此加密代码是否安全?

时间:2014-08-18 12:59:14

标签: c# security encryption aes rijndaelmanaged

将使用此代码的应用程序必须足够安全,以加密SECRET级别的机密数据。

我知道rijndaelManaged类没有经过FIPS批准,但这不会影响安全性,所以我认为只要文件加密并使用相同的方法解密就可以了。应用。

此加密代码对于机密信息是否足够安全?

public static class AESEncryption
{
    private static readonly byte[] initVectorBytes = Encoding.ASCII.GetBytes("tu89geji340t89u2");
    private const int keysize = 256;
    public static string Encrypt(string plainText, string passPhrase)
    {
        byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
        using (PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null))
        {
            byte[] keyBytes = password.GetBytes(keysize / 8);
            using (RijndaelManaged symmetricKey = new RijndaelManaged())
            {
                symmetricKey.Mode = CipherMode.CBC;
                using (ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes))
                {
                    using (MemoryStream memoryStream = new MemoryStream())
                    {
                        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                        {
                            cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                            cryptoStream.FlushFinalBlock();
                            byte[] cipherTextBytes = memoryStream.ToArray();
                            return Convert.ToBase64String(cipherTextBytes);
                        }
                    }
                }
            }
        }
    }

    public static string Decrypt(string cipherText, string passPhrase)
    {
        byte[] cipherTextBytes = Convert.FromBase64String(cipherText);
        using (PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null))
        {
            byte[] keyBytes = password.GetBytes(keysize / 8);
            using (RijndaelManaged symmetricKey = new RijndaelManaged())
            {
                symmetricKey.Mode = CipherMode.CBC;
                using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes))
                {
                    using (MemoryStream memoryStream = new MemoryStream(cipherTextBytes))
                    {
                        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                        {
                            byte[] plainTextBytes = new byte[cipherTextBytes.Length];
                            int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                            return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
                        }
                    }
                }
            }
        }
    }
}

1 个答案:

答案 0 :(得分:4)

您未使用经过身份验证的加密。这允许攻击修改消息,尽管他无法读取消息。

您使用的是常数IV 。这是一个信息泄露,因为攻击者可以判断您是否多次加密相同的消息。

IV的目的不是硬编码为某些特定值。让crypto API为您生成一个。

您很容易受到Padding Oracle攻击,因为您泄漏了检测到无效填充的信息。

除了这些问题之外,这段代码看起来还不错。

我建议您使用适用于.NET的AES-GCM。它是一个加密和验证数据的集成原语。很难出错。

相关问题
最新问题