24  

To contradict what everyone else has said so far, go for it! Yeah, your code might have buffer overflow vulnerabilities in it, and may be slow, buggy, etc, but you're doing this for FUN! I completely understand the recreational enjoyment found in playing with crypto.

要与其他人到目前为止所说的相矛盾,那就去吧!是的,你的代码可能有缓冲区溢出漏洞,可能很慢,有错误,等等,但你这样做是为了乐趣!我完全理解在玩加密时发现的娱乐享受。

That being said, cryptography isn't based on obfuscation at all (or at least shouldn't be). Good crypto will continue to work, even once Eve has slogged through your obfuscated code and completely understands what is going on. IE: Many newspapers have substitution code puzzles that readers try and break over breakfast. If they started doing things like reversing the whole string, yes, it'd be harder, but Joe Reader would still be able to break it, neve tuohtiw gnieb dlot.

话虽如此,密码学根本不是基于混淆(或至少不应该)。即使Eve在您的混淆代码中跋涉并且完全理解正在发生的事情,好的加密也会继续有效。 IE:许多报纸都有替代码谜题,读者试图打破早餐。如果他们开始做一些事情,比如扭转整个弦乐,是的,它会更难,但是Joe Reader仍然可以打破它,neve tuohtiw gnieb dlot。

Good crypto is based on problems that are assumed to be (none proven yet, AFAIK) really difficult. Examples of this include factoring primes, finding the log, or really any other NP-complete problem.

良好的加密是基于假设(尚未证实,AFAIK)真正困难的问题。这方面的例子包括分解素数,找到日志,或者实际上任何其他NP完全问题。

[Edit: snap, neither of those are proven NP-complete. They're all unproven, yet different. Hopefully you still see my point: crypto is based on one-way functions. Those are operations that are easy to do, but hard to undo. ie multiply two numbers vs find the prime factors of the product. Good catch tduehr]

[编辑:快照,这些都没有被证明是NP完全的。它们都是未经证实的,但却不同。希望你仍然看到我的观点:加密是基于单向函数。这些操作很容易做,但很难撤消。即乘以两个数字vs找到产品的素因子。好抓住tduehr]

More power to you for playing around with a really cool branch of mathematics, just remember that crypto is based on things that are hard, not complicated. Many crypto algorithms, once you really understand them, are mindbogglingly simple, but still work because they're based on something that is hard, not just switching letters around.

更多的力量让你玩一个非常酷的数学分支,只记得加密是基于那些困难而不复杂的事情。许多加密算法,一旦你真正理解它们,是令人难以置信的简单,但仍然有效,因为它们基于一些困难的东西,而不仅仅是切换字母。

Note: With this being said, some algorithms do add in extra quirks (like string seversal) to make brute forcing them that much more difficult. A part of me feels like I read this somewhere referencing DES, but I don't believe it... [EDIT: I was right, see 5th paragraph of this article for a reference to the permutations as useless.]

注意:有了这个说法,一些算法确实增加了额外的怪癖(比如字符串切断),使得暴力迫使它们变得更加困难。我的一部分感觉就像我在某处引用DES一样阅读,但我不相信...... [编辑:我是对的,请参阅本文的第5段,以便将排列视为无用。]

BTW: If you haven't found it before, I'd guess the TEA/XTEA/XXTEA series of algorithms would be of interest.

顺便说一句:如果您以前没有找到它,我猜想TEA / XTEA / XXTEA系列算法会引起人们的兴趣。

34  

The best advice I can give you is: resist the temptation to reinvent the wheel. Cryptography is harder than you think.

我能给你的最好建议是:抵制重新发明*的诱惑。密码学比你想象的更难。

Get Bruce Schneier's book Applied Cryptography and read it carefully.

获得Bruce Schneier的书“应用密码学”并仔细阅读。

15  

The correct answer is to not do something like this. The best method is to pick one of the many cryptography libraries out there for this purpose and use them in your application. Security through obscurity never works.

