【问题标题】:How secure is VB.NET Rijndael Managed Encryption or AES?VB.NET Rijndael 托管加密或 AES 的安全性如何?
【发布时间】:2012-02-11 18:51:28
【问题描述】:

我使用的是this code 的略微修改版本。创建任务关键型应用程序。将被加密的文件非常重要。这必须从头开始,因为除此之外还有其他一些事情要做。

这有多安全?这个加密不可能破解吧?

非常抱歉,这是一个有效的链接。 http://www.codeproject.com/Articles/12092/Encrypt-Decrypt-Files-in-VB-NET-Using-Rijndael

Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Cryptography


'*************************
'** Global Variables
'*************************

Dim strFileToEncrypt As String
Dim strFileToDecrypt As String
Dim strOutputEncrypt As String
Dim strOutputDecrypt As String
Dim fsInput As System.IO.FileStream
Dim fsOutput As System.IO.FileStream



'*************************
'** Create A Key
'*************************

Private Function CreateKey(ByVal strPassword As String) As Byte()
    'Convert strPassword to an array and store in chrData.
    Dim chrData() As Char = strPassword.ToCharArray
    'Use intLength to get strPassword size.
    Dim intLength As Integer = chrData.GetUpperBound(0)
    'Declare bytDataToHash and make it the same size as chrData.
    Dim bytDataToHash(intLength) As Byte

    'Use For Next to convert and store chrData into bytDataToHash.
    For i As Integer = 0 To chrData.GetUpperBound(0)
        bytDataToHash(i) = CByte(Asc(chrData(i)))
    Next

    'Declare what hash to use.
    Dim SHA512 As New System.Security.Cryptography.SHA512Managed
    'Declare bytResult, Hash bytDataToHash and store it in bytResult.
    Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
    'Declare bytKey(31).  It will hold 256 bits.
    Dim bytKey(31) As Byte

    'Use For Next to put a specific size (256 bits) of 
    'bytResult into bytKey. The 0 To 31 will put the first 256 bits
    'of 512 bits into bytKey.
    For i As Integer = 0 To 31
        bytKey(i) = bytResult(i)
    Next

    Return bytKey 'Return the key.
End Function


'*************************
'** Create An IV
'*************************

Private Function CreateIV(ByVal strPassword As String) As Byte()
    'Convert strPassword to an array and store in chrData.
    Dim chrData() As Char = strPassword.ToCharArray
    'Use intLength to get strPassword size.
    Dim intLength As Integer = chrData.GetUpperBound(0)
    'Declare bytDataToHash and make it the same size as chrData.
    Dim bytDataToHash(intLength) As Byte

    'Use For Next to convert and store chrData into bytDataToHash.
    For i As Integer = 0 To chrData.GetUpperBound(0)
        bytDataToHash(i) = CByte(Asc(chrData(i)))
    Next

    'Declare what hash to use.
    Dim SHA512 As New System.Security.Cryptography.SHA512Managed
    'Declare bytResult, Hash bytDataToHash and store it in bytResult.
    Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
    'Declare bytIV(15).  It will hold 128 bits.
    Dim bytIV(15) As Byte

    'Use For Next to put a specific size (128 bits) of bytResult into bytIV.
    'The 0 To 30 for bytKey used the first 256 bits of the hashed password.
    'The 32 To 47 will put the next 128 bits into bytIV.
    For i As Integer = 32 To 47
        bytIV(i - 32) = bytResult(i)
    Next

    Return bytIV 'Return the IV.
End Function

加解密

'****************************
'** Encrypt/Decrypt File
'****************************

Private Enum CryptoAction
    'Define the enumeration for CryptoAction.
    ActionEncrypt = 1
    ActionDecrypt = 2
End Enum

Private Sub EncryptOrDecryptFile(ByVal strInputFile As String, _
                                 ByVal strOutputFile As String, _
                                 ByVal bytKey() As Byte, _
                                 ByVal bytIV() As Byte, _
                                 ByVal Direction As CryptoAction)
    Try 'In case of errors.

