RC4安全使用明文作为加密的关键? [英] RC4 Safe to use plaintext as the key to encrypt itself?
问题描述
使用诸如 PBKDF2 之类的关键代码算法处理,这将允许您从密码中安全地生成哈希值以一种适合密码验证的方式(这正是我假设你正在做的)。
虽然可以生成一个RC4安全的系统这样(通过使用良好的KDF(如PBKDF2)将密码转换成RC4密钥,然后生成随机随机数),这是无关紧要的开销。您将得到一个更长的最终密码,以达到相同的安全级别,并且需要更长的时间来生成它。最后,您将创建一个非常复杂的安全哈希函数(其第一步是做唯一你需要做的事情),您可能会错过一切,使系统不安全RC4可能很难做到正确,已知有关键攻击,因此WEP的中断。
Basically what the title says. If I have a password, of say "APPLEPIE" is it safe to use "APPLEPIE" as the key when I RC4 it? Is it possible to break the RC4 encryption when you know the Key and Plaintext or are short and the same?
This should be handled with a key generation algorithm like PBKDF2, which will allow you to securely generate a hash from your password in a way that is appropriate for password verification (which is what I assume you're doing).
While it is possible to generate a system by which RC4 would be safe this way (by converting the password into an RC4 key using a good KDF (such as PBKDF2), and then generating a random nonce), this is a lot of overhead to no purpose. You'll wind up with a much longer final cipher text for the same level of security, and it'll take you longer to generate it. In the end, you'll have just created an extremely complicated secure hash function (whose first step is "do the only thing you needed to do anyway). And you'll probably have made a mistake along the way, making the system insecure. RC4 can be tricky to do correctly and has known related-key attacks; hence the break of WEP.
这篇关于RC4安全使用明文作为加密的关键?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