正确的答案是不要做这样的事情。最好的方法是为此目的选择其中一个加密库,并在您的应用程序中使用它们。通过默默无闻的安全从未奏效。

Pick the current top standards for cryptography algorithms as well. AES for encryption, SHA256 for hashing. Elgamal for public key.

选择当前的密码算法*标准。 AES用于加密,SHA256用于散列。 Elgamal公钥。

Reading Applied Cryptography is a good idea as well. But a vast majority of the book is details of implementations that you won't need for most applications.

阅读应用密码学也是一个好主意。但本书的绝大部分内容都是大多数应用程序不需要的实现细节。

Edit: To expand upon the new information given in the edit. The vast majority of current cryptography involves lots of complicated mathematics. Even the block ciphers which just seem like all sorts of munging around of bits are the same.

编辑:扩展编辑中给出的新信息。绝大多数当前的密码学涉及许多复杂的数学。即使是看起来像各种各样的位置的块密码也是一样的。

In this case then read Applied Cryptography and then get the book Handbook of Applied Cryptography which you can download for free.

在这种情况下,然后阅读Applied Cryptography,然后获得可以免费下载的应用密码学手册。

Both of these have lots of information on what goes into a cryptography algorithm. Some explanation of things like differential and linear cryptanalysis. Another resource is Citeseer which has a number of the academic papers referenced by both of those books for download.

这两者都有很多关于加密算法的信息。对差分和线性密码分析等事物的一些解释。另一个资源是Citeseer,其中有许多学术论文被这两本书引用下载。

Cryptography is a difficult field with a huge academic history to it for going anywhere. But if you have the skills it is quite rewarding as I have found it to be.

密码学是一个艰难的领域,具有丰富的学术历史,可以随时随地进行。但是,如果你掌握了这些技能,我会发现它是非常有益的。

9  

Do the exercises here:

这里做练习:

http://www.schneier.com/crypto-gram-9910.html#SoYouWanttobeaCryptographer

For starters, look at the cube attack paper (http://eprint.iacr.org/2008/385) and try breaking some algorithms with it. After you are familiar with breaking cryptographic schemes, you'll become better at creating them.

对于初学者,请查看多维数据集攻击文件(http://eprint.iacr.org/2008/385)并尝试使用它打破一些算法。熟悉破解加密方案后,您将更好地创建它们。

As far as production code goes, I'll repeat what has already been said: just use what's available in the market, since all the mainstream schemes have already gone through multiple rounds of cryptanalysis.

就生产代码而言,我将重复已经说过的内容:只使用市场上可用的内容,因为所有主流方案都已经过多轮密码分析。

6  

All the above advice is sound. Obfuscation bad. Don't put your own crypto into production without first letting the public beat on it for a while.

所有上述建议都是合理的。混淆不好。如果没有让公众暂时打败它,就不要把你自己的加密器投入生产。

a couple things to add:

要添加的几件事:

• Encoding is not encryption. I recently bypassed a website's authentication system due to the developers misunderstanding here.

  编码不是加密。由于开发人员误解,我最近绕过了网站的身份验证系统。

• Learn how to break even the most basic systems. You'd be surprised how often knowledge of simple rotation ciphers is actually useful.

  学习如何打破最基本的系统。你会惊讶于简单旋转密码的知识实际上是多么有用。

• A^B = C. You stated you've been working with two key XOR encryption. When building a cryptosystem always check that your steps are actually accomplishing something. in the two key XOR case you're really just using a different key.

  A ^ B = C.您说您已经使用了两个关键的XOR加密。构建密码系统时,请始终检查您的步骤是否实际完成了某些操作。在两个关键的异或情况下,你真的只是使用不同的密钥。

• A^A = 0. XOR enryption is very weak against known or chosen plaintext attacks. If you know all or part of the plaintext, you can get all or part of the key. Plaintext ^ Cyphertext = Key

  A ^ A = 0.对于已知或选择的明文攻击,XOR enryption非常弱。如果您知道全部或部分明文,则可以获得全部或部分密钥。明文^ Cyphertext = Key

• Another good book to read is The Code Book by Simon Singh. It goes over some of the history of cryptography and methods for breaking most of the cryptosystems he covers.

