每个元件开销安全地加密64位? [英] Securely Encrypt 64bits w/o per element overhead?
问题描述
我如何安全地加密64位?我怀疑它不是真正安全的随机IV /种子。但我不想存储它。目前,我可以想到的另一个选项是具有加密RNG并运行它说10000次,如果该值是第10000个索引,那么xor的值。但是性能明智的,不会缩放。
如何正确安全地加密64位,每64位可以存储额外的位?我在想,可能用(种子xor索引)喂一个加密RNG X运行它X值和值。但我有一种感觉有一个更好的主意?
AES 具有块大小 128位,所以如果你使用它,你最终将加密加密作为有意义的数据。
你可以使用 DES (或者,最好是 3DES ),因为它的块大小是64位。
初始化向量对于攻击者来说应该是很难预测的,但它并不像密钥那样真正的秘密,所以可以算法选择;请参阅例如 ESSIV 算法,用于生成per-扇区IV用于磁盘加密。您可以使用相同的方案 - 只需将类似于记录的唯一ID号的类似的扇区号替换,因此您实际上不必存储IV,只需在解密时使用算法重新生成。 (但如果您修改了记录的唯一ID,请确保使用新的IV解密并重新加密!)
如果您加密,您可以避免使用IV使用 ECB模式,但这并不是一个好主意。对于给定的密钥,相同的明文总是在ECB模式下加密到相同的密文,所以攻击者可以看到你的密码在两个记录中是相同的,即使他无法确定实际值。假设您没有为每个记录使用不同的键,那么您希望为每个记录使用不同的IV。
I have a long in my database. I like to encrypt it. I could use xor but that is not very secure as a pattern can be seen and the xor value may be revealed. IIRC AES has a key and an initialize vector (IV) which can be thought as a seed (when talking about random numbers). I believe the IV should be randomly made. This is so a different pattern occurs when encrypting the same data with the key.
How might i securely encrypt 64bits? I suspect it may not be truely secure w/o a random IV/seed. But i do not want to store it. At the moment the other option i can think of is having a cryptographic RNG and running it say 10000 times if the value is the 10000th index then xor the value. But performance wise that doesn't scale.
How do i properly and securely encrypt 64bits w/o storing extra bits for each 64bits? I'm thinking maybe feed a crypto RNG with (seed xor index) run it X times and xor that with the value. But i have a feeling someone has a better idea?
AES has a block size of 128 bits, so if you use that, you'll end up encrypting as much padding as meaningful data.
You could use DES (or, preferably, 3DES), since its block size is 64 bits.
The initialization vector should be difficult for the attacker to predict, but it's not actually secret like the key is, so it can be chosen algorithmically; see, for example, the ESSIV algorithm used to generate per-sector IVs for disk encryption. You could use the same scheme — just replace the "sector number" with something analogous like the record's unique ID number — so you don't actually have to store the IV, just regenerate it using the algorithm at decryption time. (But if you ever modify the record's unique ID, make sure you decrypt and re-encrypt with the new IV!)
You can avoid using an IV entirely if you encrypt using ECB mode, but that's not really a good idea. For a given key, the same plaintext always encrypts to the same ciphertext in ECB mode, so an attacker would be able to see that your secret number is the same in two records even if he can't determine the actual value. Assuming that you're not using different keys for each record, you want to have a different IV for each record.
这篇关于每个元件开销安全地加密64位?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
