久久久久久久av_日韩在线中文_看一级毛片视频_日本精品二区_成人深夜福利视频_武道仙尊动漫在线观看

為什么密碼錯(cuò)誤會(huì)導(dǎo)致“填充無效且無法刪除&

Why does a bad password cause quot;Padding is invalid and cannot be removedquot;?(為什么密碼錯(cuò)誤會(huì)導(dǎo)致“填充無效且無法刪除?)
本文介紹了為什么密碼錯(cuò)誤會(huì)導(dǎo)致“填充無效且無法刪除"?的處理方法,對大家解決問題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來一起學(xué)習(xí)吧!

問題描述

我需要一些簡單的字符串加密,所以我編寫了以下代碼(來自 這里):

I needed some simple string encryption, so I wrote the following code (with a great deal of "inspiration" from here):

    // create and initialize a crypto algorithm
    private static SymmetricAlgorithm getAlgorithm(string password) {
        SymmetricAlgorithm algorithm = Rijndael.Create();
        Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(
            password, new byte[] {
            0x53,0x6f,0x64,0x69,0x75,0x6d,0x20,             // salty goodness
            0x43,0x68,0x6c,0x6f,0x72,0x69,0x64,0x65
        }
        );
        algorithm.Padding = PaddingMode.ISO10126;
        algorithm.Key = rdb.GetBytes(32);
        algorithm.IV = rdb.GetBytes(16);
        return algorithm;
    }

    /* 
     * encryptString
     * provides simple encryption of a string, with a given password
     */
    public static string encryptString(string clearText, string password) {
        SymmetricAlgorithm algorithm = getAlgorithm(password);
        byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, algorithm.CreateEncryptor(), CryptoStreamMode.Write);
        cs.Write(clearBytes, 0, clearBytes.Length);
        cs.Close();
        return Convert.ToBase64String(ms.ToArray());
    }

    /*
     * decryptString
     * provides simple decryption of a string, with a given password
     */
    public static string decryptString(string cipherText, string password) {
        SymmetricAlgorithm algorithm = getAlgorithm(password);
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, algorithm.CreateDecryptor(), CryptoStreamMode.Write);
        cs.Write(cipherBytes, 0, cipherBytes.Length);
        cs.Close();            
        return System.Text.Encoding.Unicode.GetString(ms.ToArray());
    }

代碼似乎工作正常,除了當(dāng)使用不正確的密鑰解密數(shù)據(jù)時(shí),我在解密字符串的 cs.Close() 行上收到 CryptographicException - 填充無效且無法刪除".

The code appears to work fine, except that when decrypting data with an incorrect key, I get a CryptographicException - "Padding is invalid and cannot be removed" - on the cs.Close() line in decryptString.

示例代碼:

    string password1 = "password";
    string password2 = "letmein";
    string startClearText = "The quick brown fox jumps over the lazy dog";
    string cipherText = encryptString(startClearText, password1);
    string endClearText = decryptString(cipherText, password2);     // exception thrown

我的問題是,這是意料之中的嗎?我原以為用錯(cuò)誤的密碼解密只會(huì)導(dǎo)致無意義的輸出,而不是異常.

My question is, is this to be expected? I would have thought that decrypting with the wrong password would just result in nonsense output, rather than an exception.

推薦答案

雖然已經(jīng)回答了這個(gè)問題,但我認(rèn)為最好解釋一下為什么這是意料之中的.

Although this have been already answered I think it would be a good idea to explain why it is to be expected.

通常會(huì)應(yīng)用填充方案,因?yàn)榇蠖鄶?shù)加密過濾器在語義上并不安全,并且可以防止某些形式的加密攻擊.例如,通常在 RSA 中使用 OAEP 填充方案來防止某些類型的攻擊(例如選擇的明文攻擊或blinding).

A padding scheme is usually applied because most cryptographic filters are not semantically secure and to prevent some forms of cryptoatacks. For example, usually in RSA the OAEP padding scheme is used which prevents some sorts of attacks (such as a chosen plaintext attack or blinding).

在發(fā)送消息之前,填充方案會(huì)在消息 m 上附加一些(通常)隨機(jī)垃圾.在OAEP方法中,例如使用了兩個(gè)Oracle(這是一個(gè)簡單的解釋):

A padding scheme appends some (usually) random garbage to the message m before the message is sent. In the OAEP method, for example, two Oracles are used (this is a simplistic explanation):

  1. 給定模數(shù)的大小,您用 0 填充 k1 位,用隨機(jī)數(shù)填充 k0 位.
  2. 然后通過對消息進(jìn)行一些轉(zhuǎn)換,您可以獲得經(jīng)過加密和發(fā)送的填充消息.

這為您提供了消息的隨機(jī)化,并提供了一種測試消息是否垃圾的方法.由于填充方案是可逆的,當(dāng)您解密消息時(shí),雖然您無法說明消息本身的完整性,但實(shí)際上您可以對填充做出一些斷言,因此您可以知道消息是否已正確解密或者您做錯(cuò)了什么(即有人篡改了消息或您使用了錯(cuò)誤的密鑰)

That provides you with a randomization for the messages and with a way to test if the message is garbage or not. As the padding scheme is reversible, when you decrypt the message whereas you can't say anything about the integrity of the message itself you can, in fact, make some assertion about the padding and thus you can know if the message has been correctly decrypted or you're doing something wrong (i.e someone has tampered with the message or you're using the wrong key)

這篇關(guān)于為什么密碼錯(cuò)誤會(huì)導(dǎo)致“填充無效且無法刪除"?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!

【網(wǎng)站聲明】本站部分內(nèi)容來源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請聯(lián)系我們刪除處理,感謝您的支持!

相關(guān)文檔推薦

Is there a way to know if someone has bookmarked your website?(有沒有辦法知道是否有人為您的網(wǎng)站添加了書簽?)
Use of Different .Net Languages?(使用不同的 .Net 語言?)
Is there a C# library that will perform the Excel NORMINV function?(是否有執(zhí)行 Excel NORMINV 函數(shù)的 C# 庫?)
Determining an #39;active#39; user count of an ASP.NET site(確定 ASP.NET 站點(diǎn)的“活動(dòng)用戶數(shù))
Select x random elements from a weighted list in C# (without replacement)(從 C# 中的加權(quán)列表中選擇 x 個(gè)隨機(jī)元素(無需替換))
Best way to keep track of current online users(跟蹤當(dāng)前在線用戶的最佳方式)
主站蜘蛛池模板: 午夜黄色剧场 | 国产91在线看 | 国产精品久久久久久久久 | 国产成人精品一区 | 国产激情综合五月久久 | 天天视频国产 | 最新av在线播放 | 精品久久久久久久 | 韩国av一区二区 | 欧美日韩国产精品 | 欧美成人精品激情在线观看 | 91成人亚洲 | 午夜精品久久久久久久99 | 久久久久人 | 日本视频在线播放 | 青青草一区二区 | 青娱乐av| 久久精品观看 | 欧美顶级黄色大片免费 | 日韩特级毛片 | a天堂在线| 欧美日韩在线播放 | www.黄色片| 黄色片亚洲 | 白浆在线| 亚洲久久久 | 日韩精品一区在线观看 | 国产三级视频在线播放 | 欧美日韩综合 | 亚洲一区精品视频 | 久久久久久国产精品 | 久久久久久国产 | 综合久久久久 | 欧美一级淫片bbb一84 | 国产在线观看免费 | 可以在线观看的av | 啪啪网站免费 | 国产免费一区 | 久久国产一区二区 | 久久久激情| 国产一区二区三区在线视频 |