Lockbox3 encryptstring : 相同的字符串给出不同的加密结果
Lockbox3 encryptstring : same string gives different encrypted result
我尝试使用 Delphi XE10 的 lockbox3。
我想对用户输入的字符串进行加密,并将其与一个值进行比较以进行验证。但是每次相同的输入字符串都会给出不同的加密结果。请问我有什么错吗?
这里是给出这个错误的示例代码
<UNIT CODE START>
unit Unit21;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, TPLB3.Codec, TPLB3.BaseNonVisualComponent, TPLB3.CryptographicLibrary,
Vcl.StdCtrls;
type
TForm21 = class(TForm)
Button1: TButton;
CryptographicLibrary1: TCryptographicLibrary;
Codec1: TCodec;
Label1: TLabel;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form21: TForm21;
implementation
{$R *.dfm}
procedure TForm21.Button1Click(Sender: TObject);
var s0,s1 : string;
begin
codec1.Password := 'ou[asdl[kn';
s0 := 'asdfghjkl';
codec1.EncryptString(s0,s1);
label1.caption := s1;
end;
end.
<UNIT CODE END>
<FORM CODE START>
object Form21: TForm21
Left = 0
Top = 0
Caption = 'Form21'
ClientHeight = 299
ClientWidth = 635
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'Tahoma'
Font.Style = []
OldCreateOrder = False
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 168
Top = 72
Width = 31
Height = 13
Caption = 'Label1'
end
object Button1: TButton
Left = 32
Top = 72
Width = 75
Height = 25
Caption = 'Button1'
TabOrder = 0
OnClick = Button1Click
end
object CryptographicLibrary1: TCryptographicLibrary
Left = 192
Top = 136
end
object Codec1: TCodec
AsymetricKeySizeInBits = 512
AdvancedOptions2 = []
CryptoLibrary = CryptographicLibrary1
Left = 200
Top = 192
StreamCipherId = 'native.StreamToBlock'
BlockCipherId = 'native.AES-256'
ChainId = 'native.CBC'
end
end
<FORM CODE END>
乍一看问题似乎是您正在使用 AES 的 CBC(密码块链接)模式。
这实际上不是问题,但 CBC 模式的工作方式已经设计好了。
查看这篇维基百科文章,了解有关 Block cipher mode of operation
的更多详细信息
In cryptography, a mode of operation is an algorithm that uses a block
cipher to provide an information service such as confidentiality or
authenticity. A block cipher by itself is only suitable for the secure
cryptographic transformation (encryption or decryption) of one
fixed-length group of bits called a block. A mode of operation
describes how to repeatedly apply a cipher's single-block operation to
securely transform amounts of data larger than a block.
...
In CBC mode, each block of plaintext is XORed with the previous
ciphertext block before being encrypted. This way, each ciphertext
block depends on all plaintext blocks processed up to that point. To
make each message unique, an initialization vector must be used in the
first block.
如果您希望始终接收到某些纯文本的相同密文,您可以改为切换到基本 ECB (Electronic Codebook) 模式(例如更改ChainId = 'native.CBC' 到 ChainId = 'native.ECB').
但不推荐这样做,因为它会使您的密文容易受到某些攻击。对称密码不应多次使用相同的密钥加密相同的纯文本。
这就是引入链接操作模式的原因。它们用于 "generate" 一系列派生密钥(基于您提供的密钥 - 在您的情况下它本身基于密码)而不是基本密钥。
确保还阅读了这个问题:
- How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?
如果您正在设计一个现实世界的系统(除了您自己,其他人将使用该系统),并且您需要为其任何部分提供安全性,请投入一些时间来学习更多有关密码学的知识。
学习类似的密码学课程是一个好的开始:Cryptography I(免费)
我尝试使用 Delphi XE10 的 lockbox3。 我想对用户输入的字符串进行加密,并将其与一个值进行比较以进行验证。但是每次相同的输入字符串都会给出不同的加密结果。请问我有什么错吗?
这里是给出这个错误的示例代码
<UNIT CODE START>
unit Unit21;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, TPLB3.Codec, TPLB3.BaseNonVisualComponent, TPLB3.CryptographicLibrary,
Vcl.StdCtrls;
type
TForm21 = class(TForm)
Button1: TButton;
CryptographicLibrary1: TCryptographicLibrary;
Codec1: TCodec;
Label1: TLabel;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form21: TForm21;
implementation
{$R *.dfm}
procedure TForm21.Button1Click(Sender: TObject);
var s0,s1 : string;
begin
codec1.Password := 'ou[asdl[kn';
s0 := 'asdfghjkl';
codec1.EncryptString(s0,s1);
label1.caption := s1;
end;
end.
<UNIT CODE END>
<FORM CODE START>
object Form21: TForm21
Left = 0
Top = 0
Caption = 'Form21'
ClientHeight = 299
ClientWidth = 635
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'Tahoma'
Font.Style = []
OldCreateOrder = False
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 168
Top = 72
Width = 31
Height = 13
Caption = 'Label1'
end
object Button1: TButton
Left = 32
Top = 72
Width = 75
Height = 25
Caption = 'Button1'
TabOrder = 0
OnClick = Button1Click
end
object CryptographicLibrary1: TCryptographicLibrary
Left = 192
Top = 136
end
object Codec1: TCodec
AsymetricKeySizeInBits = 512
AdvancedOptions2 = []
CryptoLibrary = CryptographicLibrary1
Left = 200
Top = 192
StreamCipherId = 'native.StreamToBlock'
BlockCipherId = 'native.AES-256'
ChainId = 'native.CBC'
end
end
<FORM CODE END>
乍一看问题似乎是您正在使用 AES 的 CBC(密码块链接)模式。
这实际上不是问题,但 CBC 模式的工作方式已经设计好了。
查看这篇维基百科文章,了解有关 Block cipher mode of operation
的更多详细信息In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
...
In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
如果您希望始终接收到某些纯文本的相同密文,您可以改为切换到基本 ECB (Electronic Codebook) 模式(例如更改ChainId = 'native.CBC' 到 ChainId = 'native.ECB').
但不推荐这样做,因为它会使您的密文容易受到某些攻击。对称密码不应多次使用相同的密钥加密相同的纯文本。
这就是引入链接操作模式的原因。它们用于 "generate" 一系列派生密钥(基于您提供的密钥 - 在您的情况下它本身基于密码)而不是基本密钥。
确保还阅读了这个问题:
- How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?
如果您正在设计一个现实世界的系统(除了您自己,其他人将使用该系统),并且您需要为其任何部分提供安全性,请投入一些时间来学习更多有关密码学的知识。
学习类似的密码学课程是一个好的开始:Cryptography I(免费)