堆栈内存溢出
  简体   繁体   English

SALT和KEY之间的区别。加密

[英]Difference between SALT and KEY. Encryption

 原文  2011-09-05 01:47:06       java/ encryption/ key/ salt

问题描述

Alright, so im trying to learn a little about Encrypting messages in my java application. 好吧,所以我试着在我的java应用程序中学习加密消息。 I just found out that SALT and KEY aren't the same. 我刚刚发现SALT和KEY不一样。

Can someone help me understand what the difference between the two is? 有人能帮助我理解两者之间的区别是什么吗?

2 个解决方案

解决方案1
 17 已采纳  2011-09-05 01:49:34

The key is, crudely, the equivalent of a password; 关键是粗略地相当于密码; you use it to encrypt a message, and then the same key gets used to decrypt it back to the original plaintext. 您使用它来加密消息,然后使用相同的密钥将其解密回原始明文。 (Well, it gets a little more complex, once you have public and private keys, and so on.) (嗯,一旦你有公钥和私钥,它会变得有点复杂,等等。)

A salt is most typically encountered with cryptographic hash functions, not encryption functions. 是最典型的是用加密散列函数,没有加密功能,遇到。 The idea is that rather than hashing just your data (eg a password), you hash data+salt, where salt is typically a randomly-generated string. 我们的想法是,不是散列数据(例如密码),而是散列数据+ salt,其中salt通常是随机生成的字符串。 They have (at least) two purposes: 他们(至少)有两个目的:

  • To foil an attacker who has access to the hashed data from identifying a collision using a rainbow table . 阻止有权访问散列数据的攻击者使用彩虹表识别冲突
  • To slow down an attacker who's trying a brute-force attack. 减慢正在尝试蛮力攻击的攻击者。

解决方案2
 3  2011-09-05 01:58:20

The key is essentially the password with which you lock the original content. 密钥本质上是用于锁定原始内容的密码。

To make the password more difficult to reverse engineer, you can add a salt to the produced encryption. 要使密码更难以进行逆向工程,可以在生成的加密中添加salt

To give an obviously simple example, lets say you want to encrypt a character string. 举一个明显简单的例子,假设你要加密一个字符串。 Your encryption routine is to reverse the word. 你的加密程序是颠倒这个词。 So, for the string "Hello, World", after running encryption, your string would be "dlroW ,olleH". 因此,对于字符串“Hello,World”,运行加密后,您的字符串将为“dlroW,olleH”。 You could then add a salt to it. 然后你可以添加盐。 In this example, the salt will be "foo", so the result after salting would be "dlroW ,olleHfoo". 在这个例子中,盐将是“foo”,因此盐析后的结果将是“dlroW,olleHfoo”。 Now, if someone managed to reverse engineer your encryption algorithm, they'd get "oofHello World", which is not the original message, and thus your information is still safe! 现在,如果有人设法对您的加密算法进行逆向工程,他们就会得到“oofHello World”,这不是原始信息,因此您的信息仍然是安全的!

This really comes into use when you iteratively encrypt , eg, 这在迭代加密时真正开始使用,例如,
result = salt + encrypt(salt+encrypt(salt+encrypt(message))). result = salt + encrypt(salt + encrypt(salt + encrypt(message)))。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Rijndael或AES匹配Java加密-带有盐和密钥 - Rijndael or AES to match java encryption - with salt and key 加密密钥中的盐可以不同用于加密和解密吗? - Can the salt in the encryption key can be different for encryption and decryption? 我们在哪里存储密钥/密码/盐用于加密? - Where do we store key/passphrase/salt for encryption? Java和Android之间的加密差异 - Encryption difference between java and android 使用salt的Java AES加密 - Java AES Encryption with salt Perl和Java之间河豚加密的区别 - Difference in blowfish encryption between Perl and Java 简单字符加密的这两种“方法”的区别 - Difference between these two "methods" for simple character encryption RSA加密:Java和Android之间的区别 - RSA Encryption: Difference between Java and Android 在Java中使用自定义盐进行河豚加密 - Blowfish encryption with custom salt in Java Debug和Signing键之间的区别 - Difference between Debug and Signing key
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM