问题描述
如果我使用Rijndael CBC模式,我不知道为什么我们需要盐。
我的理解是,即使人们知道密码,但是如果没有IV,他就无法获取数据。
所以从我的角度来看,密码+ IV似乎是足够安全的。
我有什么问题吗?
是的,你需要所有这些东西。
盐(和迭代计数)用于从密码导出密钥。有关更多信息,请参阅PKCS#5。用于密钥推导的盐和迭代计数不一定是秘密的。盐不应该是不可预测的,最好随机选择。
CBC模式需要一个初始化向量。这是由加密随机数生成器为每个消息产生的随机数据块。它用作虚拟的初始密文块。像密钥衍生盐一样,它不一定要保密,而且通常会随密文一起发送。
密码和派生自它的密钥,必须保密。即使攻击者具有密钥推导和加密的参数以及密文,他也不需要任何密钥。
更新:
密码未被随机选择;一些密码比其他密码更有可能。因此,攻击者不是生成给定长度的所有可能的密码(穷举强力搜索),而是维护一个密码列表,按照概率降低排序。
从密码导出加密密钥相对较慢(由于密钥导出算法的迭代)。推出几百万个密码的密钥可能需要几个月的时间。这将激励攻击者从他最可能密码列表中获取密钥一次,并存储结果。有了这样一个列表,他可以快速尝试用他的列表中的每个密钥进行解密,而不是花费几个月的计算时间来重新导出密钥。
然而,每一位盐将存储派生密钥所需的空间加倍,并为每个可能的密码导出密钥所需的时间。几个字节的盐,它很快就变得不可行,创建和存储这样的列表。
盐是必要的,以防止预计算攻击。
一个IV(或具有计数器模式的随机数)使相同的纯文本产生不同的密文。防止攻击者利用纯文本中的模式从一组加密消息中获取信息。
需要初始化向量来隐藏消息中的模式。 >
一个用于增强密钥的安全性,另一个增强了用该密钥加密的每个消息的安全性。两者都必须在一起。
If I am using Rijndael CBC mode, I have no idea why we would need salt.My understanding is even if people know the password, but he cannot get the data without IV.So from my perspective, password + IV seem to be sufficent secure.
Do I get anything wrong?
Yes, you need all of these things.
Salt (and an "iteration count") is used to derive a key from the password. Refer to PKCS #5 for more information. The salt and iteration count used for key derivation do not have to be secret. The salt should be unpredictable, however, and is best chosen randomly.
CBC mode requires an initialization vector. This is a block of random data produced for each message by a cryptographic random number generator. It serves as the dummy initial block of ciphertext. Like the key-derivation salt, it doesn't have to be kept secret, and is usually transmitted along with the cipher text.
The password, and keys derived from it, must be kept secret. Even if an attacker has the parameters for key derivation and encryption, and the ciphertext, he can do nothing without the key.
Update:
Passwords aren't selected randomly; some passwords are much more likely than others. Therefore, rather than generating all possible passwords of a given length (exhaustive brute-force search), attackers maintain a list of passwords, ordered by decreasing probability.
Deriving an encryption key from a password is relatively slow (due to the iteration of the key derivation algorithm). Deriving keys for a few million passwords could take months. This would motivate an attacker to derive the keys from his most-likely-password list once, and store the results. With such a list, he can quickly try to decrypt with each key in his list, rather than spending months of compute time to derive keys again.
However, each bit of salt doubles the space required to store the derived key, and the time it takes to derive keys for each of his likely passwords. A few bytes of salt, and it quickly becomes infeasible to create and store such a list.
Salt is necessary to prevent pre-computation attacks.
An IV (or nonce with counter modes) makes the same plain text produce different cipher texts. The prevents an attacker from exploiting patterns in the plain text to garner information from a set of encrypted messages.
An initialization vector is necessary to hide patterns in messages.
One serves to enhance the security of the key, the other enhances the security of each message encrypted with that key. Both are necessary together.
这篇关于密码,盐和四,我需要所有这些吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!