[英]If a user has access to multiple encrypted pieces of data with AES encryption, would they be able to guess the encryption key?
I've started using RNCryptor , which describes itself as "CCCryptor (AES encryption) wrappers for iOS and Mac". 我已经开始使用RNCryptor ,它把自己描述为“ iOS和Mac的CCCryptor(AES加密)包装器”。
My question isn't specific to iOS, but is more general. 我的问题不是特定于iOS,而是更笼统。
Here's some code I might use to encrypt a string: 这是一些我可能用来加密字符串的代码:
func encryptText(text: String, encryptionKey: String) -> NSData? {
let textData = text.dataUsingEncoding(NSUTF8StringEncoding)
if textData == nil {
return nil
}
let encryptedTextData = RNCryptor.encryptData(textData!, password: encryptionKey)
return encryptedTextData
}
I have a few concerns: 我有一些担忧:
All an attacker could do is brute-force the key, which is not a realistic proposition, and one that does not get easier with the knowledge of multiple messages (unless there is some weakness in AES that we are not aware of that would produce "patterns"). 攻击者唯一能做的就是强行破解密钥,这不是一个现实的主张,而且对于多条消息的了解也不会变得更容易(除非AES中存在一些我们不知道的弱点,否则会产生“模式”)。
You may be wondering if there are other advantages to an attacker if he gains access to many intercepted (or even decrypted) messages. 您可能想知道,如果攻击者可以访问许多被拦截(甚至解密)的消息,那么攻击者是否还有其他优势。 For example the ability to guess a plaintext if it was similar or even identical to an earlier message.
例如,猜测纯文本是否与先前的消息相似甚至相同的能力。
AES includes setting an "initialization vector". AES包括设置“初始化向量”。
Usually, you set a random IV for every message and send that along with the encrypted message. 通常,您为每条消息设置一个随机IV,并将其与加密的消息一起发送。 Your library is doing that as well.
您的图书馆也正在这样做。 The result is that no two messages are encrypted in exactly the same way.
结果是没有两个消息以完全相同的方式加密。 Even if you send the same plaintext three times, it will end up in three disparate ciphertexts (indistinguishable from three different messages).
即使您发送了相同的明文三次,它也将以三个完全不同的密文结尾(与三种不同的消息无法区分)。 Same idea as "salting".
与“盐腌”相同的想法。
would adding a series of random characters to the end of each string (lets say 20 characters) secure me from that type of attack?
将每个字符串的末尾添加一系列随机字符(比如说20个字符)可以使我免受这种攻击吗?
The random IV mechanism makes this unnecessary. 随机IV机制使这不必要。
As for it being effective, AES is a block cipher. 至于有效,AES是分组密码。 The output of earlier blocks can affect the output of later blocks, but not the other way around.
较早块的输出会影响较后块的输出,但反过来却不会。 So a random padding at the end will only change the last block.
因此,最后的随机填充只会更改最后一个块。 If anything, you'd want to pad your string at the beginning.
如果有的话,您希望在一开始就填充字符串。 But again, the algorithm itself (if used properly) has mechanisms to deal with these concerns (in the form of IV, block chaining and block padding).
但是同样,算法本身(如果使用得当)具有处理这些问题的机制(以IV,块链接和块填充的形式)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.