gpt4 book ai didi

c# - 这段代码容易受到填充 oracle 攻击吗?

转载 作者:行者123 更新时间:2023-11-30 15:51:50 24 4
gpt4 key购买 nike

以下代码是否容易受到填充 oracle 攻击,因为它会返回填充是否有效(CBC、PKCS#7)?

代码直接取自微软的网页,可以在 dotnetfiddle.net 等在线编译器上轻松运行。

using System;
using System.IO;
using System.Security.Cryptography;

namespace RijndaelManaged_Example
{
class RijndaelExample
{
public static void Main()
{
try
{

string original = "Here is some data to encrypt!";

// Create a new instance of the RijndaelManaged
// class. This generates a new key and initialization
// vector (IV).
using (RijndaelManaged myRijndael = new RijndaelManaged())
{

myRijndael.GenerateKey();
myRijndael.GenerateIV();
// Encrypt the string to an array of bytes.
byte[] encrypted = EncryptStringToBytes(original, myRijndael.Key, myRijndael.IV);

// Decrypt the bytes to a string.
string roundtrip = DecryptStringFromBytes(encrypted, myRijndael.Key, myRijndael.IV);

//Display the original data and the decrypted data.
Console.WriteLine("Original: {0}", original);
Console.WriteLine("Round Trip: {0}", roundtrip);
}

}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e.Message);
}
}
static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
byte[] encrypted;
// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Key = Key;
rijAlg.IV = IV;

// Create an encryptor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);

// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{

//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}


// Return the encrypted bytes from the memory stream.
return encrypted;

}

static string DecryptStringFromBytes(byte[] cipherText, byte[] Key, byte[] IV)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");

// Declare the string used to hold
// the decrypted text.
string plaintext = null;

// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Key = Key;
rijAlg.IV = IV;

// Create a decryptor to perform the stream transform.
ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);

// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}

}

return plaintext;

}
}
}

我目前正在研究的程序使用上面的代码来加密一些 XML 文件。这是该程序的示例文件(只有一个元素的 XML 文件)。

最佳答案

是的,该代码很容易受到攻击,因为 .NET 默认使用 PKCS#7 兼容填充的 CBC。您可以通过更改密文(它的最后 16 个字节)并检查是否抛出异常来轻松地对此进行测试。请注意,错误条件不是填充 oracle 工作的必需,时间差异可能已经泄漏了足够的信息。

当然,这并不一定意味着使用该代码的系统容易受到攻击。如果该代码用于对静态数据执行加密(例如文件加密),则很可能无法构造填充预言机,并且攻击的必要条件不满足。

请注意,填充预言机攻击是一种特定类型的明文预言机攻击。即使使用不同的 block 密码模式,其他攻击也是可能的。通常,您需要经过身份验证的加密以确保无法使用纯文本预言机:仅在消息完整性和真实性得到验证后才采取行动。

显示的代码对于传输模式安全性来说是不安全的。当然,为了确保传输安全,CBC padding oracle 可能性只是众多漏洞之一;足以说明该代码片段根本没有证明传输安全性。

关于c# - 这段代码容易受到填充 oracle 攻击吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55982277/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com