw gnieb dlot.

良好的加密基于被认为非常困难的问题(尚未证明，AFAIK).这方面的示例包括 因子分解、查找日志，或其他任何NP-complete 问题.

Good crypto is based on problems that are assumed to be (none proven yet, AFAIK) really difficult. Examples of this include factoring primes, finding the log, or really any other NP-complete problem.

更多的权力让你玩弄一个非常酷的数学分支，只要记住加密是基于困难而不是复杂的东西.许多加密算法，一旦你真正理解它们，就会简单得令人难以置信，但仍然有效，因为它们基于一些困难的东西，而不仅仅是交换字母.

More power to you for playing around with a really cool branch of mathematics, just remember that crypto is based on things that are hard, not complicated. Many crypto algorithms, once you really understand them, are mindbogglingly simple, but still work because they're based on something that is hard, not just switching letters around.

注意:话虽如此，一些算法确实添加了额外的怪癖(如字符串切断)，以使暴力强制它们变得更加困难.我的一部分感觉就像我在某处读到这个引用 DES，但我不相信...

Note: With this being said, some algorithms do add in extra quirks (like string seversal) to make brute forcing them that much more difficult. A part of me feels like I read this somewhere referencing DES, but I don't believe it...

顺便说一句:如果您以前没有找到它，我猜是 TEA/XTEA/XXTEA 系列算法会很有趣.

BTW: If you haven't found it before, I'd guess the TEA/XTEA/XXTEA series of algorithms would be of interest.

这篇关于在编写自己的密码学方法时，您使用了哪些技术?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！