[英]Is it possible, to make a plain-text attack on machine key encryption?
I protect some strings with the following function: 我使用以下功能保护一些字符串:
public static string ProtectString(string input)
{
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
return enc.GetString(MachineKey.Protect(enc.GetBytes(input), null));
}
If i now encrypt a string, the attacker may now (ie an username), is he able to extract the machine key with the encrypted and decrypted values? 如果我现在对字符串进行加密,那么攻击者现在可以(即用户名)使用他的加密和解密值提取机器密钥吗?
I did some research and found out, that the used algorithm is one of those: DES, 3DES or AES . 我做了一些研究,发现所使用的算法是其中一种: DES,3DES或AES 。 And that algorithms are very resistant to plain-text attacks.
而且该算法非常抗纯文本攻击。
Based on Chris' comment, DES is very weak, so choose AES if possible. 根据克里斯的评论,DES非常弱,因此请尽可能选择AES。
But that's not a reason, to gift plain text values to your attacker :) 但这不是给攻击者赠送纯文本值的原因:)
If you give a hacker the cipher text and the plain text, that is all he needs to brute force the crypto key. 如果您给黑客提供密文和纯文本,这就是他强行破解加密密钥所需要的。 That and a farm of high performance computers.
那是一个高性能计算机场。
Really there is rarely a reason to send the clear text and plain text at the same time. 实际上,几乎没有理由同时发送明文和纯文本。 Just don't do it.
只是不要这样做。 If you want to make the clear text tamper-resistant, pass the cleartext along with an HMAC instead.
如果要使纯文本具有防篡改功能,则应将纯文本与HMAC一起传递。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.