AES加密和模糊ID [英] AES Encryption and Obfuscating IDs

问题描述

我正在考虑对敏感ID数据的小块进行哈希处理，但是我需要在模糊处理后将整个数据块保持完整的唯一性。

I was considering hashing small blocks of sensitive ID data but I require to maintain the full uniqueness of the data blocks as a whole once obfuscated.

所以，我想出了加密一些公开的输入数据（例如，128位零）的想法，使用我想要模糊化的数据作为密钥/密码，然后抛出

So, I came up with the idea of encrypting some publicly-known input data (say, 128 bits of zeroes), and use the data I want to obfuscate as the key/password, then throw it away, thus protecting the original data from ever being discovered.

我已经知道哈希算法，但我的问题是，我需要到 维持完全唯一性（通常是输入到输出的 1：1映射），但仍然检索实际输入。 散列无法提供此函数，因为信息在此过程中丢失。

I already know about hashing algorithms, but my problem is that I need to maintain full uniqueness (generally speaking a 1:1 mapping of input to output) while still making it impossible to retrieve the actual input. A hash cannot serve this function because information is lost during the process.

一旦加密，数据就会被检索。它只能用作之后的ID号。

It is not necessary that the data be retrieved once "encrypted". It is only to be used as an ID number from then on.

实际的GUID / UUID不合适这里因为我需要在每个标识符的基础上手动控制标识符。 ID不能为未知或任意生成的数据。

An actual GUID/UUID is not suitable here because I need to manually control the identifiers on a per-identifier basis. The IDs cannot be unknown or arbitrarily generated data.

EDIT： > 这些标识符由以下标识符组成：

To clarify exactly what these identifiers are made of:

• （未加密） 64位时间戳


• ID生成计数器（每个文件类型一个计数）


• 随机数据（使多个加密密钥不同）


• MAC地址（如果不可用，请设置顶位和随机数字）


• 其他特定于PC的信息（来自注册表）

• (unencrypted) 64bit Time Stamp
• ID Generation Counter (one count for each filetype)
• Random Data (to make multiple encrypted keys dissimilar)
• MAC Address (or if that's not available, set top bit + random digits)
• Other PC-Specific Information (from registry)

整个内容应该加起来为192位，但是加密段的内容大小可能不同（这决不是最终规范）。

The whole thing should add up to 192 bits, but the encrypted section's content size(s) could vary (this is by no means a final specification).

给定：

• IV值


• 任意任意128位密钥


• 静态128位输入

是否按照导致 1：1键< ---->输出映射的方式处理AES密钥，相同的输入值和IV值？

Are AES keys treated in a fashion that would result in a 1:1 key<---->output mapping, given the same input and IV value?

推荐答案

否。在抽象中，AES是一个排列的族，你可以用密钥选择一个随机排列。这是因为排列是双射的。

No. AES is, in the abstract, a family of permutations of which you select a random one with the key. It is the case that for one of those permutations(i.e. for encryption under a given AES key) you will not get collisions because permutations are bijective.

然而，对于两个不同的排列（即在不同的AES密钥下加密，这是你有的），不能保证你不会碰到什么。事实上，由于生日悖论，碰撞的可能性可能高于您的想象。

However, for two different permutations (i.e. encryption under different AES keys, which is what you have), there is no guarantee what so ever that you don't get a collision. Indeed, because of the birthday paradox, the likelihood of a collision is probably higher than you think.

如果您的ID短（<1024位），您可以他们的RSA加密，这将给你想要你想要的。你只需要忘记私钥。

If your ID's are short ( < 1024 bits) you could just do an RSA encryption of them which would give you want you want. You'd just need to forget the private key.

这篇关于AES加密和模糊ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！