PBE:尝试解密之前验证密码 [英] PBE: Verify password before attempting to decrypt
问题描述
static Cipher createCipher(int mode,String password)throws Exception {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(PBEWithMD5AndDES);
SecretKey key = keyFactory.generateSecret(keySpec);
MessageDigest md = MessageDigest.getInstance(MD5);
md.update(input.getBytes());
byte [] digest = md.digest();
byte [] salt = new byte [8]; (int i = 0; i< 8; ++ i)
salt [i] = digest [i];
PBEParameterSpec paramSpec = new PBEParameterSpec(salt,20);
密码密码= Cipher.getInstance(PBEWithMD5AndDES);
cipher.init(mode,key,paramSpec);
返回密码;
}
static void applyCipher(String inFile,String outFile,Cipher cipher)throws异常{
String decrypt =;
CipherInputStream in = new CipherInputStream(new FileInputStream(inFile),cipher);
BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(outFile));
int BUFFER_SIZE = 8;
byte [] buffer = new byte [BUFFER_SIZE];
int numRead = 0;
do {
numRead = in.read(buffer);
System.out.println(buffer +,0,+ numRead);
if(numRead> 0){
out.write(buffer,0,numRead);
System.out.println(toHexString(buffer,0,numRead));
}
} while(numRead == 8);
in.close();
out.flush();
out.close();
}
private static char [] hex_table = {
'0','1','2','3','4','5','6' 7','8','9',
'a','b','c','d','e','f'
public static String toHexString(byte [] data,int offset,int length)
{
StringBuffer s = new StringBuffer(length * 2);
int end = offset + length; (int i = offset; i< end; i ++)
$ b {
int high_nibble =(data [i]& 0xf0)>>> 4;
int low_nibble =(data [i]& 0x0f);
s.append(hex_table [high_nibble]);
s.append(hex_table [low_nibble]);
}
return s.toString();
}
然而,为了使程序更加用户友好,我希望能够在生成文件之前检查用户是否输入了正确的密码。我不想把钥匙放在门垫下或完全撤销安全等 - 我只是想防止错误的文件被生成,如果用户输入错误的密码...
任何想法将不胜感激。如果您需要更多细节,请不要犹豫。
提前感谢
使用PBKDF2WithHmacSHA1而不是PBEWithMD5AndDES。后来的用户有两个不同的过时的原语。前者是目前的标准。
您有两个选项
-
快速但不太安全:
在加密文件的开始处放置一个很短的已知值,或者使用相同的密码加密完全不同的短文件。当您解密此文件时,请检查已知值。
显然这样做很快。它的安全性稍差一些,因为这意味着攻击者试图强制强制密码可以更快地丢弃猜测的密码:而不必查看整个文件,他们只需要检查该值。这不是一个大问题,因为您的密钥导出功能应该是足够的,他们还必须运行
-
存储加密文件的哈希值并验证解密时的哈希。
更安全的是,攻击者必须解密整个文件并读取它,但同样的原因是缓慢。
I am making an application in Java and I want to allow users to encrypt a file (or folder - I'd zip the directory) using a password of their choice. I currently have the following method(s):
static Cipher createCipher(int mode, String password) throws Exception {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(keySpec);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update("input".getBytes());
byte[] digest = md.digest();
byte[] salt = new byte[8];
for (int i = 0; i < 8; ++i)
salt[i] = digest[i];
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);
Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
cipher.init(mode, key, paramSpec);
return cipher;
}
static void applyCipher(String inFile, String outFile, Cipher cipher) throws Exception {
String decryption = "";
CipherInputStream in = new CipherInputStream(new FileInputStream(inFile), cipher);
BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(outFile));
int BUFFER_SIZE = 8;
byte[] buffer = new byte[BUFFER_SIZE];
int numRead = 0;
do {
numRead = in.read(buffer);
System.out.println(buffer + ", 0, " + numRead);
if (numRead > 0){
out.write(buffer, 0, numRead);
System.out.println(toHexString(buffer, 0, numRead));
}
} while (numRead == 8);
in.close();
out.flush();
out.close();
}
private static char[] hex_table = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f'};
public static String toHexString(byte[] data, int offset, int length)
{
StringBuffer s = new StringBuffer(length*2);
int end = offset+length;
for (int i = offset; i < end; i++)
{
int high_nibble = (data[i] & 0xf0) >>> 4;
int low_nibble = (data[i] & 0x0f);
s.append(hex_table[high_nibble]);
s.append(hex_table[low_nibble]);
}
return s.toString();
}
However, to make the program more user friendly I would like to be able to check that the user has entered the correct password before a file is produced. I don't want to "leave the key under the door mat" or completely undo the security etc. - I just want to prevent the wrong file from being produced if the user enters the wrong password...
Any ideas will be greatly appreciated. If you need anymore details please don't hesitate to ask.
Thanks in advance
Use PBKDF2WithHmacSHA1 and not PBEWithMD5AndDES. The later users two different outdated primitives. The former is the current standard.
you have two options
Fast but less secure: Put a short known value at the start of your encrypted file or encrypt an entirely different short file under the same password. When you decrypt this file, check for the known value.
Clearly this works quickly. Its slightly less secure because it means an attacker attempting to brute force the password can discard a guessed password faster: instead of having to look at the whole file, they just have to check that value. This is not really a big issue since your key derivation function should be hard enough and they still have to run that
Store the hash of the file encrypted as well and verify the hash on decryption. More secure in that the attacker has to decrypt the whole file and read through it, but by the same token it is slow.
这篇关于PBE:尝试解密之前验证密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
