AES 256加密与PyCrypto使用CBC模式 - 任何弱点? [英] AES 256 Encryption with PyCrypto using CBC mode - any weaknesses?
问题描述
从Crypto.Cipher导入AES
从Crypto导入随机
BLOCK_SIZE = 32
INTERRUPT = u'\\\'
PAD = u'\\\�'
def AddPadding(data,interrupt,pad, block_size)
new_data =''.join([data,interrupt])
new_data_len = len(new_data)
remaining_len = block_size - new_data_len
to_pad_len = remaining_len%block_size
pad_string = pad * to_pad_len
return''.join([new_data,pad_string])
def StripPadding(data,interrupt,pad):
return data.rstrip( pad).rstrip(interrupt)
SECRET_KEY = Random.new()。read(32)
IV = Random.new()。read(16)$ b $
$ b def EncryptWithAES(encrypt_cipher,AES.MODE_CBC,IV)
纯文本_数据):
plaintext_padded = AddPadding(plaintext_data,INTERRUPT,PAD,BLOCK_SIZE)
encrypted = encrypt_cipher.encrypt(plaintext_padded)
返回加密
def DecryptWithAES(decrypt_cipher, encrypted_data):
decoded_encrypted_data = encrypted_data
decryptpted_data = decrypt_cipher.decrypt(decoded_encrypted_data)
return StripPadding(decryptpted_data,INTERRUPT,PAD)
our_data_to_encrypt = u'abc11100000'
encrypted_data = EncryptWithAES(cipher_for_encryption,our_data_to_encrypt)
print('加密字符串:',encrypted_data)
decryptpted_data = DecryptWithAES(cipher_for_decryption,encrypted_data)
print('Decrypted string :',decryptpted_data)
张贴在互联网上。原则上 - 没有太多的错误,但没有必要发明自己的填充。此外,我不明白为什么第一个填充字符叫做INTERRUPT。我假设INTERRUPT和PAD被处理为一个字节(我不是Python专家)。
最常见的填充是PKCS#5填充。它由N字节和填充字节数的值组成。这里使用的填充更像是ISO填充,它由一个位设置为1,以将其与数据和其他填充位区分开,其余为零。这将是代码中的代码点\\\。
所以加密(可以提供数据的机密性)似乎被正确使用。如果您还需要完整性保护和/或认证,则取决于用例,例如通过使用MAC或HMAC。当然,没有任何法律保证或任何提供。
I have the following python script to encrypt/decrypt data using AES 256, could you please tell me if there's anything in the code that may make the encryption weak or if there's anything that I've not taken account of for AES 256 encryption using CBC mode? I've tested the script and it works fine, it is encrypting and decrypting data but just wanted a second opinion. Thanks.
from Crypto.Cipher import AES
from Crypto import Random
BLOCK_SIZE = 32
INTERRUPT = u'\u0001'
PAD = u'\u0000'
def AddPadding(data, interrupt, pad, block_size):
new_data = ''.join([data, interrupt])
new_data_len = len(new_data)
remaining_len = block_size - new_data_len
to_pad_len = remaining_len % block_size
pad_string = pad * to_pad_len
return ''.join([new_data, pad_string])
def StripPadding(data, interrupt, pad):
return data.rstrip(pad).rstrip(interrupt)
SECRET_KEY = Random.new().read(32)
IV = Random.new().read(16)
cipher_for_encryption = AES.new(SECRET_KEY, AES.MODE_CBC, IV)
cipher_for_decryption = AES.new(SECRET_KEY, AES.MODE_CBC, IV)
def EncryptWithAES(encrypt_cipher, plaintext_data):
plaintext_padded = AddPadding(plaintext_data, INTERRUPT, PAD, BLOCK_SIZE)
encrypted = encrypt_cipher.encrypt(plaintext_padded)
return encrypted
def DecryptWithAES(decrypt_cipher, encrypted_data):
decoded_encrypted_data = encrypted_data
decrypted_data = decrypt_cipher.decrypt(decoded_encrypted_data)
return StripPadding(decrypted_data, INTERRUPT, PAD)
our_data_to_encrypt = u'abc11100000'
encrypted_data = EncryptWithAES(cipher_for_encryption, our_data_to_encrypt)
print ('Encrypted string:', encrypted_data)
decrypted_data = DecryptWithAES(cipher_for_decryption, encrypted_data)
print ('Decrypted string:', decrypted_data)
I've seen the code posted on the internet. There are - in principle - not too many things wrong with it, but there is no need to invent your own padding. Furthermore, I don't see why the first padding character is called INTERRUPT. I presume that INTERRUPT and PAD is handled as a single byte (I'm not a Python expert).
The most common padding is PKCS#5 padding. It consists of N bytes with the value of the number of padding bytes. The padding used here looks more like 'ISO' padding, which consists of a single bit set to 1 to distinguish it from the data and other padding bits, and the rest is zero's. That would be code point \u0080 in code.
So the encryption (which can provide confidentiality of data) seems to be used correctly. It depends on the use case if you also need integrity protection and/or authentication, e.g. by using a MAC or HMAC. Of course, no legal guarantees or anything provided.
这篇关于AES 256加密与PyCrypto使用CBC模式 - 任何弱点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