  另一本好读的书是Simon Singh的The Code Book。它介绍了密码学的一些历史和破解他所涵盖的大多数密码系统的方法。

• Two algorithms to learn (learn them and the history behind them):

  学习两种算法(学习它们及其背后的历史):

  • 3DES: yes it's obsolete but it's a good starting point for learning fiestel and block cyphers and there are some good lessons in it's creation from DES. Also, the reasoning for the encrypt, decrypt, encrypt methodology used is a good thing to learn.

  3DES:是的,它已经过时,但它是学习fiestel和阻塞密码的一个很好的起点,而且从DES创建它有一些很好的经验教训。此外,使用加密,解密,加密方法的原因是一件好事。

  • RSA: I'm going to display my inner math geek here. Probably the simplest encryption algorithm in use today. Methods of breaking it are known (just factor the key) but computationally extremely difficult. m^d mod n where n = p*q (p and q prime) and gcd(d,n)=1. A little bit of group/number theory explains why this isn't easily reversed without knowing p and q. In my number theory course we proved the theory behind this at least half a dozen ways.

  RSA:我将在这里展示我内心的数学极客。可能是目前使用的最简单的加密算法。打破它的方法是已知的(只是关键因素)但计算上非常困难。 m ^ d mod n其中n = p * q(p和q prime)和gcd(d,n)= 1。一点组/数理论解释了为什么在不知道p和q的情况下不容易逆转。在我的数论过程中,我们至少有六种方法证明了这背后的理论。

A note for PhirePhly:

PhirePhly的注释:

prime factorization and discrete log are not NP-Complete, or NP-Hard for that matter. They are both unknown in complexity. I imagine you'd get a decent amount of fame from just figuring that part out. That said, the rest of your assertion is correct. Good crypto is based on things that are easy to do but hard to undo without the key.

对于那个问题,素数分解和离散对数不是NP-Complete,或NP-Hard。它们的复杂性都不为人知。我想你只要搞清楚那个部分就能得到相当多的名声。也就是说,你的其余断言是正确的。好的加密是基于易于操作但没有密钥难以撤销的事情。

4  

Unless you're (becoming) an expert in the field, do not use home-made crypto in production products. Enough said.

除非您(成为)该领域的专家,否则不要在生产产品中使用自制加密。说够了。

3  

DON'T!

Even the experts have a very hard time knowing if they got it right. Outside of a crypto CS class, just use other people's code. Port code only if you absolutely must and then test the snot out of it with known good code.

即使是专家也很难知道他们是否做对了。在加密CS类之外,只需使用其他人的代码。端口代码只有你绝对必须然后用已知的好代码测试它的鼻涕。

3  

Most experts agree that openness is more valuable than obfuscation in developing cryptographic methods and algorithms.

大多数专家都认为,在开发加密方法和算法时,开放性比混淆更有价值。

In other words, everyone seems to be able to design a new code that everyone can break except them. The best crypto survives the test of having the algorithm and some encrypted messages put out there and having the best crypto hackers try to break it.

换句话说,每个人似乎都能够设计一个新的代码,除了它们之外每个人都可以破解。最好的加密在测试中得以存在,并且有一些加密的消息放在那里并且拥有最好的加密黑客试图打破它。

In general, most obfuscation methods and simple hashing (and I've done quite a few of them myself) are very easily broken. That doesn't mean they aren't fun to experiment with and learn about.

一般来说,大多数混淆方法和简单的散列(我自己做过很多)很容易被打破。这并不意味着他们试验和学习并不好玩。

List of Cryptography Books (from Wikipedia)

密码学书籍清单(来自*)

This question caught my eye because I'm currently re-reading Cryptonomicon by Neal Stephenson, which isn't a bad overview itself, even though it's a novel...

