加密保证完整吗? [英] Does encryption guarantee integrity?
问题描述
- 在对称和公开密钥
中,建立一个安全的系统我们可以假设我的问题加密,是我的问题
保证好吗? - 如果没有,
的漏洞是什么,你可以给出一个
的例子吗?
不。如果您考虑一次性垫片,这很简单(理论上讲)完美安全的系统。
如果您更改输出的任何位,则清除文本的一部分将会更改,而收件人无法检测到这一点。 >
这是一个明显的例子,但同样的结论也适用于大多数加密系统。他们只提供保密性,而不是诚信。
因此,您可能需要添加一个数字签名。有趣的是,当使用公共密钥密码术时,签名然后加密(SE)或加密然后签名(ES)是不够的。这两者都容易受到重播攻击。您必须进行签名加密签名或加密签名加密以具有一般安全的解决方案。这个论文详细解释了原因。
如果您使用SE,收件人可以解密邮件,然后将其重新加密到其他收件人。然后欺骗新的收件人发送者的预期收件人。
如果您使用ES,窃听者可以删除签名并添加自己的签名。因此,尽管他们无法读取消息,但是它们可以信用,假装是原始发件人。
To build a secure system can we assume my question before starting programming.
- Both in symmetric and public-key encryption, is my question well-proofed ?
- If no, what are the vulnerabilities, can you give an example?
No. This is easy to see if you consider the one-time pad, a simple (theoretically) perfectly secure system.
If you change any bit of the output, a bit of the clear text will change, and the recipient has no way to detect this.
This is an obvious case, but the same conclusion applies to most encryption systems. They only provide for confidentiality, not integrity.
Thus, you may want to add a digital signature. Interestingly, when using public key cryptography, it is not sufficient to sign then encrypt (SE), or to encrypt then sign (ES). Both of these are vulnerable to replay attacks. You have to either sign-encrypt-sign or encrypt-sign-encrypt to have a generally secure solution. This paper explains why in detail.
If you use SE, the recipient can decrypt the message, then re-encrypt it to a different recipient. This then deceives the new recipient about the sender's intended recipient.
If you use ES, an eavesdropper can remove the signature and add their own. Thus, even though they can't read the message, they can take credit for it, pretending to be the original sender.
这篇关于加密保证完整吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
