I would like to add AES encryption to a software product, but am concerned by increasing the size of the data. I am guessing that the data does increase in size, and then I'll have to add a compression algorithm to compensate.
我想将AES加密添加到软件产品中,但我担心的是增加数据的大小。我猜测数据确实增加了大小,然后我将不得不添加一个压缩算法来补偿。
7 个解决方案
#1
43
AES does not expand data. Moreover, the output will not generally be compressible; if you intend to compress your data, do so before encrypting it.
AES不会扩展数据。而且,输出通常不可压缩;如果您打算压缩数据,请在加密之前执行此操作。
However, note that AES encryption is usually combined with padding, which will increase the size of the data (though only by a few bytes).
但请注意,AES加密通常与填充相结合,这将增加数据的大小(尽管只有几个字节)。
#2
22
AES does not expand the data, except for a few bytes of padding at the end of the last block.
AES不会扩展数据,除了最后一个块末尾的几个填充字节。
The resulting data are not compressible, at any rate, because they are basically random - no dictionary-based algorithm is able to effectively compress them. A best practice is to compress the data first, then encrypt them.
结果数据无论如何都是不可压缩的,因为它们基本上是随机的 - 没有基于字典的算法能够有效地压缩它们。最佳做法是首先压缩数据,然后加密它们。
#3
7
It is common to compress data before encrypting. Compressing it afterwards doesn't work, because AES encrypted data appears random (as for any good cipher, apart from any headers and whatnot).
在加密之前压缩数据是很常见的。之后压缩它不起作用,因为AES加密数据看起来是随机的(对于任何好的密码,除了任何标题和诸如此类的东西之外)。
However, compression can introduce side-channel attacks in some contexts, so you must analyse your own use. Such attacks have recently been reported against encrypted VOIP: the gist is that different syllables create characteristic variations in bitrate when compressed with VBR, because some sounds compress better than others. Some (or all) syllables may therefore be recoverable with sufficient analysis, since the data is transmitted at the rate it is generated. The fix is to either to use (less efficient) CBR compression, or to use a buffer to transmit at constant rate regardless of the data rate coming out of the encoder (increasing latency).
但是,压缩可能会在某些情况下引入旁道攻击,因此您必须分析自己的使用情况。最近针对加密的VOIP报告了这种攻击:要点是不同的音节在用VBR压缩时会产生比特率的特征变化,因为有些声音比其他声音压缩得更好。因此,一些(或所有)音节可以通过充分的分析来恢复,因为数据是以其生成的速率传输的。修复是要么使用(效率较低)CBR压缩,要么使用缓冲区以恒定速率传输,而不管编码器输出的数据速率如何(增加延迟)。
AES turns 16 byte input blocks into 16 byte output blocks. The only expansion is to round the data up to a whole number of blocks.
AES将16字节输入块转换为16字节输出块。唯一的扩展是将数据四舍五入到整数个块。
#4
4
I am fairly sure AES encryption adds nothing to the data being encrypted, since that would give away information about the state variables, and that is a Bad Thing when it comes to cryptography.
我相当确定AES加密不会对正在加密的数据增加任何内容,因为这会泄露有关状态变量的信息,这在加密方面是个坏事。
If you want to mix compression and encryption, do them in that order. The reason is encrypted data (ideally) looks like totally random data, and compression algorithms will end up making the data bigger, due to its inability to actually compress any of it and overhead of book keeping that comes with any compressed file format.
如果要混合压缩和加密,请按顺序执行。原因是加密数据(理想情况下)看起来像是完全随机的数据,并且压缩算法最终会使数据变大,因为它无法实际压缩任何数据和任何压缩文件格式带来的簿记开销。
#5
0
If compression is necessary do it before you encrypt.
如果需要压缩,请在加密之前进行压缩。
#6
0
No. The only change will be a small amount of padding to align the data to the size of a block
不会。唯一的变化是少量填充,以便将数据与块的大小对齐
However, if you are compressing the content note that you should do this before encrypting. Encrypted data should generally be indistinguishable from random data, which means that it will not compress.
但是,如果要压缩内容备注,则应在加密前执行此操作。加密数据通常应与随机数据无法区分,这意味着它不会压缩。
#7
-1
@freespace and others: One of the things I remember from my cryptography classes is that you should not compress your data before encryption, because some repeatable chunks of compressed stream (like section headers for example) may make it easier to crack your encryption.
