加密是否保证完整性? [英] Does encryption guarantee integrity?
问题描述
为了建立一个安全的系统,我们可以在开始编程之前假设我的问题。
- 在对称和公开键
加密,是我的问题
好防? - 如果没有,什么是
漏洞,你能给一个
的例子吗?
否。如果您考虑一次性填写,这是很容易看到的,一个简单的(理论上)完美的安全系统。
如果你改变输出的任何位,一些明确的文本将改变,收件人没有办法检测这个。 p>
这是一个明显的例子,但是同样的结论适用于大多数加密系统。
因此,您可能需要添加数字签名。有趣的是,当使用公钥密码术时,签署然后加密(SE)或加密然后签名(ES)是不够的。这两个都很容易受到重放攻击。您必须签署加密签名或加密签署加密以获得一个通常安全的解决方案。此论文详细解释了为什么。
如果您使用SE,收件人可以解密邮件,然后重新加密到不同的收件人。
如果您使用ES,窃听者可以删除签名并添加自己的签名。因此,即使他们不能读取消息,他们可以取得信用,假装是原始发件人。
To build a secure system can we assume my question before starting programming.
- Both in symmetric and public-key encryption, is my question well-proofed ?
- If no, what are the vulnerabilities, can you give an example?
No. This is easy to see if you consider the one-time pad, a simple (theoretically) perfectly secure system.
If you change any bit of the output, a bit of the clear text will change, and the recipient has no way to detect this.
This is an obvious case, but the same conclusion applies to most encryption systems. They only provide for confidentiality, not integrity.
Thus, you may want to add a digital signature. Interestingly, when using public key cryptography, it is not sufficient to sign then encrypt (SE), or to encrypt then sign (ES). Both of these are vulnerable to replay attacks. You have to either sign-encrypt-sign or encrypt-sign-encrypt to have a generally secure solution. This paper explains why in detail.
If you use SE, the recipient can decrypt the message, then re-encrypt it to a different recipient. This then deceives the new recipient about the sender's intended recipient.
If you use ES, an eavesdropper can remove the signature and add their own. Thus, even though they can't read the message, they can take credit for it, pretending to be the original sender.
这篇关于加密是否保证完整性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
