奇怪的 DES 行为 - 使用不同的密钥解密成功

Strange DES behavior - decryption is successful using different keys

偶尔会遇到一件有趣而奇怪的事情:同一个密文块可以用不同的密钥解密!

任何人都可以告诉我出了什么问题吗?非常感谢。

请不要试图让我切换到三重DES/AES等,我只想知道问题出在哪里-调用Java SDK的方式,或者[=中的错误23=]SDK?

下面是 Windows 7 的输出,Linux 框中的结果相同:

D:\>java -version
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)

D:\>java DESTest -e 12345678 abcde977

encrypted as [17fd146fa6fdbb5db667efe657dfcb60]

D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde977

decryted as [12345678]

D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde976

decryted as [12345678]

D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde967

decryted as [12345678]

D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde867

decryted as [12345678]

D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcdf867
Exception in thread "main" java.lang.RuntimeException: javax.crypto.BadPaddingEx
ception: Given final block not properly padded
        at DESTest.des(DESTest.java:46)
        at DESTest.dec(DESTest.java:31)
        at DESTest.main(DESTest.java:19)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padd
ed
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
        at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314)
        at javax.crypto.Cipher.doFinal(Cipher.java:2087)
        at DESTest.des(DESTest.java:44)
        ... 2 more

D:\>java DESTest -e 12345678 abcde976

encrypted as [17fd146fa6fdbb5db667efe657dfcb60]

D:\>java DESTest -e 12345678 abcde967

encrypted as [17fd146fa6fdbb5db667efe657dfcb60]

D:\>

源代码:

import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;

public class DESTest {
    public static void main(String[] args) {
        if (args.length < 3) {
            System.out.println("usage: java " + DESTest.class.getCanonicalName() + " -e|-d text key");
            return;
        }
        String mode = args[0].trim();
        String text = args[1].trim();
        String key = args[2].trim();
        try {
            String s = "-d".equalsIgnoreCase(mode) ? dec(text, key) : enc(text, key);
            System.out.println("\n" + ("-d".equalsIgnoreCase(mode) ? "decryted as [" : "encrypted as [") + s + "]");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }

    private static String enc(String plainText, String key) throws UnsupportedEncodingException {
        return new String(encHex(des(plainText.getBytes("UTF-8"), key, Cipher.ENCRYPT_MODE)));
    }

    private static String dec(String encrypted, String key) throws UnsupportedEncodingException {
        return new String(des(decHex(encrypted), key, Cipher.DECRYPT_MODE), "UTF-8");
    }

    private static byte[] des(byte[] bytes, String key, int cipherMode) {
        final String encoding = "UTF-8";
        try {
            DESKeySpec desKey = new DESKeySpec(key.getBytes(encoding));
            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
            SecretKey securekey = keyFactory.generateSecret(desKey);
            // SecretKey securekey = new SecretKeySpec(key.getBytes(encoding), "DES");//same result as the 3 lines above
            Cipher cipher = Cipher.getInstance("DES");
            SecureRandom random = new SecureRandom();
            cipher.init(cipherMode, securekey, random);
            return cipher.doFinal(bytes);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static final char[] HEX_CHARS = "0123456789abcdef".toCharArray();

    private static String encHex(byte[] bytes) {
        final char[] chars = new char[bytes.length * 2];
        for (int i = 0, j = 0; i < bytes.length; i++) {
            chars[j++] = HEX_CHARS[(0xF0 & bytes[i]) >>> 4];
            chars[j++] = HEX_CHARS[0x0F & bytes[i]];
        }
        return new String(chars);
    }

    private static byte[] decHex(String hex) {
        final int len = hex.length();
        final byte[] bytes = new byte[len / 2];
        for (int i = 0, j = 0; j < len; i++) {
            int f = Character.digit(hex.charAt(j), 16) << 4;
            j++;
            f = f | Character.digit(hex.charAt(j), 16);
            j++;
            bytes[i] = (byte) (f & 0xFF);
        }
        return bytes;
    }
}

DES操作(加密和解密)忽略了密钥每个字节的lsbit。也就是说,如果您翻转密钥中的任何 lsbits,操作将保持不变。这就是您尝试的键中发生的情况:space 的 ASCII 代码是 0x20,而 !是0x21;它们仅在 lsbit 上有所不同。因此,如果密钥的一个字节包含 space 的 ASCII 代码,您可以将其替换为 !,它仍然能够解密。同样,*的ASCII码是0x2a,+的ASCII码是0x2b;也只有 lsbit 不同。

在最初的 DES 标准中,lsbit 应该用作奇偶校验位(每个字节始终具有奇校验)。它应该是对手动输入的密钥的弱错误检查。如今,没有人进行奇偶校验,因此 lsbit 被忽略了。

摘自Poncho's insightful Answer on Cryptography Stackexchange

DES有一个56位的密钥,每个密钥字节的lsbit最初用于奇偶校验,现在被忽略。

答案是:不要使用DES! DES 不安全,已被 AES(高级加密标准)取代 AES 专门设计用于替代 DES。

另外,不要使用字符串作为密钥,最好的做法是使用PBKDF2(基于密码的密钥派生函数)等函数从字符串中派生出加密密钥。