在编写自己的加密方法时,您使用什么技术? [英] What techniques do you use when writing your own cryptography methods?
问题描述
我想这更公平地说,我被那些可以打破各种加密方法,但我离题。
到目前为止,在编写加密技术时使用什么方法?混淆在密码学方面有好处吗?
我使用两个基于键的XOR加密,键上的各种哈希技术(SHA1),以及简单的东西,如反转字符串在这里和那里等。 >
我有兴趣看看别人的想法,并尝试写一个不那么开箱即用的加密方法。此外,任何关于打破各种加密技术的专业知识的信息也将是有趣的。
澄清 - 我不希望在任何生产代码或我的任何代码中使用它。我很有趣的学习如何运作,而不是重新发明车轮。 :)
Ian
所有其他人都说过,去吧!是的,你的代码可能会有缓冲区溢出漏洞,可能是缓慢的,错误的等等,但你这样做是为了 FUN !我完全理解在使用加密时发现的娱乐享受。
据说,密码学根本不是基于混淆(或至少不应该)。即使一旦 Eve 已经通过您的模糊代码和完全的密码了解发生了什么IE:许多报纸都有替代代码,让读者尝试和突破早餐。如果他们开始做一些事情,比如扭转整个字符串,是的,这将会更加困难,但是Joe Reader仍然可以打破它,可以打破它。
好的加密是基于假设(没有证明,AFAIK)的问题真的很困难。例如因式分解素数,查找日志,或其他任何 NP-complete 问题。
有更多的权力来玩有一个非常酷的数学分支,只要记住,加密是基于很难,不复杂的事情。许多加密算法,一旦你真正了解它们,就会明显地简单,但仍然有效,因为它们是基于很难的东西,而不仅仅是切换信件。
注意:就这样说,一些算法增加了额外的怪癖(如字符串切换),使得强迫他们更加困难。我的一部分感觉就像我在这里参考 DES 的地方,但我不相信...
BTW:如果你以前没有找到它,我会猜测 TEA / XTEA / XXTEA 系列算法将令人感兴趣。
For years, maybe 10, I've been fascinated with cryptography. I read a book about XOR bit-based encryption, and have been hooked ever since thing.
I guess it's more fair to say that I'm fascinated by those who can break various encryption methods, but I digress.
To the point -- what methods do you use when writing cryptography? Is obfuscation good in cryptography?
I use two key-based XOR encryption, various hashing techniques (SHA1) on the keys, and simple things such as reversing strings here and there, etc.
I'm interested to see what others think of and try when writing a not-so-out-of-the-box encryption method. Also -- any info on how the pros go about "breaking" various cryptography techniques would be interesting as well.
To clarify -- I have no desire to use this in any production code, or any code of mine for that matter. I'm interesting in learning how it works through toying around, not reinventing the wheel. :)
Ian
To contradict what everyone else has said so far, go for it! Yeah, your code might have buffer overflow vulnerabilities in it, and may be slow, buggy, etc, but you're doing this for FUN! I completely understand the recreational enjoyment found in playing with crypto.
That being said, cryptography isn't based on obfuscation at all (or at least shouldn't be). Good crypto will continue to work, even once Eve has slogged through your obfuscated code and completely understands what is going on. IE: Many newspapers have substitution code puzzles that readers try and break over breakfast. If they started doing things like reversing the whole string, yes, it'd be harder, but Joe Reader would still be able to break it, neve tuohtiw gnieb dlot.
Good crypto is based on problems that are assumed to be (none proven yet, AFAIK) really difficult. Examples of this include factoring primes, finding the log, or really any other NP-complete problem.
[Edit: snap, neither of those are proven NP-complete. They're all unproven, yet different. Hopefully you still see my point: crypto is based on one-way functions. Those are operations that are easy to do, but hard to undo. ie multiply two numbers vs find the prime factors of the product. Good catch tduehr]
More power to you for playing around with a really cool branch of mathematics, just remember that crypto is based on things that are hard, not complicated. Many crypto algorithms, once you really understand them, are mindbogglingly simple, but still work because they're based on something that is hard, not just switching letters around.
Note: With this being said, some algorithms do add in extra quirks (like string seversal) to make brute forcing them that much more difficult. A part of me feels like I read this somewhere referencing DES, but I don't believe it... [EDIT: I was right, see 5th paragraph of this article for a reference to the permutations as useless.]
BTW: If you haven't found it before, I'd guess the TEA/XTEA/XXTEA series of algorithms would be of interest.
这篇关于在编写自己的加密方法时,您使用什么技术?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
