Cza*_*ing 0 java encryption hash password-encryption
为了使其更适用于其他人,我想知道写代码是多么逼真,它会将消息加密到没有密码就不可能被解密的程度.我认为最好的方法是制作哈希算法并添加随机性.那么业余爱好者编写声音加密有多现实?任何工程师都能破解业余加密算法吗?编辑:几个答案讨论了对计算机内存的攻击,这是我很欣赏的有用信息,但我更感兴趣的是知道该消息是否可以直接解密.我假设cryptoanalyser无法访问计算机混淆消息,因为如果他这样做他无论如何都可以查看我的源代码并找到解密算法.这是我的例子:
public class Keys { // hold the methods and information used to lock, unlock, make the key, get the "keypad" after it has been locked, and a static method to change int[] to long[]
// Fields
private String passphrase;
private long[] key;
private long keynum;
private long[] pad;
Random rands = new Random();
// Constructors
public Keys (String passphrase) // makes a key based of the given passphrase
{
this.passphrase = passphrase;
key = keycipher(this.passphrase.toCharArray());
key = keyfix(key);
keynum = key[0];
for (int i=1; i < key.length && key[i] != 0; i=i+1)
if (i <key.length -1 && key[i] == key[i+1])
keynum = keynum *key[i] +1;
else if (i+1 < key.length)
keynum = keynum * key[i] - key[i+1];
else
keynum = keynum * key[i] -1;
}
/**
*used to lock and save a message in the pad field
* @param message2lock the input which will be locked using the key and saved as the field pad
*/
public void lock (String message2lock)
{
Message2Num holenums = new Message2Num(message2lock); // message2nums converts inout string to number []
holenums.step1(); //uses custom cipher to change each character to a long
long[] hole =new long[holenums.step2().length];
int t =0;
for(int g : holenums.step2())
/* // Step 2 uses the cipher from step 1 and hides it in random numbers by doubling the array length
then making every even number in the array length a random number and every odd number the last random number
minus the original cipher number
*/
{
hole[t] = (long) g;
t++;
}
hole = this.padding(hole);
double p = (double) keynum;
p = 3* Math.cos(p);
long z = (long) p;
for ( int i =0; i< hole.length; i++)
hole[i] = hole[i] * keynum + z;
hole = Message2Num.addcommas(hole);
pad =hole;
}
不看你的代码 - 两个问题的两个答案:
那么业余爱好者编写声音加密有多现实?
不切实际.甚至专业的密码学家的实现也经常受到攻击,暴露,削弱.除了需要稳定的数学运算之外,还可以进行侧通道攻击(例如,在时序,功耗方面),并且可能会泄漏内存中遗留的数据.
简而言之:除非特别是您的业务,否则不值得实施您自己的加密.只需使用现有的实现.如果他们有缺陷,他们就会有较少的缺陷,自己和将被更新.
任何工程师都能破解业余加密算法吗?
是.是的.因为你会犯新秀的错误.足够的人已经把手指烧成了不适当的加密算法.不要将自己添加到列表中.
如果你这样做 - 不要称之为加密,而是将其命名为混淆.这是业余爱好者可以"安全地"做的事情