Question

加密和加密算法通过权力单和共同点应用页面:

    public static string Encrypt(string dataToEncrypt, string password, string salt)
    {
        AesManaged aes = null;
        MemoryStream memoryStream = null;
        CryptoStream cryptoStream = null;

        try
        {
            Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt), 10000);

            aes = new AesManaged();
            aes.Key = rfc2898.GetBytes(32);
            aes.IV = rfc2898.GetBytes(16);

            memoryStream = new MemoryStream();
            cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);

            byte[] data = Encoding.UTF8.GetBytes(dataToEncrypt);
            cryptoStream.Write(data, 0, data.Length);
            cryptoStream.FlushFinalBlock();

            return Convert.ToBase64String(memoryStream.ToArray());
        }
        finally
        {
            if (cryptoStream != null)
                cryptoStream.Close();

            if (memoryStream != null)
                memoryStream.Close();

            if (aes != null)
                aes.Clear();
        }
    }

为什么加密的扼杀性改动? 是否涉及适用范围?

Answer 1

由于$ nature. $,在职能通过权力hell时,应当逃脱。

Answer 2

当我以同样的数据、密码和盐子来管理问题时,它每次都会产生同样的结果。如果即使是通过细化改变数据其余部分,则你应确保数据“加密”和盐类每次都相同。

However that said, for semantic security, that is not what you want. You want a random salt to make it harder to brute force the password, and a random nonsecret IV set so that two identical plaintexts don t have the same ciphertext.

这里是以下最佳做法的实例:,使用加密算法设计的安全特征。 <代码>SimpleEncodeWithPasword与你正在做的工作相类似,尽管举例来说,衍生钥匙的频率是变数,而且由于性能原因,你可能希望硬性编码。

友情链接