这个问题引起了我的注意,因为我正在重读Neal Stephenson的Cryptonomicon,这本身并不是一个糟糕的概述,即使它是一部小说......

2  

To echo everyone else (for posterity), never ever implement your own crypto. Use a library.

为了回应其他人(后代),永远不要实现自己的加密。使用图书馆。

That said, here is an article on how to implement DES:

也就是说,这是一篇关于如何实现DES的文章:

http://scienceblogs.com/goodmath/2008/09/des_encryption_part_1_encrypti.php

Permutation and noise are crucial to many encryption algorithms. The point isn't so much to obscure things, but to add steps to the process that make brute force attacks impractical.

排列和噪声对许多加密算法至关重要。重点不在于模糊事物,而在于为蛮力攻击提供不切实际的过程。

Also, get and read Applied Cryptography. It's a great book.

另外,获取并阅读Applied Cryptography。这是一本好书。

2  

Have to agree with other posters. Don't unless you are writing a paper on it and need to do some research or something.

必须同意其他海报。除非你正在写论文并且需要做一些研究或其他事情,否则不要这样做。

If you think you know a lot about it go and read the Applied Cryptography book. I know a lot of math and that book still kicked my butt. You can read and analyze from his pseudo-code. The book also has a ton of references in the back to dig deeper if you want.

如果您认为自己了解很多,请阅读应用密码学书籍。我知道很多数学,那本书仍然踢我的屁股。您可以从他的伪代码中读取和分析。如果你愿意,这本书还有很多参考资料可以深入挖掘。

Crypto is one of those things that a lot of people think is very cool, but the actual math behind the concepts is beyond their grasp. I decided a long time ago that it was not worth the mental effort for me to get to that level.

加密是许多人认为非常酷的事情之一,但概念背后的实际数学是他们无法掌握的。很久以前我决定让我达到那个级别的心理努​​力是不值得的。

If you just want to see HOW it is done (study existing implementations in code) I would suggest taking a peek at the Crypto++ library even if you don't normally code in C++ it is a good view of the topics and parts of implementing encryption.

如果你只想看看它是如何完成的(研究代码中的现有实现)我建议你看看Crypto ++库,即使你通常不用C ++编写代码,它也可以很好地了解实现加密的主题和部分内容。 。

Bruce also has a good list of resources you can get from his site.

布鲁斯还有一个很好的资源清单,你可以从他的网站上获得。

2  

I attended a code security session at this years Aus TechEd. When talking about the AES algorithm in .Net and how it was selected, the presenter (Rocky Heckman) told us one of the techniques that had been used to break the previous encryption. Someone had managed to use a thermal imaging camera to record a cpu's heat signature whilst it was encrypting data. They were able to use this recording to ascertain what types of calculations the chip was doing and then reverse engineer the algoritm. They had way too much time on their hands, and I am fairly confident I will never be smart enough to beat people like that! :(

我参加了今年的Aus TechEd代码安全会议。在讨论.Net中的AES算法及其选择方式时,演示者(Rocky Heckman)告诉我们一种用于打破先前加密的技术。在加密数据的同时,有人设法使用红外热像仪记录cpu的热量特征。他们能够使用这种记录来确定芯片正在进行什么类型的计算,然后对算法进行逆向工程。他们手上有太多时间,而且我相信我永远不会足够聪明地击败那样的人! :(

• Note: I sincerely hope I have relayed the story correctly, if not - the mistake is likely mine, not that of the presenter mentioned.

注意:我真诚地希望我能正确地传达故事,如果没有 - 错误很可能是我的,而不是主持人提到的错误。

2  

It's already been beaten to death that you shouldn't use home grown crypto in a product. But I've read your question and you clearly state that you're just doing it for fun. Sounds like the true geek/hacker/academic spirit to me. You know it works, you want to know why it works and try to see if you can make it work.

你不应该在产品中使用自制的加密技术,这已经被打死了。但我已经阅读了你的问题,你明确表示你只是为了好玩而做。对我来说听起来像真正的极客/黑客/学术精神。你知道它有效,你想知道它的工作原理,并试着看看你是否可以使它工作。

I completely encourage that and do the same with many programs I've written just for fun. I suggest reading this post (http://rdist.root.org/2008/09/18/dangers-of-amateur-cryptography/) over at a blog called "rootlabs". In the post are a series of links that you should find very interesting. A guy interested in math/crypto with a PhD in Computer Science and who works for Google decided to write a series of articles on programming crypto. He made several non-obvious mistakes that were pointed out by industry expert Nate Lawson.

我完全鼓励这样做,并且为了好玩而为我编写的许多程序做同样的事情。我建议在一个名为“rootlabs”的博客上阅读这篇文章(http://rdist.root.org/2008/09/18/dangers-of-amateur-cryptography/)。在帖子中有一系列你应该发现非常有趣的链接。一个对数学/加密感兴趣并且拥有计算机科学博士并且为谷歌工作的人决定撰写一系列有关加密编程的文章。他提出了一些行业专家Nate Lawson指出的非显而易见的错误。

I suggest you read it. If it doesn't encourage you to keep trying, it will no doubt still teach you something.

我建议你看看。如果它不鼓励你继续尝试,它无疑会教你一些东西。

Best of luck!

祝你好运!

1  

I agree with not re-inventing the wheel.

我同意不重新发明*。

And remember, security through obscurity is no security at all. If any part of your security mechanisms use the phrase "nobody will ever figure this out!", it's not secure. Think about AES -- the algorithm is publicly available, so everybody knows exactly how it works, and yet nobody can break it.

请记住,通过默默无闻的安全性根本不是安全措施。如果您的安全机制的任何部分使用“没有人会想到这一点!”这句话,那就不安全了。想想AES - 这个算法是公开的,所以每个人都知道它是如何工作的,但没有人可以打破它。

1  

Per other answers - inventing an encryption scheme is definitely a thing for the experts and any new proposed crypto scheme really does need to be put to public scrutiny for any reasonable hope of validation and confidence in its robustness. However, implementing existing algorithms and systems is a much more practical endeavor "for fun" and all the major standards have good test vectors to help prove the correctness of your implementation.

其他答案 - 发明加密方案绝对是专家的事情,任何新提出的加密方案确实需要公开审查任何合理的验证希望和对其稳健性的信心。然而,实现现有的算法和系统是一种更加实用的“乐趣”,所有主要标准都有良好的测试向量来帮助证明实现的正确性。

With that said, for production solutions, existing implementations are plentiful and there should typically be no reason you would need to implement a system yourself.

话虽如此,对于生产解决方案,现有的实施方案很丰富,通常没有理由需要自己实施系统。

1  

I agree with all the answers, both "don't write your own crypto algorithm for production use" and "hell yeah, go for it for your own edification", but I am reminded of something that I believe the venerable Bruce Schneier often writes: "it's easy for someone to create something that they themselves cannot break."

我同意所有的答案,“不要为生产使用编写你自己的加密算法”和“地狱是的,为你自己的启发而努力”,但我想起了一些我认为古老的Bruce Schneier经常写的东西:“人们很容易创造出他们自己无法打破的东西。”

0  

The only cryptography that an non experts should be able to expect to get right is bone simple One Time Pad ciphers.

非专家应该能够实现的唯一加密是骨简单的One Time Pad密码。

CipherTextArray = PlainTextArray ^ KeyArray;

Aside from that, anything even worth looking at (even for recreation) will need a high level degree in math.

除此之外,任何值得关注的东西(即使是娱乐)都需要高水平的数学学位。

0  

I dont want to go into depth on correct answers that have already been given (don't do it for production; simple reversal not enough; obfuscation bad; etc).

我不想深入探讨已经给出的正确答案(不要用于生产;简单的逆转不够;混淆不好;等等)。

I just want to add Kerckoff's principle, "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge".

我只想添加Kerckoff的原则,“密码系统应该是安全的,即使系统的所有内容,除了密钥,都是公共知识”。

While I'm at it, I'll also mention Bergofsky's Principle (quoted by Dan Brown in Digital Fortress): "If a computer tried enough keys, it was mathematically guaranteed to find the right one. A code’s security was not that its pass-key was unfindable but rather that most people didn’t have the time or equipment to try."
Only that's inherently not true; Dan Brown made it up.

虽然我在谈论它,但我还会提到Bergofsky的原理(Dan Brown在Digital Fortress中引用):“如果一台计算机尝试了足够的密钥,那么在数学上可以保证找到合适的密钥。代码的安全性不是它的通行证-key是不可取的,而是大多数人没有时间或设备去尝试。“只有那本身就不是真的;丹布朗弥补了这一点。

0  

Responding to PhirePhly and tduehr, on the complexity of factoring:

关于分解复杂性的PhirePhly和tduehr的回应:

It can readily be seen that factoring is in NP and coNP. What we need to see is that the problems "given n and k, find a prime factor p of n with 1 < p <= k" and "show that no such p exists" are both in NP (the first being the decision variant of the factoring problem, the second being the decision variant of the complement).

可以很容易地看出,因子分解是NP和coNP。我们需要看到的是“给定n和k,找到n的主要因子p,1

First problem: given a candidate solution p, we can easily (i.e. in polynomial time) check whether 1 < p <= k and whether p divides n. A solution p is always shorter (in the number of bits used to represent it) than n, so factoring is in NP.

第一个问题:给定候选解p,我们可以很容易地(即在多项式时间内)检查1

Second problem: given a complete prime factorization (p_1, ..., p_m), we can quickly check that their product is n, and that none are between 1 and k. We know that PRIMES is in P, so we can check the primality of each p_i in polynomial time. Since the smallest prime is 2, there is at most log_2(n) prime factors in any valid factorization. Each factor is smaller than n, so they use at most O(n log(n)) bits. So if n doesn't have a prime factor between 1 and k, there is a short (polynomial-size) proof which can be verified quickly (in polynomial time).

第二个问题:给定一个完整的素数因子分解(p_1,...,p_m),我们可以快速检查它们的乘积是否为n,并且没有一个在1和k之间。我们知道PRIMES在P中,所以我们可以在多项式时间内检查每个p_i的素数。由于最小素数为2,因此在任何有效因式分解中最多有log_2(n)素因子。每个因子都小于n,因此它们最多使用O(n log(n))位。因此,如果n不具有介于1和k之间的素因子,则存在可以快速验证的短(多项式大小)证明(在多项式时间内)。

So factoring is in NP and coNP. If it was NP-complete, then NP would equal coNP, something which is often assumed to be false. One can take this as evidence that factoring is indeed not NP-complete; I'd rather just wait for a proof ;-)

因此,因子分解在NP和coNP中。如果它是NP完全的,则NP将等于coNP,这通常被认为是错误的。人们可以将此作为分解确实不是NP完全的证据;我宁愿等待证明;-)

-1  

Usually, I start by getting a Ph.D in number theory. Then I do a decade or so of research and follow that up with lots of publishing and peer review. As far as the techniques I use, they are various ones from my research and that of my peers. Occasionally, when I wake up in the middle of the night, I'll develop a new technique, implement it, find holes in it (with the help of my number theory and computer science peers) and then refine from there.

通常,我首先获得数论博士学位。然后,我进行了大约十年左右的研究,并通过大量的出版和同行评审进行跟进。就我使用的技术而言,它们来自我的研究和我的同行的各种技术。偶尔,当我在半夜醒来时,我将开发一种新技术,实现它,在其中找到漏洞(在我的数论和计算机科学同行的帮助下),然后从那里进行改进。

If you give a mouse an algorithm...

如果你给鼠标一个算法......