java PBEKeySpec 迭代计数和键长度参数有什么影响?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6126061/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PBEKeySpec what do the iterationCount and keyLength parameters influence?
提问by Mark
Delving into the java encryption and hashing world I see examples of the constructor for the PBEKeySpecclass with various values for the iterationCountand the keyLengthparameters. Nothing seems to explain what these parameters impact or mean.
深入研究 java 加密和散列世界,我看到了PBEKeySpec类的构造函数示例,其中包含iterationCount和keyLength参数的各种值。似乎没有什么可以解释这些参数的影响或含义。
I am assuming that keyLengthis how long the key is so 32 bit encryption would take a value of 32 for the key length, but that assumption feels wrong. My guess for the iterationCountis the number of times each char is encrypted, again not feeling the love on that assumption either.
我假设这keyLength是密钥的长度,因此 32 位加密的密钥长度值为 32,但这种假设感觉是错误的。我的猜测iterationCount是每个字符被加密的次数,同样也没有感受到那个假设的爱。
Links to info or an explanation are appreciated.
链接到信息或解释表示赞赏。
回答by Maarten Bodewes
The iteration count is the number of times that the password is hashed during the derivation of the symmetric key. The higher number, the more difficult it is to validate a password guess and then derive the correct key. It is used together with the salt which is used to prevent against attacks using rainbow tables. The iteration count should be as high as possible, without slowing your own system down too much. A more generic term for iteration count is work factor.
迭代计数是在导出对称密钥期间对密码进行散列的次数。数字越大,验证密码猜测并推导出正确密钥就越困难。它与用于防止使用彩虹表的攻击的盐一起使用。迭代次数应该尽可能高,不要让你自己的系统减慢太多。迭代计数的一个更通用的术语是work factor。
The key length is the length in bitsof the derived symmetric key. A DESede key can be either 128 or 192 bits long, including parity bits. An AES key can be 128, 192 or 256 bits long. The problem is that it is not specified by the API which key length (bits / bytes, with- or without parity) is meant; for PBEKeySpecthe key size is bits, including the parity bits as shown in this section.
密钥长度是导出的对称密钥的比特长度。DESede 密钥的长度可以是 128 位或 192 位,包括奇偶校验位。AES 密钥的长度可以是 128、192 或 256 位。问题是 API 没有指定密钥长度(位/字节,有或没有奇偶校验)的含义;因为PBEKeySpec密钥大小是位,包括本节所示的奇偶校验位。
The key derivation function normally just outputs "enough" random bits, so that's why you can still specify the required key size.
密钥派生函数通常只输出“足够”的随机位,因此您仍然可以指定所需的密钥大小。
Notes:
笔记:
- For more info, please have a look at the standard, PKCS standards tend to be relatively easy to read.
- The salt just needs to be unique; generally this is achieved by creating a 64 to 256 bit fully random salt using a secure random number generator (which, for Java means using
new SecureRandom()and thennextBytes(int amount)). The salt can be public and stored with the ciphertext or password hash. - Specifying any value larger than the output size of the hash (by default this is SHA-1, 160 bits output size) for the key size may fail (for PBKDF1) or result in an additional slowdown (for PBKDF2). Not recommended; just use a hash function such as SHA-256, SHA-512 in the algorithm specification.
- SHA-1 (sometimes just called SHA as SHA-0 was never used) and evenMD5 are still completely secure for this kind of function (as it doesn't rely on collision resistance) but you should still go for a more secure option such as SHA-256 or SHA-512 for new protocols.
- 有关更多信息,请查看标准,PKCS 标准往往相对容易阅读。
- 盐只需要是独一无二的;通常这是通过使用安全随机数生成器创建 64 到 256 位完全随机盐来实现的(对于 Java 意味着使用
new SecureRandom()然后nextBytes(int amount))。盐可以是公开的,并与密文或密码哈希一起存储。 - 为密钥大小指定任何大于散列输出大小(默认为 SHA-1,160 位输出大小)的值可能会失败(对于 PBKDF1)或导致额外的减速(对于 PBKDF2)。不建议; 只需在算法规范中使用散列函数,例如 SHA-256、SHA-512。
- SHA-1(有时只是称为 SHA,因为从未使用过 SHA-0)甚至MD5 对于这种功能仍然是完全安全的(因为它不依赖于抗碰撞性)但您仍然应该选择更安全的选项,例如作为新协议的 SHA-256 或 SHA-512。
