什么对称密码用于加密消息? [英] What symmetric cypher to use for encrypting messages?
问题描述
假设您有一个节点系统通过异步消息在网络上相互通信。节点不保留关于其他节点的会话信息(这是一个设计限制)。
假设您只想确定节点可以读取正在发送的消息。我相信加密是这样的解决方案。
由于节点没有维护会话,通信必须以无状态,无连接的方式工作,我猜测非对称加密是排除了
所以这里是我想做的:
- 消息作为UDP数据报发送
- 每个消息都包含一个时间戳以使消息不同(计数器重放攻击)
- 每个消息都使用共享密钥加密对称密钥并通过网络发送
- 其他端可以使用共享密钥对称密钥解密
显然可以通过妥协任何一个节点来破坏密钥。同时,在这种情况下,访问任何一个受到破坏的节点都会显示所有有趣的信息,所以关键不是最弱的链接。
我应该使用什么密码为加密?什么关键长度?
我更喜欢使用 ezPyCrypto 。
如大多数人指出的那样,我用AES去。我应该使用什么模式?
我无法弄清楚如何使用ezPyCrypto, PyCrypto 似乎挂在主持人互换和Google上 keyczar 不解释如何设置这一点 - 我担心如果我不仅仅是获得,那么我冒险引入不安全感。所以准系统会更好。 这个家伙声称在python中有一个很好的模块,但他也断言这是他的第一个python项目 - Allthough他可能比我更加聪明,也许他被绊倒了?
编辑:我移动搜索python实现,以另一个问题来阻止clobber ...
您的第一个想法应该是渠道安全 - SSL / TLS或IPSec。
诚然,这两者都具有一定的设置开销,IPSec不仅仅是SSL / TLS,特别是在PKI等方面,而是在开发简单性,可靠性,安全性等方面为自己付出代价。只需确保您使用的密码套件适用于协议。
如果SSL / TLS或IPSec都不适合您的场景/环境,则您的下一个选择应该是 AES (又名Rijndael)。
使用至少256位长的密钥,
密钥应该由密码安全的随机数生成器随机生成(而不是简单的rnd()调用)。
设置密码模式 CBC 。
使用PKCS7填充。
生成一个唯一的,加密随机的初始化向量(IV)。
不要忘记妥善保护和管理您的密钥,也可以考虑定期按键轮换。
根据您的数据,您可能还需要实现键入哈希,以提供消息完整性 - 使用 SHA-256 进行散列。
还有一些罕见的情况,你可能想要使用流密码,但通常更复杂,我建议你第一次避免它。
现在,我不熟悉ezpycrypto(或一般是真的python),并且不能真正地声明它支持所有这一切;但是这里的一切都是非常标准的,建议最佳做法,如果您的加密库不支持,我建议找到一个; - )。
I haven't a clue about encryption at all. But I need it. How?
Say you have a system of nodes communicating with each other on a network via asynchronous messages. The nodes do not maintain session information about other nodes (this is a design restriction).
Say you want to make sure only your nodes can read the messages being sent. I believe encryption is the sollution to that.
Since the nodes are not maintaining a session and communication must work in a stateless, connectionless fashion, I am guessing that asymmetric encryption is ruled out.
So here is what I would like to do:
- messages are sent as UDP datagrams
- each message contains a timestamp to make messages differ (counter replay attacks)
- each message is encrypted with a shared secret symmetric key and sent over the network
- other end can decrypt with shared secret symmetric key
Keys can obviously be compromised by compromising any single node. At the same time, in this scenario, access to any single compromised node reveals all interesting information anyway, so the key is not the weakest link.
What cypher should I use for this encryption? What key length?
I would prefer to use something supported by ezPyCrypto.
Assuming, as most point out, I go with AES. What modes should I be using?
I couldn't figure out how to do it with ezPyCrypto, PyCrypto seems to be hung on a moderator swap and googles keyczar does not explain how to set this up - I fear if I don't just get it, then I run a risk of introducing insecurity. So barebones would be better. This guy claims to have a nice module for AES in python, but he also asserts that this is his first python project - Allthough he is probably loads smarter than I, maybe he got tripped up?
EDIT: I moved the search for the python implementation to another question to stop clobber...
Your first thought should be channel security - either SSL/TLS, or IPSec.
Admittedly, these both have a certain amount of setup overhead, IPSec more than SSL/TLS, especially when it comes to PKI etc. - but it more than pays for itself in simplicity of development, reliability, security, and more. Just make sure you're using strong cipher suites, as appropriate to the protocol.
If neither SSL/TLS or IPSec fits your scenario/environment, your next choice should be AES (aka Rijndael).
Use keys at least 256 bits long, if you want you can go longer.
Keys should be randomly generated, by a cryptographically secure random number generator (and not a simple rnd() call).
Set the cipher mode to CBC.
Use PKCS7 padding.
Generate a unique, crypto-random Initialization Vector (IV).
Don't forget to properly protect and manage your keys, and maybe consider periodic key rotations.
Depending on your data, you may want to also implement a keyed hash, to provide for message integrity - use SHA-256 for hashing.
There are also rare situations where you may want to go with a stream cipher, but thats usually more complicated and I would recommend you avoid it your first time out.
Now, I'm not familiar ezpycrypto (or really python in general), and cant really state that it supports all this; but everything here is pretty standard and recommended best practice, if your crypto library doesnt support it, I would suggest finding one that does ;-).
这篇关于什么对称密码用于加密消息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
