问题描述
我生成加密密钥的一些敏感数据与 Rijndael算法(AES)加密algoritm 。我使用一个GUID作为密钥生成器。难道这些键强就够了吗?
I'm generating an encryption key to encrypt some sensitive data with the Rijndael (AES) encryption algoritm. I'm using a guid as key generator. Are these keys "strong" enough?
注:这是20分钟仅得敏感
推荐答案
没有。该GUID键可以pdicted $ P $,至少那些由.NET / WinAPI的产生。还要记住的GUID甚至没有一个真正的128bit的随机性,因为版本号是固定的。这使您可以在第一时间非常弱密钥。
No. The GUID keys can be predicted, at least those generated by .NET / WinAPI. Also keep in mind that the GUID does not even have a true 128bit randomness, because the version number is fixed. This gives you a very weak key in the first place.
更糟糕的是,几个版本的GUID算法患有predictability。的一点是,GUID的不随意创建的,但是它们遵循一定的规则,使之实际上不可能为GUID来碰撞
To make matters worse, several versions of the GUID algorithm suffer from predictability. The point is that GUIDs are not created at random, but they follow certain rules to make it practically impossible for GUIDs to collide.
作为评价所讨论的,GUID V1从隐私问题(或者,反过来,较弱的键)受到影响,因为该MAC地址被用于生成它们。 GUID为V4时,仍有办法predict根据(俄语)低于源的顺序。
As discussed in the comments, GUID V1 suffered from privacy issues (or, the other way around, weaker keys) because the MAC address was used to generate them. With GUID V4, there are still ways to predict the sequence according to the (russian) source below.
幸运的是,.NET具有保密性强的随机发生器在船上。该 RNGCryptoServiceProvider 是您的朋友:
Fortunately, .NET has cryptographically strong random generators on board. The RNGCryptoServiceProvider is your friend:
RNGCryptoServiceProvider _cryptoProvider = new RNGCryptoServiceProvider();
int fileLength = 8 * 1024;
var randomBytes = new byte[fileLength];
_cryptoProvider.GetBytes(randomBytes);
您可能希望参考:
How我可以生成在C#中以加密安全伪随机数 - 显示的替代品,并在注释中,链接到维基百科给出:
How can I generate a cryptographically secure pseudorandom number in C#? -- shows alternatives and in a comment, the link to Wikipedia is given:
http://en.wikipedia.org/wiki/Globally_Unique_Identifier
在那里,它被要求(根据维基百科的页面是俄语),人们可以predict previous和未来数产生:
In there, it is claimed (according to wikipedia, the page is in Russian)that one can predict previous and future numbers generated:
http://www.gotdotnet.ru/blogs/denish/1965/
这篇关于是一个GUID一个良好的键(临时)加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!