adobe air / flash中的高性能加密 [英] high performance encryption in adobe air / flash

问题描述

当在行动脚本/空中/闪光灯中查找加密相关的课程/功能时，我看到 as3crypto 项目。

When looking for encryption related classes/functions in action script / air / flash, I saw the as3crypto project.

这一个提供了一组v。很好的选项，但是当这些选项用于解密本地媒体文件时，我对某些数字表示意味着什么选择即将播放。

This one provides a v. nice set of options, but I am a bit concerned on what the numbers presented means when these are used to decrypt a local media file when its selected about to be played.

我正在寻找安全性与性能平衡。

对于视频/音乐，它需要以足够快的速度进行解码，以便播放器顺利播放这是取决于使用的格式，但在所有情况下，都不得不等待解码整个文件的延迟。

For video/music, it needs to decode at a fast enough pace so the player plays it smoothly - which is something that depends on the format used, but is in all cases less than the delay of having to wait to decode the whole file.

最难的部分来自于 Flash应用也需要使用它，因为需要等待所有这些都执行任何操作。除非这个假设是错误的，否则这是as3crypto页面列表中最佳性能算法似乎太慢，即1.5 MB x秒的，需要20秒的时间才能解密30 MB Flash应用。

The hardest part comes from having to use it for flash apps as well, since afaik it needs to wait for all of it to do anything. Unless this assumption is wrong, this is where the best performance algorithm in the list in the as3crypto page seems too slow i.e. at 1.5 MB x sec, it would take 20 secs to decipher a 30 MB flash app.

主要问题是：

• 有更高性能的其他库吗？在空气中有什么可能吗？


• 对于视频/歌曲，什么是很好的 MB x秒可以播放？


• 在运行任何内容之前，闪存是否等待加载完整的Flash应用程序？

• Are there any other libraries with higher performance? Anything in adobe air maybe?
• For videos/songs, what would be a good number of MB x sec for it to be playable?
• Does flash waits until loading completely a flash app before running anything of it?

推荐答案

关于性能，如果您可以流式传输视频&音乐，即一次处理它们一个块，那么你只需要解密一个块，而不是解密整个文件。

Regarding performance, if you can stream the video & music, i.e. process them one block at a time, then you only need to decrypt one block ahead instead of decrypting the entire file. This will probably be good enough for performance no matter the algorithm.

为了最好的安全性，尝试AES -256，最好是CTR模式（见 Colin Percival的文章的理由）。请注意，CTR模式将AES块密码转换为相当于流密码，而不会降低其安全性 - 这具有一些有用的属性，如随机访问解密（与CBC，迫使您将所有数据解密到所需数据）。

For the best security try AES-256, preferably in CTR mode (see Colin Percival's article for rationale). Note that CTR mode converts the AES block cipher to the equivalent of a stream cipher without reducing its security - this has some useful properties, like random-access decryption (vs. CBC which forces you to decrypt everything up to the data you want).

如果CPU负载过高，RC4较弱，但对于大多数用途而言足够好。请确保使用256位密钥。

If the CPU load is too high, RC4 is weaker but good enough for most uses. Be sure to use a 256-bit key.

最后，生成加密密钥的方式非常重要：

Finally, the way you generate the encryption keys is very important:

如果您使用相同的基本密钥加密所有文件，请始终使用随机数（也称为初始化向量）加密时：

If you use the same base key to encrypt all the files, always use a nonce (a.k.a IV or "Initialization Vector") when encrypting:

• 一个随机字节是一组随机字节，保留在<


• 为每个加密的文件创建并使用不同的随机数/ IV。


• CTR模式API包括设置IV / nonce的方式，您使用的库支持它


• 如果您使用RC4：
  
  
  
  
  • 保存随机数/自己
  
  
  • 使用HMAC-SHA256与基本键和随机数生成最终加密密钥，如上所述 here
  
  
  • A nonce / IV is a group of random bytes that are kept in the clear next to your ciphertext (often prepended to the ciphertext)
  • Create and use a different nonce / IV for each encrypted file
  • CTR mode APIs include a way to set the IV / nonce, the library you use supports it
  • If you use RC4:
    • save the nonce / IV yourself
    • generate the final encryption key using HMAC-SHA256 with the base key and the nonce, like mentioned here

    如果用户输入密码，则使用PBKDF2生成基本加密密钥（再次参见 Colin Percival的文章的理由）。

    If the user enters a password, generate the base encryption key using PBKDF2 (again, see Colin Percival's article for rationale).

    由于您在库中有一个hmac-sha256实现，您可以轻松地实现PBKDF2-HMAC-SHA256，搜索网络或SO进行示例实现。

    Since you have an hmac-sha256 implementation in the library it's easy to implement PBKDF2-HMAC-SHA256 yourself, search the net or SO for sample implementations.

    这篇关于adobe air / flash中的高性能加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！