        'Setup file streams to handle input and output.
        fsInput = New System.IO.FileStream(strInputFile, FileMode.Open, _
                                              FileAccess.Read)
        fsOutput = New System.IO.FileStream(strOutputFile, _
                                               FileMode.OpenOrCreate, _
                                               FileAccess.Write)
        fsOutput.SetLength(0) 'make sure fsOutput is empty

        'Declare variables for encrypt/decrypt process.
        Dim bytBuffer(4096) As Byte 'holds a block of bytes for processing
        Dim lngBytesProcessed As Long = 0 'running count of bytes processed
        Dim lngFileLength As Long = fsInput.Length 'the input file's length
        Dim intBytesInCurrentBlock As Integer 'current bytes being processed
        Dim csCryptoStream As CryptoStream
        'Declare your CryptoServiceProvider.
        Dim cspRijndael As New System.Security.Cryptography.RijndaelManaged
        'Setup Progress Bar
        pbStatus.Value = 0
        pbStatus.Maximum = 100

        'Determine if ecryption or decryption and setup CryptoStream.
        Select Case Direction
            Case CryptoAction.ActionEncrypt
                csCryptoStream = New CryptoStream(fsOutput, _
                cspRijndael.CreateEncryptor(bytKey, bytIV), _
                CryptoStreamMode.Write)

            Case CryptoAction.ActionDecrypt
                csCryptoStream = New CryptoStream(fsOutput, _
                cspRijndael.CreateDecryptor(bytKey, bytIV), _
                CryptoStreamMode.Write)
        End Select

        'Use While to loop until all of the file is processed.
        While lngBytesProcessed < lngFileLength
            'Read file with the input filestream.
            intBytesInCurrentBlock = fsInput.Read(bytBuffer, 0, 4096)
            'Write output file with the cryptostream.
            csCryptoStream.Write(bytBuffer, 0, intBytesInCurrentBlock)
            'Update lngBytesProcessed
            lngBytesProcessed = lngBytesProcessed + _
                                    CLng(intBytesInCurrentBlock)
            'Update Progress Bar
            pbStatus.Value = CInt((lngBytesProcessed / lngFileLength) * 100)
        End While

        'Close FileStreams and CryptoStream.
        csCryptoStream.Close()
        fsInput.Close()
        fsOutput.Close()

我已将主要代码从那里粘贴到这里。

【问题讨论】:

  • 链接已经失效,请更新您的问题并附上代码。链接不稳定,stackoverflow 上的问题/答案不应该如此。
  • 我已经更新了链接并在此处添加了主要代码。
  • 酷,为你提出了你的问题。

标签: vb.net encryption aes rijndael


【解决方案1】:

如前所述,没有什么是不可能破解的,您只能遵循最佳实践,尽可能让任何潜在的攻击者难以破解。

实际上,您链接的代码不再被视为最先进的代码(如果曾经是的话)。它通过散列密码来创建对称加密密钥。这很糟糕,因为密码通常没有足够的熵来阻止基于字典的复杂攻击。此外,它不使用任何salt 或等效项,因此使用预计算表很容易攻击它。

只要有可能,您应该使用安全的 PRNG(伪随机数生成器)生成对称密钥。如果没有特别需要涉及密码,请不要这样做。如果绝对必须是密码,请使用来自PKCS5 的 PBKDF2 或 bcrypt 或 scrypt 等替代方法。

IV 也应该始终由安全的 PRNG 生成,并且尽可能不要重复使用。也不需要从密码中派生它,如您链接的示例所示。 IV 是公共信息,这意味着您可以安全地发布它 - 但它必须保持不可预测和随机性 - 否则您很容易受到一些 dedicated attacks 的影响,除非您使用 GCM 等经过身份验证的加密模式。

如果您不熟悉这些主题并且有疑问,我强烈建议您咨询专家。如果要保护的数据如您所说的那么重要,那么额外的钱应该花得好。如果在该领域没有经验,那么您在手工制作自己的解决方案时可能会忽略一些重要的事情。

【讨论】:

    【解决方案2】:

    没有什么是不可能的,尤其是当您使用弱 IV 或密钥时。然而,它在统计上是如此微不足道,以至于您应该能够在晚上睡个好觉。如果您问其他人是否使用此算法进行任务关键型加密,答案肯定是肯定的。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2016-05-26
      • 2013-08-24
      • 2012-07-20
      • 1970-01-01
      • 2021-06-06
      • 1970-01-01
      • 2023-03-23
      相关资源
      最近更新 更多