对称加密（AES）：是保存IV和盐一起加密的数据的安全和适当的？ [英] Symmetric Encryption (AES): Is saving the IV and Salt alongside the encrypted data safe and proper?

问题描述

我试图做出如何处理意识和管理动初始化向量和盐（如适用）加密和使用对称加密算法，在这种情况下，AES解密数据时。

I am trying to make sense of how to handle and manage an initilization vector and salt (when applicable) when encrypting and decrypting data using a symmetric encryption algorithm, in this case AES.

我已经从不同的线程SO和各种其他网站推断，无论是IV或盐必须是秘密的，以防范密码攻击，如暴力攻击只有唯一的。考虑到这一点我想，这将是可行的我的伪随机IV存储与加密的数据。我问，如果我使用的方法是正确的，而且，我应该以同样的方式来对待我目前硬编码盐？这是其写入沿着侧面的存储流IV

I have deduced from different SO threads and various other websites that neither the IV or salt need to be secret, only unique in order to defend against cryptanalytic attacks such as a brute-force attack. With this in mind I figured that it would be viable to store my pseudo random IV with the encrypted data. I am asking if the method I am using is proper and furthermore, should I be treating my currently hard coded salt in the same manner? That being writing it to the memory stream along side the IV

我的代码：

private const ushort ITERATIONS = 300;
private static readonly byte[] SALT = new byte[] { 0x26, 0xdc, 0xff, 0x00, 0xad, 0xed, 0x7a, 0xee, 0xc5, 0xfe, 0x07, 0xaf, 0x4d, 0x08, 0x22,  0x3c };

private static byte[] CreateKey(string password, int keySize)
{
    DeriveBytes derivedKey = new Rfc2898DeriveBytes(password, SALT, ITERATIONS);
    return derivedKey.GetBytes(keySize >> 3);
}

public static byte[] Encrypt(byte[] data, string password)
{
    byte[] encryptedData = null;
    using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
    {
        provider.GenerateIV();
        provider.Key = CreateKey(password, provider.KeySize);
        provider.Mode = CipherMode.CBC;
        provider.Padding = PaddingMode.PKCS7;

        using (MemoryStream memStream = new MemoryStream(data.Length))
        {
            memStream.Write(provider.IV, 0, 16);
            using (ICryptoTransform encryptor = provider.CreateEncryptor(provider.Key, provider.IV))
            {
                using (CryptoStream cryptoStream = new CryptoStream(memStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(data, 0, data.Length);
                    cryptoStream.FlushFinalBlock();
                }
            }
            encryptedData = memStream.ToArray();
        }
    }
    return encryptedData;
}

public static byte[] Decrypt(byte[] data, string password)
{
    byte[] decryptedData = new byte[data.Length];
    using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
    {
        provider.Key = CreateKey(password, provider.KeySize);
        provider.Mode = CipherMode.CBC;
        provider.Padding = PaddingMode.PKCS7;
        using (MemoryStream memStream = new MemoryStream(data))
        {
            byte[] iv = new byte[16];
            memStream.Read(iv, 0, 16);
            using (ICryptoTransform decryptor = provider.CreateDecryptor(provider.Key, iv))
            {
                using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read))
                {
                    cryptoStream.Read(decryptedData, 0, decryptedData.Length);
                }
            }
        }
    }
    return decryptedData;
}

我也愿意与问候正确的做法有关对称加密的任何其他信息。

I am also open to any other information about symmetric encryption with regards to proper practice.

推荐答案

存放IV和盐的长与密文是正确的和最佳实践。硬编码的盐是没有用的，是随机很重要，硬编码的迭代是非常好的，但通常远高于300（实际上至少1000，你通常去，如果你的机器/使用可以处理更高）。

Storing the IV and Salt a long with the cipher text is proper and a best practice. Hard coding the salt is not useful, being random is important, hard coding the iterations is perfectly okay but is typically much higher than 300 (in fact at least 1000 and you typically go much higher if your machine/usage can handle it).

由于我从堆栈溢出切见过C＃加密那么多不好的（或大）的例子并粘贴到开放的源代码，我写的剪切和粘贴的短位我尽量保持最新和审查的字符串。对称认证加密的加密代码现代的例子。它存储IV和盐与它也验证包括在密文的密文和值的密文

Because I've seen so many bad (or old) examples of c# encryption from stack overflow cut and paste into open source code, I wrote a short bit of cut and paste encryption code Modern Examples of Symmetric Authenticated Encryption of a string. that i try to keep up to date and reviewed. It stores the iv and salt with the ciphertext it also authenticates the ciphertext and values included with the cipher text.

虽然理想的情况是一个更好的做法是使用较高水平的加密库将处理像IV为你的最佳实践，但这些通常都没有存在CSHARP。我一直对谷歌的的 CSHARP版本 =HTTP：//www.keyczar。组织/> keyczar 库。虽然它的功能可以使用了，我一直想获得更多的目光投向了第一次正式的稳定版本的代码。

Ideally though a better practice would be to use a high level encryption library that would handle best practices like the iv for you, however those typically haven't existed for csharp. I've been working on a native csharp version of google's keyczar library. While it's functionally ready for use, I've been wanting to get more eyes on the code before the first official stable release.

这篇关于对称加密（AES）：是保存IV和盐一起加密的数据的安全和适当的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！