Android:传递给AESObfuscator的随机SALT字节是否需要保持不变?
[英]Android: Do the random SALT bytes passed to AESObfuscator need to stay the same?
问题描述
I'm implementing licensing in my Android application, and there is an array of 20 bytes that need to be passed into the AESObfuscator that is passed to the ServerManagedPolicy object. 
我正在Android应用程序中实现许可,并且需要将20个字节的数组传递到AESObfuscator中,该AESObfuscator传递给ServerManagedPolicy对象。 Can this array be generated randomly every time the code is ran, or does it have to be hardcoded? 可以在每次运行代码时随机生成此数组,还是必须对其进行硬编码?
Right now I'm randomly generating the salt like this: 现在,我正在随机生成盐,如下所示:
private static final byte[] SALT;
static {
Random random = new Random();
random.setSeed(System.currentTimeMillis());
byte[] buf = new byte[20];
random.nextBytes(buf);
SALT = buf;
}
1 个解决方案
解决方案1
6 已采纳 2011-11-16 12:56:08
A bit late, but yes : the salt must remain the same to be able to decrypt the stored values again. 有点晚了,但是是的 :盐必须保持不变才能再次解密存储的值。
Basically Salting means randomizing a passphrase to make dictionary attacks a lot harder. 基本上,加盐意味着将密码短语随机化,使字典攻击变得更加困难。 How does a salt protect against a dictionary attack? 盐如何防止字典攻击?
Update (one year later :) By the way: use a SecureRandom generator for the bytes in stead of a Random generator - it's better (I could go into detail, but you can find that elsewhere as well. http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html ) 更新(一年以后:)顺便说一句:使用一个SecureRandom发生器在随机生成的代替字节-这是更好的 (我会细讲,但你可以找到其他地方也是如此。 http://docs.oracle .com / javase / 7 / docs / api / java / security / SecureRandom.html )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.