久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

為什么密碼錯誤會導致“填充無效且無法刪除&

Why does a bad password cause quot;Padding is invalid and cannot be removedquot;?(為什么密碼錯誤會導致“填充無效且無法刪除?)
本文介紹了為什么密碼錯誤會導致“填充無效且無法刪除"?的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學習吧!

問題描述

我需要一些簡單的字符串加密,所以我編寫了以下代碼(來自 這里):

I needed some simple string encryption, so I wrote the following code (with a great deal of "inspiration" from here):

    // create and initialize a crypto algorithm
    private static SymmetricAlgorithm getAlgorithm(string password) {
        SymmetricAlgorithm algorithm = Rijndael.Create();
        Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(
            password, new byte[] {
            0x53,0x6f,0x64,0x69,0x75,0x6d,0x20,             // salty goodness
            0x43,0x68,0x6c,0x6f,0x72,0x69,0x64,0x65
        }
        );
        algorithm.Padding = PaddingMode.ISO10126;
        algorithm.Key = rdb.GetBytes(32);
        algorithm.IV = rdb.GetBytes(16);
        return algorithm;
    }

    /* 
     * encryptString
     * provides simple encryption of a string, with a given password
     */
    public static string encryptString(string clearText, string password) {
        SymmetricAlgorithm algorithm = getAlgorithm(password);
        byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, algorithm.CreateEncryptor(), CryptoStreamMode.Write);
        cs.Write(clearBytes, 0, clearBytes.Length);
        cs.Close();
        return Convert.ToBase64String(ms.ToArray());
    }

    /*
     * decryptString
     * provides simple decryption of a string, with a given password
     */
    public static string decryptString(string cipherText, string password) {
        SymmetricAlgorithm algorithm = getAlgorithm(password);
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, algorithm.CreateDecryptor(), CryptoStreamMode.Write);
        cs.Write(cipherBytes, 0, cipherBytes.Length);
        cs.Close();            
        return System.Text.Encoding.Unicode.GetString(ms.ToArray());
    }

代碼似乎工作正常,除了當使用不正確的密鑰解密數據時,我在解密字符串的 cs.Close() 行上收到 CryptographicException - 填充無效且無法刪除".

The code appears to work fine, except that when decrypting data with an incorrect key, I get a CryptographicException - "Padding is invalid and cannot be removed" - on the cs.Close() line in decryptString.

示例代碼:

    string password1 = "password";
    string password2 = "letmein";
    string startClearText = "The quick brown fox jumps over the lazy dog";
    string cipherText = encryptString(startClearText, password1);
    string endClearText = decryptString(cipherText, password2);     // exception thrown

我的問題是,這是意料之中的嗎?我原以為用錯誤的密碼解密只會導致無意義的輸出,而不是異常.

My question is, is this to be expected? I would have thought that decrypting with the wrong password would just result in nonsense output, rather than an exception.

推薦答案

雖然已經回答了這個問題,但我認為最好解釋一下為什么這是意料之中的.

Although this have been already answered I think it would be a good idea to explain why it is to be expected.

通常會應用填充方案,因為大多數加密過濾器在語義上并不安全,并且可以防止某些形式的加密攻擊.例如,通常在 RSA 中使用 OAEP 填充方案來防止某些類型的攻擊(例如選擇的明文攻擊或blinding).

A padding scheme is usually applied because most cryptographic filters are not semantically secure and to prevent some forms of cryptoatacks. For example, usually in RSA the OAEP padding scheme is used which prevents some sorts of attacks (such as a chosen plaintext attack or blinding).

在發送消息之前,填充方案會在消息 m 上附加一些(通常)隨機垃圾.在OAEP方法中,例如使用了兩個Oracle(這是一個簡單的解釋):

A padding scheme appends some (usually) random garbage to the message m before the message is sent. In the OAEP method, for example, two Oracles are used (this is a simplistic explanation):

  1. 給定模數的大小,您用 0 填充 k1 位,用隨機數填充 k0 位.
  2. 然后通過對消息進行一些轉換,您可以獲得經過加密和發送的填充消息.

這為您提供了消息的隨機化,并提供了一種測試消息是否垃圾的方法.由于填充方案是可逆的,當您解密消息時,雖然您無法說明消息本身的完整性,但實際上您可以對填充做出一些斷言,因此您可以知道消息是否已正確解密或者您做錯了什么(即有人篡改了消息或您使用了錯誤的密鑰)

That provides you with a randomization for the messages and with a way to test if the message is garbage or not. As the padding scheme is reversible, when you decrypt the message whereas you can't say anything about the integrity of the message itself you can, in fact, make some assertion about the padding and thus you can know if the message has been correctly decrypted or you're doing something wrong (i.e someone has tampered with the message or you're using the wrong key)

這篇關于為什么密碼錯誤會導致“填充無效且無法刪除"?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!

【網站聲明】本站部分內容來源于互聯網,旨在幫助大家更快的解決問題,如果有圖片或者內容侵犯了您的權益,請聯系我們刪除處理,感謝您的支持!

相關文檔推薦

Is there a way to know if someone has bookmarked your website?(有沒有辦法知道是否有人為您的網站添加了書簽?)
Use of Different .Net Languages?(使用不同的 .Net 語言?)
Is there a C# library that will perform the Excel NORMINV function?(是否有執行 Excel NORMINV 函數的 C# 庫?)
Determining an #39;active#39; user count of an ASP.NET site(確定 ASP.NET 站點的“活動用戶數)
Select x random elements from a weighted list in C# (without replacement)(從 C# 中的加權列表中選擇 x 個隨機元素(無需替換))
Best way to keep track of current online users(跟蹤當前在線用戶的最佳方式)
主站蜘蛛池模板: 中文字幕人成乱码在线观看 | 欧美国产日韩在线观看 | 国产我和子的乱视频网站 | 99久热在线精品视频观看 | 99精品久久久 | 亚洲国产精品人人爽夜夜爽 | 99精品免费久久久久久久久日本 | 色婷婷久久久久swag精品 | 蜜桃在线一区二区三区 | 电影午夜精品一区二区三区 | 成人av在线网站 | 一区二区三区免费 | 在线看免费 | 91嫩草精品 | 国产午夜精品久久 | 久久久久久黄 | 永久精品 | 日韩久久久久久 | 日日干夜夜草 | 伊人精品一区二区三区 | 免费在线观看成年人视频 | 亚洲欧洲综合av | 亚洲视频区 | 午夜小电影 | 狠狠骚| 国产精品2区 | 99久久精品免费看国产四区 | 日韩av资源站 | 中文字幕日韩欧美一区二区三区 | 亚洲欧美久久 | 国产精品大片在线观看 | 国产精品久久久久国产a级 欧美日本韩国一区二区 | 精品欧美一区二区三区久久久 | 91精品国产综合久久国产大片 | 亚洲精品视频在线播放 | 黄色一级免费看 | 国内精品免费久久久久软件老师 | 成人在线精品视频 | 欧美自拍另类 | 97av视频在线 | 日韩免费一区二区 |