I want to use AES to encrypt some data of arbitrary length, and I'm wondering what block cipher mode I should use. http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html recommends AES in CTR mode. I'm writing a Ruby on Rails plugin, and unfortunately OpenSSL (which Ruby has standard bindings for) doesn't support CTR. I want my code to work out of the box for everybody without requiring them to install a third-party crypto library, so for now I'm using CFB. Is CFB acceptable? How does it compare to CTR or other modes (with the exception of ECB, which I know is insecure)?
我想使用AES加密一些任意长度的数据,我想知道我应该使用哪种分组密码模式。 http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html建议在CTR模式下使用AES。我正在编写一个Ruby on Rails插件,不幸的是OpenSSL(Ruby有标准绑定)不支持CTR。我希望我的代码能够为所有人开箱即用,而不需要他们安装第三方加密库,所以现在我正在使用CFB。 CFB可以接受吗?它与CTR或其他模式相比如何(ECB除外,我知道这是不安全的)?
4 个解决方案
#1
AFAIK, CFB is as secure as any other mode. Advantages of stream modes are in other areas (parallelization, random access, etc).
AFAIK,CFB与任何其他模式一样安全。流模式的优点在于其他领域(并行化,随机访问等)。
The other poster is correct in as so much that encryption by itself doesn't have to mean anything. There's a ton of details, and you're likely to miss some.
另一张海报是正确的,因为加密本身并不意味着什么。有很多细节,你可能会错过一些。
On the other hand, I disagree with the ECB/CFB comment. ECB can expose patterns in your data, and can make weak schemes even weaker. I wouldn't be too reluctant to write it off as "insecure".
另一方面,我不同意欧洲央行/ CFB的评论。 ECB可以揭示数据中的模式,并且可以使弱方案更弱。我不会太不愿意把它写成“不安全”。
#2
CFB is as secure as CTR in the context of a stream cipher.. CTR can be parallelised whereas CFB cannot. Heed the warnings that implementing your own cryptographic stream cipher will probably leave yourself with security holes. Your best bet would be to do C bindings from Ruby to OpenSSL if possible.
在流密码的上下文中,CFB与CTR一样安全.CTR可以并行化,而CFB则不能。注意实施您自己的加密流密码的警告可能会给您带来安全漏洞。如果可能的话,最好的办法是从Ruby到OpenSSL进行C绑定。
#3
As an alternative to using a mode that combines to make a stream cipher, you can approach the problem with a technique called cipher text stealing (CTS) together with a mode like CBC, but that will only work for data sizes 16 bytes and up.
作为使用组合生成流密码的模式的替代方法,您可以使用称为密文窃取(CTS)的技术以及类似CBC的模式来解决问题,但这仅适用于16字节及以上的数据大小。
#4
Do not do your own cryptography. If you have to ask such a question, you are very unlikely to do it right. Use a library, please.
不要做自己的密码学。如果你不得不提出这样的问题,你就不太可能做得对。请使用图书馆。
Refer, for instance to this post, and then this follow up, and, particularly, the blog it is referring to.
例如,参考这篇文章,然后进行跟进,特别是它所指的博客。
For example, ECB is not any more insecure than CFB. They are used for different purposes, and choosing one over the other for the wrong purpose will be just as insecure.
例如,欧洲央行并不比CFB更不安全。它们用于不同的目的,并且出于错误的目的而选择一个而另一个将是不安全的。
#1
AFAIK, CFB is as secure as any other mode. Advantages of stream modes are in other areas (parallelization, random access, etc).
AFAIK,CFB与任何其他模式一样安全。流模式的优点在于其他领域(并行化,随机访问等)。
The other poster is correct in as so much that encryption by itself doesn't have to mean anything. There's a ton of details, and you're likely to miss some.
另一张海报是正确的,因为加密本身并不意味着什么。有很多细节,你可能会错过一些。
On the other hand, I disagree with the ECB/CFB comment. ECB can expose patterns in your data, and can make weak schemes even weaker. I wouldn't be too reluctant to write it off as "insecure".
另一方面,我不同意欧洲央行/ CFB的评论。 ECB可以揭示数据中的模式,并且可以使弱方案更弱。我不会太不愿意把它写成“不安全”。
#2
CFB is as secure as CTR in the context of a stream cipher.. CTR can be parallelised whereas CFB cannot. Heed the warnings that implementing your own cryptographic stream cipher will probably leave yourself with security holes. Your best bet would be to do C bindings from Ruby to OpenSSL if possible.
在流密码的上下文中,CFB与CTR一样安全.CTR可以并行化,而CFB则不能。注意实施您自己的加密流密码的警告可能会给您带来安全漏洞。如果可能的话,最好的办法是从Ruby到OpenSSL进行C绑定。
#3
As an alternative to using a mode that combines to make a stream cipher, you can approach the problem with a technique called cipher text stealing (CTS) together with a mode like CBC, but that will only work for data sizes 16 bytes and up.
作为使用组合生成流密码的模式的替代方法,您可以使用称为密文窃取(CTS)的技术以及类似CBC的模式来解决问题,但这仅适用于16字节及以上的数据大小。
#4
Do not do your own cryptography. If you have to ask such a question, you are very unlikely to do it right. Use a library, please.
不要做自己的密码学。如果你不得不提出这样的问题,你就不太可能做得对。请使用图书馆。
Refer, for instance to this post, and then this follow up, and, particularly, the blog it is referring to.
例如,参考这篇文章,然后进行跟进,特别是它所指的博客。
For example, ECB is not any more insecure than CFB. They are used for different purposes, and choosing one over the other for the wrong purpose will be just as insecure.
例如,欧洲央行并不比CFB更不安全。它们用于不同的目的,并且出于错误的目的而选择一个而另一个将是不安全的。