堆栈内存溢出
  简体   繁体   English

PHP mcrypt_decrypt - 我可以确定是否使用正确的密钥解密数据?

[英]PHP mcrypt_decrypt - can I determine if data is decrypted with the right key?

 原文  2011-09-03 10:48:47       php/ validation/ mcrypt

问题描述

I'm working on a php script and are using mcrypt to encrypt/decrypt arbitrary data. 我正在开发一个php脚本,正在使用mcrypt来加密/解密任意数据。

When I decrypt encrypted data, using another key (eg I typed in the wrong password), the output won't be correctly decrypted of course. 当我使用另一个密钥解密加密数据时(例如我输入了错误的密码),当然输出将无法正确解密。

If the wrong key has been used I would like to display an error message, but I'm thinking it's quite hard to validate the output string as correct "plaintext" (since the chars in the encoded data are also valid as input data). 如果使用了错误的密钥,我想显示错误消息,但我认为很难将输出字符串验证为正确的“明文”(因为编码数据中的字符也作为输入数据有效)。

Is there any way to get around this? 有没有办法解决这个问题?

As I was writing this question, I got an idea :) 当我写这个问题时,我有了一个主意:)

Could I possibly prefix the input data with a static "control" string and use this for validation when I decrypt? 我可以使用静态“控制”字符串为输入数据添加前缀,并在解密时使用它进行验证吗?

2 个解决方案

解决方案1
 1  2012-06-24 10:13:51

I usually do this: 我经常这样做:

  • Hash the input data (file or message or whatever). 散列输入数据(文件或消息或其他)。
  • Encrypt the data. 加密数据。
  • Prepend the encrypted data with the IV and the hash of the data. 使用IV和数据散列预先加密数据。
  • Send or store the IV + hash + ciphertext. 发送或存储IV + hash + ciphertext。

As the IV and hash are always the same length, there is no need to add padding or control characters. 由于IV和散列的长度始终相同,因此无需添加填充或控制字符。

On the receiving or reading side: 在接收或阅读方面:

  • Extract the IV. 提取IV。
  • Extract the hash. 提取哈希值。
  • Extract and decrypt the encrypted text. 提取并解密加密文本。
  • Hash the decrypted data and check if it does match the extracted hash. 散列解密数据并检查它是否与提取的散列匹配。

So, you store the hash of the source data, NOT the hash of the key . 因此,您存储源数据的哈希值,而不是密钥的哈希值 As a commenter posted above, giving away the hash of your key is a vulnerability, as the attacker now needs only to search it in a rainbow table (it would compromise your data in a matter of seconds). 作为上面发布的评论者,泄露密钥的散列是一个漏洞,因为攻击者现在只需要在彩虹表中搜索它(它会在几秒钟内危及您的数据)。

You idea of storing a control string is good too (certainly is faster) but it cannot allow you to confirm the message or data is indeed uncorrupted, only that the correct key was used. 您对存储控制字符串的想法也很好(当然更快)但它不能让您确认消息或数据确实没有损坏,只是使用了正确的密钥。

解决方案2
 0  2013-07-29 13:44:16

The best way to add integrity to you encrypted data is to add MAC created ONLY on encrypted data. 为加密数据添加完整性的最佳方法是添加仅在加密数据上创建的MAC。

Don't apply MAC on plain text, because MAC can reveal some information about that text. 不要在纯文本上应用MAC,因为MAC可以显示有关该文本的一些信息。 MAC is not created to provide security - only integrity. 创建MAC不是为了提供安全性 - 仅提供完整性。

So, right algorithm would be ENCRYPT-THEN-MAC! 所以,正确的算法将是ENCRYPT-THEN-MAC!

More detailed information is available in this video http://d396qusza40orc.cloudfront.net/crypto/recoded_videos%2F7.4%20%5B974a4c90%5D%20.mp4 更多详细信息, 请参见此视频http://d396qusza40orc.cloudfront.net/crypto/recoded_videos%2F7.4%20%5B974a4c90%5D%20.mp4

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我应该在mcrypt_decrypt之后修剪解密的字符串吗? - Should I Trim the Decrypted String after mcrypt_decrypt? NodeJS中的PHP mcrypt_decrypt - PHP mcrypt_decrypt in NodeJS php mcrypt_decrypt()问题 - php mcrypt_decrypt() issue 使用加密数据php后mcrypt_decrypt错误输出 - mcrypt_decrypt wrong output after using encrypted data php php mcrypt_decrypt不考虑数据中的空字符 - php mcrypt_decrypt doesn't consider null chars in data 当我尝试更改加密的文本时,PHP mcrypt_decrypt将返回垃圾数据 - PHP mcrypt_decrypt will return garbage data when I tried to alter the encrypted text mcrypt_decrypt在解密文本的末尾添加null - mcrypt_decrypt adding null at the end of decrypted text mcrypt_decrypt()错误更改密钥大小 - mcrypt_decrypt() error change key size mcrypt_decrypt():密钥的大小对于 - mcrypt_decrypt(): Size of key is too large for 如何为mcrypt_decrypt创建$ key值? - How to create the $key value for mcrypt_decrypt?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM