I'm using PyCrypto to store some files inside a SQLITE database.
我正在使用PyCrypto将一些文件存储在SQLITE数据库中。
I'm using 4 fields :
the name of the file,
the length of the file (in bytes)
the SHA512 hash of the file
the encrypted file (with AES and then base64 to ASCII).
我正在使用4个字段:文件的名称,文件的长度(以字节为单位)文件的SHA512哈希加密文件(使用AES,然后是base64到ASCII)。
I need all the fields to show some info about the file without decrypting it.
我需要所有字段来显示有关该文件的一些信息而不解密它。
The question is : is it secure to store the data like this ?
For example, the first characters of a ZIP file, or executable file are always the same, and if you already know the hash and the length of the file ... is it possible to decrypt the file, maybe partially ?
问题是:存储这样的数据是否安全?例如,ZIP文件的第一个字符或可执行文件总是相同的,如果您已经知道文件的哈希值和长度...是否可以解密文件,可能部分?
If it's not secure, how can I store some information about the file to index the files without decrypting them ? (information like length, hash, name, tags, etc)
如果它不安全,我如何存储有关文件的一些信息来索引文件而不解密它们? (长度,哈希,名称,标签等信息)
(I use python, but you can give examples in any language)
(我使用python,但您可以用任何语言提供示例)
4 个解决方案
#1
1
To avoid any problems concerning the first few bytes being the same, you should use AES in Block Cipher mode with a random IV. This ensures that even if the first block (length depends on the key size) of two encrypted files is exactly the same, the cipher text will be different.
为了避免任何有关前几个字节相同的问题,您应该在分组密码模式下使用AES和随机IV。这确保即使两个加密文件的第一个块(长度取决于密钥大小)完全相同,密文也将是不同的。
If you do that, I see no problem with your approach.
如果你这样做,我认为你的方法没有问题。
#2
3
Data encrypted with AES has the same length as the plain data (give or take some block padding), so giving original length away doesn't harm security. SHA512 is a strong cryptographic hash designed to provide minimal information about the original content, so I don't see a problem here either.
使用AES加密的数据与普通数据具有相同的长度(给出或采用一些块填充),因此给出原始长度不会损害安全性。 SHA512是一个强大的加密哈希,旨在提供有关原始内容的最少信息,所以我也没有看到这里的问题。
Therefore, I think your scheme is quite safe. Any information "exposed" by it is negligible. Key management will probably be a much bigger concern anyway.
因此,我认为您的方案非常安全。任何“暴露”的信息都可以忽略不计。无论如何,密钥管理可能会成为一个更大的问题。
#3
1
You can't just say "oah its AES-256 of course its secure." Just by your post I can see that your confusing attacks against stream ciphers and block ciphers, so you probably should NOT be implementing this until you acutally do research into this topic.
你不能只说“它的AES-256当然是安全的”。只是通过你的帖子,我可以看到你对流密码和分组密码的混乱攻击,所以你可能不应该实现这个,直到你真正研究这个主题。
That being said you must read about block cipher modes of operation. The entire CWE-310 family. It wouldn't hurt to pick up a copy of piratical cryptography. After all of that there is still plenty of room for you to completely mess this up.
话虽如此,你必须阅读有关分组密码的操作模式。整个CWE-310系列。拿起海盗密码学的副本并不会有什么坏处。在所有这些之后,仍然有足够的空间让你彻底搞砸了。
Real solution: USE SOMEONE ELSE'S IMPLEMENTATION.
真正的解决方案:使用某人的实施。
#4
0
You really need to think about what attacks you want to protect against, and the resources of the possible attackers.
你真的需要考虑你想要防御的攻击,以及可能的攻击者的资源。
In general, storing some data encrypted is only useful if it satisfies your exact requirements. In particular, if there is a way an attacker could compromise the key at the same time as the data, then the encryption is effectively useless.
通常,存储一些加密的数据只有在满足您的确切要求时才有用。特别是,如果攻击者有可能在与数据同时破坏密钥的方式,那么加密实际上是无用的。
#1
1
To avoid any problems concerning the first few bytes being the same, you should use AES in Block Cipher mode with a random IV. This ensures that even if the first block (length depends on the key size) of two encrypted files is exactly the same, the cipher text will be different.
为了避免任何有关前几个字节相同的问题,您应该在分组密码模式下使用AES和随机IV。这确保即使两个加密文件的第一个块(长度取决于密钥大小)完全相同,密文也将是不同的。
If you do that, I see no problem with your approach.
如果你这样做,我认为你的方法没有问题。
#2
3
Data encrypted with AES has the same length as the plain data (give or take some block padding), so giving original length away doesn't harm security. SHA512 is a strong cryptographic hash designed to provide minimal information about the original content, so I don't see a problem here either.
使用AES加密的数据与普通数据具有相同的长度(给出或采用一些块填充),因此给出原始长度不会损害安全性。 SHA512是一个强大的加密哈希,旨在提供有关原始内容的最少信息,所以我也没有看到这里的问题。
Therefore, I think your scheme is quite safe. Any information "exposed" by it is negligible. Key management will probably be a much bigger concern anyway.
因此,我认为您的方案非常安全。任何“暴露”的信息都可以忽略不计。无论如何,密钥管理可能会成为一个更大的问题。
#3
1
You can't just say "oah its AES-256 of course its secure." Just by your post I can see that your confusing attacks against stream ciphers and block ciphers, so you probably should NOT be implementing this until you acutally do research into this topic.
你不能只说“它的AES-256当然是安全的”。只是通过你的帖子,我可以看到你对流密码和分组密码的混乱攻击,所以你可能不应该实现这个,直到你真正研究这个主题。
That being said you must read about block cipher modes of operation. The entire CWE-310 family. It wouldn't hurt to pick up a copy of piratical cryptography. After all of that there is still plenty of room for you to completely mess this up.
话虽如此,你必须阅读有关分组密码的操作模式。整个CWE-310系列。拿起海盗密码学的副本并不会有什么坏处。在所有这些之后,仍然有足够的空间让你彻底搞砸了。
Real solution: USE SOMEONE ELSE'S IMPLEMENTATION.
真正的解决方案:使用某人的实施。
#4
0
You really need to think about what attacks you want to protect against, and the resources of the possible attackers.
你真的需要考虑你想要防御的攻击,以及可能的攻击者的资源。
In general, storing some data encrypted is only useful if it satisfies your exact requirements. In particular, if there is a way an attacker could compromise the key at the same time as the data, then the encryption is effectively useless.
通常,存储一些加密的数据只有在满足您的确切要求时才有用。特别是,如果攻击者有可能在与数据同时破坏密钥的方式,那么加密实际上是无用的。