One-Time-Pad
我的一次性密碼是否安全?
這是我為加密文本文件而製作的程序。它使用一次性密碼來加密文件,但我不知道我的程序中是否有任何漏洞可能是漏洞。我的一次性密碼是否安全?
import os q = 1 while q == 1: e = raw_input("file to encypt: ") #This will open a file for encryption o = open(e, "r") o1 = o.read() #This is the plain text to encrypt #'The quick brown fox jumps over the lazy dog' plain = o1 #This will measure the length of the plain text f3 = len(plain) #generate random chacters as long as the text a1 = os.urandom(f3) #makes the random characters tuple format b = list(a1) b2 = list(plain) s = plain #gives the ascii value of the charters L = [ord(c) for c in s] s = a1 a = [ord(c) for c in s] b = [ord(c) for c in plain] #adds the random digits and the plain text c = map(sum, zip(a,b)) #uses Modular arithmetic if the sum is greater than 256 x=c z = [] for y in x: z.append(y-256 if y>=256 else y) z = [y-256 if y >= 256 else y for y in x] #converts the sum back to charter form cipher_text = ''.join(chr(i) for i in z) #makes a folder for the files base1 = os.path.basename(e) base2 = os.path.splitext(base1)[0] #makes a folder for the output p = "/Users/kyle/one_time_pad/"+base2 print p if os.path.exists(p): print else: os.mkdir(p) key = a1 #makes a file containg the key p = p + "/" f2 = p+"key.txt" #print f2 if os.path.exists(f2): f1 = file(f2, "w") f1 = open(f2, "w") f1.write(key) f1.close() else: f1 = file(f2, "w") f1 = open(f2, "w") f1.write(key) f1.close() #makes a file containg the cipher text f3 = p+"cipher_text.txt" if os.path.exists(f3): f1 = file(f3, "w") f1 = open(f3, "w") f1.write(cipher_text) f1.close() else: f1 = file(f3, "w") f1 = open(f3, "w") f1.write(cipher_text) f1.close() f4 = p+"encrypt.py" encrypt1 = open("/Users/kyle/encrypt.py", "r") encrypt = encrypt1.read() if os.path.exists(f4): f1 = file(f4, "w") f1 = open(f4, "w") f1.write(encrypt) f1.close() else: f1 = file(f4, "w") f1 = open(f4, "w") f1.write(encrypt) f1.close() f5 = p+"decrypt.py" encrypt1 = open("/Users/kyle/decrypt.py", "r") encrypt = encrypt1.read() if os.path.exists(f5): f1 = file(f5, "w") f1 = open(f5, "w") f1.write(encrypt) f1.close() else: f1 = file(f5, "w") f1 = open(f5, "w") f1.write(encrypt) f1.close() print 50*"-"這是我用於解密的程式碼
import os q = 1 while q == 1: #opens the cipher text and it converts it to decimal cipher = raw_input("cipher text: ") cipher1 = open(cipher, "r") cipher2 = cipher1.read() cipher3 = [ord(c) for c in cipher2] #opens the key and coverts it to decimal key = raw_input("key: ") key1 = open(key, "r") key2 = key1.read() key3 = [ord(c) for c in key2] #subtracts the key from the cipher a = cipher3 b = key3 c = map(lambda x: (x[0]-x[1]) % 256, zip(a,b)) #prints out the decrypted plain text decrypt = ''.join(map(chr,c)) #makes a file with the decrypted output path1 = raw_input("out folder: ") name = "plain_text.txt" path2 = path1 + "/" + name if os.path.exists(path2): f1 = file(path2, "a") f1 = open(path2, "a") f1.write(decrypt) f1.close() else: f1 = file(path2, "w") f1 = open(path2, "w") f1.write(decrypt) f1.close() print 50*"-"
我看到的第一個漏洞是您正在使用 random generator
urandom。你怎麼知道這個函式生成的序列是真正隨機的?第二個漏洞是您將密鑰保存為明文!
您不應該使用
os.urandom,因為該模組是基於種子編號的 PRNG。相反,您應該使用/dev/random.將密鑰保存為明文並不是一個壞主意。這是一個可怕的想法。如果您在 Linux 上編寫 python,請將密鑰保存在
WAVE Audio File. 如果您在 Windows 上編寫 Py’,請將其另存為Executable兩者都是速記的可怕想法,但它是基本的。並將其保存為這些文件格式,請使用 DeepSound。而且,不建議將密鑰保存在硬碟上。將其保存在 USB 快閃記憶體驅動器、Micro SD 卡或其他任何東西上。
但是請確保包含密鑰文件的介質已完全加密,我建議您創建自己的 AES 硬碟加密應用程序,或者僅從原始碼編譯 VeraCrypt。
AES 密鑰應以明文、紙質形式而非數字媒體形式傳遞,並且應面對面傳遞給消息接收者。
解密時,機器應該完全離線,並且遠離智能手機或任何具有網際網路連接(WIFI 或移動數據)的設備,以防止 BitWhisper 或 Acoustic 密碼分析。
對不起,如果我看起來像個偏執狂,但我就是一個!;-)
關於 PRNG、聲學密碼分析的來源:維基百科。
來源
/dev/random:https ://cryptoaarchy.freed0m4all.net/wiki/One_Time_Pad