限制rijndaelmanaged算法密钥大小？

Question

我正在使用rijndaelmanaged管理的密码加密算法。

是否有办法限制加密的文本密钥的大小？

例:1，ABC加密密钥大小为10。

  2, ABCDHGF - Encrypted key size 10

意味着固定大小!！

Answer 1

如果不需要从加密数据返回密码，则可以使用哈希算法。首先计算密码的哈希值，然后加密该哈希值。由于哈希值的长度是固定的，所以加密的数据将有固定的长度。当您需要检查密码时，解密加密的值并从输入的密码重新计算散列值，然后检查它们是否匹配。

例如，在注册页面上

var encryptedPwd = Encrypt(ComputeHash(txtPassword.Text));
Save(txtUsername.Text, encryptedPwd);

在登录页面上

var encryptedPwd = SelectPwd(txtUsername.Text);
var pwdHash1 = Decrypt(encryptedPwd);
var pwdHash2 = ComputeHash(txtPassword.Text);

if (AreEqual(pwdHash1, pwdHash2))
   // Login OK!
else
   // Login fail

另一种选择可能是定制填充。假设您的密码最大长度为16个字符。然后，你可以把每个密码垫到16个字符与一些固定的字符。然后加密这个填充密码。这将更容易验证，但使用哈希更安全一些。

注册

var encryptedPwd = Encrypt(txtPassword.Text.PadRight(16, 'X'));
Save(txtUsername.Text, encryptedPwd);

登录

var encryptedPwd = SelectPwd(txtUsername.Text);
var pwd1 = Decrypt(encryptedPwd);
var pwd2 = txtPassword.Text.PadRight(16, 'X');

if (AreEqual(pwd1, pwd2))
   // Login OK!
else
   // Login fail

Answer 2

建议不要使用简单的散列，而是使用密码增强算法，如Rfc2898中指定的算法。

string password = "P@$$w0rd";
byte[] salt = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7 }; // this is fixed... It would be better you used something different for each user

// You can raise 1000 to greater numbers... more cycles = more security. Try
// balancing speed with security.
Rfc2898DeriveBytes pwdGen = new Rfc2898DeriveBytes(password, salt, 1000);

// generate key and iv
byte[] key = pwdGen.GetBytes(16);
byte[] iv = pwdGen.GetBytes(16);


byte[] encrypted;

{
    RijndaelManaged rijndaelCipher = new RijndaelManaged();
    rijndaelCipher.Key = key;
    rijndaelCipher.IV = iv;

    // Or your data
    byte[] data = System.Text.Encoding.UTF8.GetBytes("hello world");
    var encryptor = rijndaelCipher.CreateEncryptor();

    encrypted = encryptor.TransformFinalBlock(data, 0, data.Length);
}

{
    RijndaelManaged rijndaelCipher = new RijndaelManaged();
    rijndaelCipher.Key = key;
    rijndaelCipher.IV = iv;

    var decryptor = rijndaelCipher.CreateDecryptor();

    byte[] decrypted = decryptor.TransformFinalBlock(encrypted, 0, encrypted.Length);

    // this if you are encrypting text, otherwise decrypted is already your data
    string text = System.Text.Encoding.UTF8.GetString(decrypted);
}