天道酬勤,学无止境

block-cipher

What is the default IV when encrypting with aes_256_cbc cipher?

I've generated a random 256 bit symmetric key, in a file, to use for encrypting some data using the OpenSSL command line which I need to decrypt later programmatically using the OpenSSL library. I'm not having success, and I think the problem might be in the initialization vector I'm using (or not using). I encrypt the data using this command: /usr/bin/openssl enc -aes-256-cbc -salt -in input_filename -out output_filename -pass file:keyfile I'm using the following call to initialize the decrypting of the data: EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), nullptr, keyfile.data(), nullptr))

2021-06-04 14:51:58    分类:问答    c++   encryption   openssl   aes   block-cipher

围绕凭据存储阻止密码,盐,AES,MySQL和最佳实践(Block ciphers, salt, AES, MySQL, and best practices around credential storage)

问题 我在建立一个要连接到另一个系统的系统时遇到了必须存储密码的情况。 该其他系统仅允许一个用户帐户,并且唯一的连接方法是通过密码。 此处不适合使用散列。 我必须以一种可以检索它的方式存储密码。 现在,由于知道这不是一个完美的系统,因此我试图限制如果有人以某种方式访问​​数据库而造成的损害。 由于该数据库将需要在各种平台上使用,因此我决定使用MySQL自己的内置加密功能。 这样,我不必担心为各种语言和系统找到兼容的加密/解密算法实现。 我可以在查询中使用MySQL的功能。 存储密码时,我将使用AES_ENCRYPT("password", "encryption key") 。 然后我意识到我可能应该使用一些盐,以便如果他们能够获得一个密码,那么很难获得其他密码。 可是等等! 有什么意义呢? 如果他们能够获得一个密码,那么他们必须具有加密密钥,是吗? 此外,这是分组密码。 在某些情况下,盐可能几乎是无用的。 /* Returns 8CBAB2A9260975FF965E5A7B02E213628CBAB2A9260975FF965E5A7B02E21362FBB5D173CBAFA44DC406B69D05A2072C */ SELECT HEX(AES_ENCRYPT("passwordpasswordpasswordpassword", "encryption key"));

2021-05-18 08:24:32    分类:技术分享    mysql   aes   block-cipher

Block ciphers, salt, AES, MySQL, and best practices around credential storage

I have a situation where I must store a password, as I am building a system to connect to another system. This other system only allows for a single user account, and the only way to connect to it is via a password. A hash is not appropriate here. I must store the password in a way that I can retrieve it. Now, with the knowledge that this is not a perfect system, I am trying to limit damage should someone get access to the database somehow. As this database will need to be used by varying platforms, I have decided to use MySQL's own built-in encryption functions. This way, I don't need to

2021-05-09 05:43:42    分类:问答    mysql   aes   block-cipher

Source and importance of nonce / IV for protocol using AES-GCM

I am making a protocol that uses packets (i.e., not a stream) encrypted with AES. I've decided on using GCM (based off CTR) because it provides integrated authentication and is part of the NSA's Suite B. The AES keys are negotiated using ECDH, where the public keys are signed by trusted contacts as a part of a web-of-trust using something like ECDSA. I believe that I need a 128-bit nonce / initialization vector for GCM because even though I'm using a 256 bit key for AES, it's always a 128 bit block cipher (right?) I'll be using a 96 bit IV after reading the BC code. I'm definitely not

2021-04-16 03:34:42    分类:问答    security   cryptography   aes   block-cipher

整数的对称双射算法(Symmetric Bijective Algorithm for Integers)

问题 我需要一种算法,该算法可以将32位带符号整数与另一个32位带符号整数进行一对一映射(即无冲突)。 我真正关心的是足够的熵,因此函数的输出似乎是随机的。 基本上,我正在寻找一种与XOR密码类似的密码,但是它可以生成看起来更随意的输出。 安全不是我真正关心的问题,尽管默默无闻。 出于澄清目的进行编辑: 该算法必须是对称的,这样我就可以在没有密钥对的情况下撤消操作。 该算法必须是双射的,每个32位输入数字必须生成一个32位唯一数字。 函数的输出必须足够模糊,仅在输入上添加一个应该会对输出产生很大的影响。 预期结果示例: F(100)= 98456 F(101)= -758 F(102)= 10875498 F(103)= 986541 F(104)= 945451245 F(105)= -488554 就像MD5一样,改变一件事情可能会改变很多事情。 我正在寻找数学函数,因此手动映射整数对我来说不是解决方案。 对于那些询问的人来说,算法速度不是很重要。 回答1 使用任何32位分组密码! 根据定义,分组密码以可逆的方式将其范围内的每个可能的输入值映射到唯一的输出值,并且根据设计,很难确定没有密钥的任何给定值将映射到什么。 只需选择一个密钥,如果安全性或晦涩性很重要,就将其保密,然后使用密码作为转换即可。 有关将此概念扩展到非2的幂的范围的信息

2021-04-11 17:50:47    分类:技术分享    algorithm   encryption-symmetric   block-cipher   bijection

Symmetric Bijective Algorithm for Integers

I need an algorithm that can do a one-to-one mapping (ie. no collision) of a 32-bit signed integer onto another 32-bit signed integer. My real concern is enough entropy so that the output of the function appears to be random. Basically I am looking for a cipher similar to XOR Cipher but that can generate more arbitrary-looking outputs. Security is not my real concern, although obscurity is. Edit for clarification purpose: The algorithm must be symetric, so that I can reverse the operation without a keypair. The algorithm must be bijective, every 32-bit input number must generate a 32-bit

2021-03-30 21:19:41    分类:问答    algorithm   encryption-symmetric   block-cipher   bijection