AES托管提供默认值 [英] AES Managed Provider Defaults
问题描述
我们是一个.NET店,并实施使用AesManaged提供了一些解决方案。现在我们需要与第三方交换一些数据,他们已经提出了使用非默认设置用于AES提供商的溶液
We are a .net shop and have implemented a few solutions using the AesManaged provider. Now we need to exchange some data with a third party and they have proposed a solution that uses non-default settings for the AES provider.
.NET默认值:
BlockSize = 128;
Mode = System.Security.Cryptography.CipherMode.CBC;
Padding = System.Security.Cryptography.PaddingMode.PKCS7;
厂商建议的设置:
Vendor proposed settings:
BlockSize = 128;
Mode = CipherMode.ECB;
Padding = PaddingMode.Zeros;
我的问题:是默认设置不够好?我们为什么要考虑改变任何设置。应该指出的是,我不知道他们使用的是.NET所以这可能只是简单地重新present不同的系统默认值。
My question: Are the default settings good enough? Why should we consider changing any of these settings. It should be noted that I am not sure they are using .NET so these might simply represent different system defaults.
推荐答案
块大小为AES是不可转让,这是什么样的标准prescribes。 模式ECB不会做了。别。 CBC是好的,但需要填充,因此您可以使用CFB或OFB模式或计数器模式 如果随机访问是重要的。零填充只能确定的,如果纯文本和/或上下文格式决定了的纯文本的有效长度,否则避免:PKCS7是唯一可译
Blocksize for AES is "non-negotiable", it's what the standard prescribes. Mode ECB won't do anymore. Don't. CBC is fine, but needs padding, so you could use CFB or OFB mode, or counter mode if random access is important. Zero-padding is only OK if the format of the plain text and/or the context determines what the effective length of the plain text is, otherwise avoid it: PKCS7 is uniquely decodable.
这篇关于AES托管提供默认值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
