如果用户可以使用AES加密访问多个加密数据,他们是否能够猜出加密密钥?
[英]If a user has access to multiple encrypted pieces of data with AES encryption, would they be able to guess the encryption key?
问题描述
I've started using RNCryptor , which describes itself as "CCCryptor (AES encryption) wrappers for iOS and Mac". 
我已经开始使用RNCryptor ,它把自己描述为“ iOS和Mac的CCCryptor(AES加密)包装器”。
My question isn't specific to iOS, but is more general. 我的问题不是特定于iOS,而是更笼统。
Here's some code I might use to encrypt a string: 这是一些我可能用来加密字符串的代码:
func encryptText(text: String, encryptionKey: String) -> NSData? {
let textData = text.dataUsingEncoding(NSUTF8StringEncoding)
if textData == nil {
return nil
}
let encryptedTextData = RNCryptor.encryptData(textData!, password: encryptionKey)
return encryptedTextData
}
I have a few concerns: 我有一些担忧:
- If a user doesn't have access to the encryption key, but there were multiple strings encrypted with the same encryption key that they did have access to, would they be able to figure out what the encryption key is? 如果用户无权访问加密密钥,但是有多个用他们确实有权使用的加密密钥加密的字符串,那么他们是否能够找出加密密钥是什么?
- If a user knows the contents of one of the strings, for example "Test String", would they be able to figure out the encryption key using that knowledge, and thus access the other strings? 如果用户知道其中一个字符串的内容,例如“测试字符串”,他们是否能够使用该知识找出加密密钥,从而访问其他字符串?
- If yes to 2, would adding a series of random characters to the end of each string (lets say 20 characters) secure me from that type of attack? 如果为2,则在每个字符串的末尾添加一系列随机字符(比如说20个字符)是否可以使我免受这种攻击? If someone had that knowledge, would it be easy for them to remove the last 20 characters and decrypt the remaining string? 如果有人知道这一点,他们是否很容易删除最后20个字符并解密剩余的字符串?
1 个解决方案
解决方案1
4 已采纳 2016-03-11 11:31:47
All an attacker could do is brute-force the key, which is not a realistic proposition, and one that does not get easier with the knowledge of multiple messages (unless there is some weakness in AES that we are not aware of that would produce "patterns"). 攻击者唯一能做的就是强行破解密钥,这不是一个现实的主张,而且对于多条消息的了解也不会变得更容易(除非AES中存在一些我们不知道的弱点,否则会产生“模式”)。
You may be wondering if there are other advantages to an attacker if he gains access to many intercepted (or even decrypted) messages. 您可能想知道,如果攻击者可以访问许多被拦截(甚至解密)的消息,那么攻击者是否还有其他优势。 For example the ability to guess a plaintext if it was similar or even identical to an earlier message. 例如,猜测纯文本是否与先前的消息相似甚至相同的能力。
AES includes setting an "initialization vector". AES包括设置“初始化向量”。
Usually, you set a random IV for every message and send that along with the encrypted message. 通常,您为每条消息设置一个随机IV,并将其与加密的消息一起发送。 Your library is doing that as well. 您的图书馆也正在这样做。 The result is that no two messages are encrypted in exactly the same way. 结果是没有两个消息以完全相同的方式加密。 Even if you send the same plaintext three times, it will end up in three disparate ciphertexts (indistinguishable from three different messages). 即使您发送了相同的明文三次,它也将以三个完全不同的密文结尾(与三种不同的消息无法区分)。 Same idea as "salting". 与“盐腌”相同的想法。
would adding a series of random characters to the end of each string (lets say 20 characters) secure me from that type of attack?
The random IV mechanism makes this unnecessary. 随机IV机制使这不必要。
As for it being effective, AES is a block cipher. 至于有效,AES是分组密码。 The output of earlier blocks can affect the output of later blocks, but not the other way around. 较早块的输出会影响较后块的输出,但反过来却不会。 So a random padding at the end will only change the last block. 因此,最后的随机填充只会更改最后一个块。 If anything, you'd want to pad your string at the beginning. 如果有的话,您希望在一开始就填充字符串。 But again, the algorithm itself (if used properly) has mechanisms to deal with these concerns (in the form of IV, block chaining and block padding). 但是同样,算法本身(如果使用得当)具有处理这些问题的机制(以IV,块链接和块填充的形式)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.