问题描述
我使用的是.NET 3.5和vb.net。我不太了解下面提到的每一个加密的内部工作。我只是用在.NET类库提供的类。
I'm using .net 3.5 and vb.net. I know little about the inner working of each encryption mentioned below. I just use classes provided in .net class library.
我有一条信息已经加密了TripleDes,然后Rijndael算法,最后RC2算法。而这些算法的所有密钥和IV型已加密使用RSA 1024密钥长度分别。
I have a piece of information that have been encrypted with TripleDes, then Rijndael and finally RC2 algorithms. And all KEYs and IVs of those algorithms have been encrypted with RSA using 1024 keysize respectively.
时的安全考虑现在和长期
由于听说RSA加密可以被认为是安全的仅适用于某些年。例如,本文中的
Because I heard that RSA encryption can be considered safe only for certain years. For example, in this article 768-bit RSA cracked, 1024-bit safe (for now)
我应该增加RSA密钥长度为2048以上?
Should I increase the RSA keysize to 2048 or more?
更新
在这里安全装置的长期和非常重要的秘密
推荐答案
下面是按键多长时间不同的加密算法应该是一个列表: HTTP: //www.keylength.com 。此网站上列出的数字被认为是标准的。如果有疑问,检查那里。所述ECRYPT II方式是最近的出版物。你可以在这里找到一个PDF:http://www.ecrypt.eu.org/documents/D.SPA.13.pdf.它使一个有趣的阅读,似乎相当接近,即使你不知道很多有关加密(虽然我不能肯定,因为我在外地工作)。
Here is a list for how long keys for different encryption algorithms should be: http://www.keylength.com. The numbers listed on this site are regarded as the standard. When in doubt, check there. The Ecrypt II method is the most recent publication. You can find a PDF here: http://www.ecrypt.eu.org/documents/D.SPA.13.pdf. It makes for an interesting read and seems fairly accessible even if you don't know much about cryptography (although I can't be sure, since I work in the field).
作为加密的原始数据多次使用不同的算法:这是没有用的,只要你使用的加密算法,是一个强大。我的建议是使用的事实上的标准AES(= Rijndael算法)。
As for encrypting your original data multiple times with different algorithms: this is of no use, as long as you use an encryption algorithm that is strong. My suggestion would be to use the de-facto standard AES (= Rijndael).
至于你绕环关键lenght,如果你坚持使用AES,任何三个选项(128,192或256位)的罚款。事实上,上有256位AES不上的128位版本工作某些攻击(由于密钥调度)。无论如何,没有对AES公布的攻击是什么实际用途,到目前为止,所以挑选任何你想要的。
As for your symmetic key lenght, if you stick with AES, any of the three options (128, 192 or 256-bit) is fine. In fact, there are certain attacks on 256-bit AES that don't work on the 128-bit version (due to key scheduling). Anyway, none of the published attacks on AES are of any practical use so far, so pick whatever you want.
,是的,使用RSA-2048。顺便说一句,你可以在此表中看到: http://www.keylength.com/en/3/ , AES-128是平等的实力RSA-3248。
If you want to be very sure your key won't be decrypted, yes, use RSA-2048. Btw, as you can see in this table: http://www.keylength.com/en/3/, AES-128 is equal in strength to RSA-3248.
但有一个问题:你为什么要加密你的钥匙?您可以有效地将存储在安全的位置2048位RSA密钥才能解密的128位AES密钥。我不明白这一点。你还不如存储128位密钥的地方安全,用它做。或者是你使用多个RSA密钥建立一个对称密钥?
One question though: why are you encrypting your keys? You effectively will have to store a 2048-bit RSA key in a secure location to be able to decrypt your 128-bit AES key. I don't see the point. You might as well store the 128-bit key somewhere secure and be done with it. Or are you using multiple RSA keys to establish a symmetric key?
此外,工具变量应该是公开的,在掩藏没有用/加密它们,这有效地使他们成为第二个关键。你已经有一个关键。所以,不要打扰它们加密。
Also, IVs are supposed to be public, no use in hiding/encrypting them, that effectively makes them a 2nd key. You already have a key. So don't bother encrypting them.
这篇关于由RSA保护的数据的安全性,在长期的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!