为什么在三重DES密钥或初始值中更改一位不会给出不同的加密数据? [英] Why does changing one bit in a Triple DES key or initial value not give different encrypted data?
问题描述
从pyDes import *
data ='Hello'
#CBC:Cipher-Block-Chaining
#\0..\1:CBC的任意初始值
#pad = None:让pyDes处理填充字节
k1 = triple_des(16-byte-key-here,CBC,\0\0\0\0\0\ 0 \0\1,pad = None,padmode = PAD_PKCS5)
k2 = triple_des(16-byte-key-herf,CBC,\0\0\0\0 \0\0\0\1,pad = None,padmode = PAD_PKCS5)
k3 = triple_des(16-byte-key-herd,CBC,\0\0\\ \\ 0\0\0\0\0\1,pad = None,padmode = PAD_PKCS5)
d1 = k1.encrypt(data)
d2 = k2 .encrypt(data)
d3 = k3.encrypt(data)
assert d1!= d2
assert d2!= d3
assert d1!= d3
其中一个断言似乎失败了,如果我只是对键或初始值;我已经看到了 d1!= d2 和 d1!= d3 根据我所做的更改而失败。我也尝试将'Hello'更改为'Hello'* 50 ,以确保不仅仅是一个案例的输入数据太短。
如果我完全随机的键,则断言通过。使用如上所述的程序, d1!= d3 失败(这些键分开一点; k1-k2是2位不同)。
我绝对不是一个加密专家,但是如果两个密钥只有一个相邻的密钥导致相同的加密数据,那么这意味着强制关键的努力只会降低一个因素两个,对吗?
我是否缺少一些明显的东西? Triple DES不应该为非常类似的键提供独特的结果?还是PyDes中的错误?也许别人可以在另一个实现中确认这个行为?
@Chris Jester-Young答复了键中的某些位是奇偶校验位。而事实证明,根据这篇文章:
请注意,虽然DES的输入密钥长度为64位,DES使用的实际密钥长度只有56位。每个字节中最不重要(最右)的位是奇偶校验位,应设置为每个字节总是有1个奇数位。这些奇偶校验位被忽略,因此只使用每个字节的七个最高有效位,导致密钥长度为56位。 这意味着三重DES的有效密钥强度实际上是168位,因为三个密钥中的每一个包含在加密过程中不使用的8个奇偶校验位。
< blockquote>
(重点是我的)
这些奇偶校验位正是这个例子中我正在改变的位。 p>
感谢Chris!
解决方案在DES中,奇偶校验位,并不影响加密/解密。
I'm using pyDes to encrypt some data. I wanted to demonstrate that if you change even one bit in the key or initial value, the encrypted data would be totally different. I set up the 16-byte key to change the last character by +/- 1, causing at least one bit to be different. However, even when I do that, the 3 different instances of encrypted data are not all different.
from pyDes import * data = 'Hello' # CBC : Cipher-Block-Chaining # \0..\1: arbitrary initial value for CBC # pad=None: let pyDes take care of padding bytes k1 = triple_des("16-byte-key-here", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5) k2 = triple_des("16-byte-key-herf", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5) k3 = triple_des("16-byte-key-herd", CBC, "\0\0\0\0\0\0\0\1", pad=None, padmode=PAD_PKCS5) d1 = k1.encrypt(data) d2 = k2.encrypt(data) d3 = k3.encrypt(data) assert d1 != d2 assert d2 != d3 assert d1 != d3One of the assertions seems to fail if I only make a small change to either the key or initial value; I have seen both
d1 != d2andd1 != d3fail depending on what I change. I have also tried changing'Hello'to'Hello' * 50to make sure it wasn't just a case of the input data being too short.If I make totally random keys, the assertions pass. With the program as seen above,
d1 != d3fails (those keys are one bit apart; k1-k2 are 2 bits different).I am by no means an encryption expert, but if two keys only one bit apart result in the same encrypted data, then that means the effort it takes to brute-force the key just went down by a factor of two, right?
Am I missing something obvious? Is Triple DES not supposed to give unique results for very similar keys? Or is this a bug in PyDes? Maybe someone else could confirm this behavior in another implementation?
@Chris Jester-Young had the answer that some of the bits in the key are parity bits. And as it turns out, according to this article:Note that although the input key for DES is 64 bits long, the actual key used by DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity bit, and should be set so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most significant bits of each byte are used, resulting in a key length of 56 bits. This means that the effective key strength for Triple DES is actually 168 bits because each of the three keys contains 8 parity bits that are not used during the encryption process.
(emphasis was mine)
And those parity bits were exactly the bits I was changing in the example.
Thanks Chris!
解决方案In DES, some bits of the key are parity bits, and don't actually affect the encryption/decryption.
这篇关于为什么在三重DES密钥或初始值中更改一位不会给出不同的加密数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
