你在编写自己的加密方法时使用什么技术? [英] What techniques do you use when writing your own cryptography methods?
问题描述
多年来,也许10年,我一直对密码学着迷。我读了一本关于XOR基于位的加密的书,并且从那以后就一直挂钩。
For years, maybe 10, I've been fascinated with cryptography. I read a book about XOR bit-based encryption, and have been hooked ever since thing.
我想更公平地说,我对那些能够打破各种加密方法,但我离题。
I guess it's more fair to say that I'm fascinated by those who can break various encryption methods, but I digress.
到目前为止,你在编写加密时使用什么方法?混淆在密码学好吗?
To the point -- what methods do you use when writing cryptography? Is obfuscation good in cryptography?
我使用两个基于键的XOR加密,在键上的各种哈希技术(SHA1),以及简单的事情,如反转字符串在这里和那里等。
I use two key-based XOR encryption, various hashing techniques (SHA1) on the keys, and simple things such as reversing strings here and there, etc.
我有兴趣看到别人的想法,并尝试在写一个不那么开箱加密方法。此外 - 任何关于专业人士如何打破各种加密技术的信息也很有趣。
I'm interested to see what others think of and try when writing a not-so-out-of-the-box encryption method. Also -- any info on how the pros go about "breaking" various cryptography techniques would be interesting as well.
要澄清 - 我不想在任何生产代码或任何我的代码中使用它。我有趣地学习如何通过玩弄,而不是重新发明的轮子。 :)
Ian
推荐答案
其他人已经说过了,去吧!是的,你的代码可能有缓冲区溢出漏洞,可能会很慢,buggy等,但你这样做 FUN !我完全理解在玩加密的娱乐享受。
To contradict what everyone else has said so far, go for it! Yeah, your code might have buffer overflow vulnerabilities in it, and may be slow, buggy, etc, but you're doing this for FUN! I completely understand the recreational enjoyment found in playing with crypto.
话虽如此,加密不是基于模糊化(或至少不应该)。好的加密将继续工作,即使一旦夏娃通过您的模糊代码和完全了解发生了什么。 IE:许多报纸都有替换代码拼图,读者尝试并突破早餐。如果他们开始做翻转整个字符串的事情,是的,这将是更难,但Joe读者仍然能够打破它,neve tuohtiw gnieb dlot。
That being said, cryptography isn't based on obfuscation at all (or at least shouldn't be). Good crypto will continue to work, even once Eve has slogged through your obfuscated code and completely understands what is going on. IE: Many newspapers have substitution code puzzles that readers try and break over breakfast. If they started doing things like reversing the whole string, yes, it'd be harder, but Joe Reader would still be able to break it, neve tuohtiw gnieb dlot.
好的加密是基于假设是(还没有被证实,AFAIK)真的很困难的问题。示例包括因素分配素材,查找日志,或者真的任何其他
Good crypto is based on problems that are assumed to be (none proven yet, AFAIK) really difficult. Examples of this include factoring primes, finding the log, or really any other NP-complete problem.
更多的力量,你可以玩与数学的一个真正冷静的分支,只是记住加密是基于硬,不复杂的事情。许多加密算法,一旦你真正理解他们,是mindbogglyly简单,但仍然工作,因为他们是基于一个困难的东西,而不只是切换字母。
More power to you for playing around with a really cool branch of mathematics, just remember that crypto is based on things that are hard, not complicated. Many crypto algorithms, once you really understand them, are mindbogglingly simple, but still work because they're based on something that is hard, not just switching letters around.
注意:有了这个说,一些算法添加了额外的怪癖(像字符串seversal),使暴力强迫他们更困难。我的一部分感觉就像我在这里参考 DES ,但我不相信...
Note: With this being said, some algorithms do add in extra quirks (like string seversal) to make brute forcing them that much more difficult. A part of me feels like I read this somewhere referencing DES, but I don't believe it...
BTW:如果你以前没有找到它,我会猜测 TEA / XTEA / XXTEA 系列算法。
BTW: If you haven't found it before, I'd guess the TEA/XTEA/XXTEA series of algorithms would be of interest.
这篇关于你在编写自己的加密方法时使用什么技术?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