@freespace和其他:我在密码学课程中记得的一件事是你不应该在加密之前压缩你的数据,因为一些可重复的压缩流块(比如节目标题)可能会更容易破解你的加密。
#1
43
AES does not expand data. Moreover, the output will not generally be compressible; if you intend to compress your data, do so before encrypting it.
AES不会扩展数据。而且,输出通常不可压缩;如果您打算压缩数据,请在加密之前执行此操作。
However, note that AES encryption is usually combined with padding, which will increase the size of the data (though only by a few bytes).
但请注意,AES加密通常与填充相结合,这将增加数据的大小(尽管只有几个字节)。
#2
22
AES does not expand the data, except for a few bytes of padding at the end of the last block.
AES不会扩展数据,除了最后一个块末尾的几个填充字节。
The resulting data are not compressible, at any rate, because they are basically random - no dictionary-based algorithm is able to effectively compress them. A best practice is to compress the data first, then encrypt them.
结果数据无论如何都是不可压缩的,因为它们基本上是随机的 - 没有基于字典的算法能够有效地压缩它们。最佳做法是首先压缩数据,然后加密它们。
#3
7
It is common to compress data before encrypting. Compressing it afterwards doesn't work, because AES encrypted data appears random (as for any good cipher, apart from any headers and whatnot).
在加密之前压缩数据是很常见的。之后压缩它不起作用,因为AES加密数据看起来是随机的(对于任何好的密码,除了任何标题和诸如此类的东西之外)。
However, compression can introduce side-channel attacks in some contexts, so you must analyse your own use. Such attacks have recently been reported against encrypted VOIP: the gist is that different syllables create characteristic variations in bitrate when compressed with VBR, because some sounds compress better than others. Some (or all) syllables may therefore be recoverable with sufficient analysis, since the data is transmitted at the rate it is generated. The fix is to either to use (less efficient) CBR compression, or to use a buffer to transmit at constant rate regardless of the data rate coming out of the encoder (increasing latency).
但是,压缩可能会在某些情况下引入旁道攻击,因此您必须分析自己的使用情况。最近针对加密的VOIP报告了这种攻击:要点是不同的音节在用VBR压缩时会产生比特率的特征变化,因为有些声音比其他声音压缩得更好。因此,一些(或所有)音节可以通过充分的分析来恢复,因为数据是以其生成的速率传输的。修复是要么使用(效率较低)CBR压缩,要么使用缓冲区以恒定速率传输,而不管编码器输出的数据速率如何(增加延迟)。
AES turns 16 byte input blocks into 16 byte output blocks. The only expansion is to round the data up to a whole number of blocks.
AES将16字节输入块转换为16字节输出块。唯一的扩展是将数据四舍五入到整数个块。
#4
4
I am fairly sure AES encryption adds nothing to the data being encrypted, since that would give away information about the state variables, and that is a Bad Thing when it comes to cryptography.
我相当确定AES加密不会对正在加密的数据增加任何内容,因为这会泄露有关状态变量的信息,这在加密方面是个坏事。
If you want to mix compression and encryption, do them in that order. The reason is encrypted data (ideally) looks like totally random data, and compression algorithms will end up making the data bigger, due to its inability to actually compress any of it and overhead of book keeping that comes with any compressed file format.
如果要混合压缩和加密,请按顺序执行。原因是加密数据(理想情况下)看起来像是完全随机的数据,并且压缩算法最终会使数据变大,因为它无法实际压缩任何数据和任何压缩文件格式带来的簿记开销。
#5
0
If compression is necessary do it before you encrypt.
如果需要压缩,请在加密之前进行压缩。
#6
0
No. The only change will be a small amount of padding to align the data to the size of a block
不会。唯一的变化是少量填充,以便将数据与块的大小对齐
However, if you are compressing the content note that you should do this before encrypting. Encrypted data should generally be indistinguishable from random data, which means that it will not compress.
但是,如果要压缩内容备注,则应在加密前执行此操作。加密数据通常应与随机数据无法区分,这意味着它不会压缩。
#7
-1
@freespace and others: One of the things I remember from my cryptography classes is that you should not compress your data before encryption, because some repeatable chunks of compressed stream (like section headers for example) may make it easier to crack your encryption.
@freespace和其他:我在密码学课程中记得的一件事是你不应该在加密之前压缩你的数据,因为一些可重复的压缩流块(比如节目标题)可能会更容易破解你的加密。