PHP：Mcrypt - 哪种模式？ [英] PHP: Mcrypt - which mode?

问题描述

我一直在测试各种可用的模式 PHP的 mcrypt 函数。 ECB 是大多数教程中使用的模式，但不是仅仅链接页面和一些用户，所以我认为CBC 或 CFB 应该做的伎俩。

PHP文档不是太胖，它与 mcrypt 可用的不同模式进行比较，而是引用应用程序密码学由Schneier'，我现在不太热衷于购买。

那么哪个 mcrypt -modes我想使用，为什么？

解决方案

mcrypt 实际上实现了比列出的更多的模式，你可以使用字符串名称访问它们：

• cbc - CBC 模式


• cfb - 8位 CFB ode;


• ncfb - 块大小 CFB 模式;


• nofb - OFB 模式（不是 ofb ）;


• ctr - 点击率模式

填充：

• CBC 模式只加密完整的块，所以 mcrypt 纯文本，零字节，除非您实现自己的填充。




• CFB ， OFB 和点击率模式加密任何长度的邮件。

初始化向量 / p>

• CBC 和 CFB 模式需要一个随机的IV（不要使用 MCRYPT_RAND ）。




• OFB 模式只需要一个唯一的IV例如一个全局计数器，也许是数据库主键，如果行从不被修改或删除）。




• 要求每个计数器块唯一（不仅仅是消息的IV，它是第一个计数器块，而是其余的，通过将消息的每个块递增1个计数器块）。

NIST建议。

在PHP中，应该不重要的性能有差异，例如加密或解密是否可以并行化，以及多少密码每个块使用迭代（通常为一个，但是在8位CFB模式中为16）。

可延展性，这应该不重要，因为您将应用 MAC 。

它们的安全性可能会有差异，但是您应该咨询密码学家。

I've been testing out the various modes available in PHP's mcrypt function. ECB is the mode used in most tutorials, but isn't recommended by both the just linked page and some users, so I reckon that either CBC or CFB should do the trick.

The PHP documentation isn't too fat in it's comparision of the different modes available to mcrypt and instead refers to the book of 'Applied Cryptography by Schneier', which I am not too keen to buy for the moment.

So which of the mcrypt-modes do I want to use and why?

解决方案

mcrypt actually implements more modes than listed, you can use the string names to access them:

• cbc – CBC mode
• cfb – 8-bit CFB mode;
• ncfb – block-size CFB mode;
• nofb – OFB mode (not ofb);
• ctr – CTR mode.

The modes differ in implementation details, so their suitability depends on your data and environment.

Padding:

• CBC mode only encrypts complete blocks, so mcrypt pads your plaintext with zero bytes unless you implement your own padding.

• CFB, OFB and CTR modes encrypt messages of any length.

Initialization vector:

• CBC and CFB modes require a random IV (don't use MCRYPT_RAND).

• OFB mode merely requires a unique IV (e.g. a global counter, maybe the database primary key if rows are never modified or deleted).

• CTR requires that each counter block is unique (not just the IV of the message, which is the first counter block, but the rest, formed by incrementing the counter block by 1 for each block of the message).

More information in the NIST recommendations.

There are differences in performance which should be unimportant in PHP, such as whether encryption or decryption can be parallelized and how many cipher iterations are used per block (usually one, but 16 in 8-bit CFB mode).

There are differences in malleability which should be unimportant because you will apply a MAC.

And there may be differences in their security, but for that you should consult a cryptographer.

这篇关于PHP：Mcrypt - 哪种模式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！