TripleDES:指定的键是“TripleDES”的已知弱键,不能使用 [英] TripleDES: Specified key is a known weak key for 'TripleDES' and cannot be used
问题描述
我使用.NET 3.0类 System.Security.Cryptography.MACTripleDES
类来生成MAC值。不幸的是,我使用的硬件设备使用 1111111111111111
(十六进制)作为单长度DES密钥。 System.Security.Cryptography
库会对密钥进行一些正确性检查,如果您尝试使用密码较弱的密钥,则会返回一个异常。
I'm using the .NET 3.0 class System.Security.Cryptography.MACTripleDES
class to generate a MAC value. Unfortunately, I am working with a hardware device that uses "1111111111111111
" (as hex) as a single-length DES key. The System.Security.Cryptography
library does some sanity checking on the key and returns a Exception if you try to use a cryptographically weak key.
例如:
byte[] key = new byte[24];
for (int i = 0; i < key.Length; i++)
key[i] = 0x11;
byte[] data = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] computedMac = null;
using (MACTripleDES mac = new MACTripleDES(key))
{
computedMac = mac.ComputeHash(data);
}
引发异常
System.Security.Cryptography.CryptographicException : Specified key is a known weak key for 'TripleDES' and cannot be used.
我知道这不是一个安全的密钥。在生产中,设备将使用新的安全密钥闪存。同时,有没有办法禁止这个异常被抛出?也许 app.config
或注册表设置?
I know this is not a secure key. In production, the device will be flashed with a new, secure key. In the mean time, is there any way to inhibit this Exception from being thrown? Perhaps an app.config
or registry setting?
编辑:键实际上是101010 ...由于该算法强制奇校验。我不知道这是否是通用的DES算法或只是一个要求在支付处理工作,我做。
The key would actually be 101010... due to the algorithm forcing odd parity. I'm not sure if this is universal to the DES algorithm or just a requirement in the payment processing work I do.
编辑2:丹尼尔的答案下面有一些非常好有关黑客.NET的信息。不幸的是,我无法使用这种技术解决我的问题,但仍然有一些有趣的阅读。
Edit 2: Daniel's answer below has some very good information about hacking .NET. Unfortunately, I wasn't able to solve my problem using this technique, but there is still some interesting reading there.
推荐答案
使用MACTripleDES与DES密钥重复伪造单个DES CBC-MAC,您可以自己在 DESCryptoServiceProvider 。
Instead of using MACTripleDES with the DES key repeated to fake a single DES CBC-MAC, you could just implement CBC-MAC yourself on top of DESCryptoServiceProvider.
< 1111111111111111>不是弱DES密钥。
<1111111111111111> is not a weak DES key.
这将计算DES CBC-MAC:
This will calculate a DES CBC-MAC:
public static byte[] CalcDesMac(byte[] key, byte[] data){
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
des.Key = key;
des.IV = new byte[8];
des.Padding = PaddingMode.Zeros;
MemoryStream ms = new MemoryStream();
using(CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)){
cs.Write(data, 0, data.Length);
}
byte[] encryption = ms.ToArray();
byte[] mac = new byte[8];
Array.Copy(encryption, encryption.Length-8, mac, 0, 8);
PrintByteArray(encryption);
return mac;
}
这篇关于TripleDES:指定的键是“TripleDES”的已知弱键,不能使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!