TripleDES:指定的密钥是“TripleDES"的已知弱密钥，不能使用

问题描述

我正在使用 .NET 3.0 类 System.Security.Cryptography.MACTripleDES 类来生成 MAC 值.不幸的是，我正在使用一个使用1111111111111111"(作为十六进制)作为单长 DES 密钥的硬件设备.System.Security.Cryptography 库会对密钥进行一些完整性检查，如果您尝试使用加密弱密钥，则会返回异常.

I'm using the .NET 3.0 class System.Security.Cryptography.MACTripleDES class to generate a MAC value. Unfortunately, I am working with a hardware device that uses "1111111111111111" (as hex) as a single-length DES key. The System.Security.Cryptography library does some sanity checking on the key and returns a Exception if you try to use a cryptographically weak key.

例如:

byte[] key = new byte[24];
for (int i = 0; i < key.Length; i++)
  key[i] = 0x11;

byte[] data = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] computedMac = null;
using (MACTripleDES mac = new MACTripleDES(key))
{
  computedMac = mac.ComputeHash(data);
}

抛出异常

System.Security.Cryptography.CryptographicException : Specified key is a known weak key for 'TripleDES' and cannot be used.

我知道这不是安全密钥.在生产中，设备将使用新的安全密钥进行闪存.同时，有什么方法可以抑制这个异常被抛出?也许是 app.config 或注册表设置?

I know this is not a secure key. In production, the device will be flashed with a new, secure key. In the mean time, is there any way to inhibit this Exception from being thrown? Perhaps an app.config or registry setting?

由于算法强制奇校验，密钥实际上是 101010....我不确定这是否适用于 DES 算法，或者只是我所做的支付处理工作中的一个要求.

The key would actually be 101010... due to the algorithm forcing odd parity. I'm not sure if this is universal to the DES algorithm or just a requirement in the payment processing work I do.

编辑 2:Daniel 在下面的回答中有一些关于 .NET 黑客的非常好的信息.不幸的是，我无法使用这种技术解决我的问题，但仍然有一些有趣的阅读.

Edit 2: Daniel's answer below has some very good information about hacking .NET. Unfortunately, I wasn't able to solve my problem using this technique, but there is still some interesting reading there.

推荐答案

您可以在 DESCryptoServiceProvider.

<1111111111111111> 不是弱 DES 密钥.

<1111111111111111> is not a weak DES key.

这将计算一个 DES CBC-MAC:

This will calculate a DES CBC-MAC:

public static byte[] CalcDesMac(byte[] key, byte[] data){
        DESCryptoServiceProvider des = new DESCryptoServiceProvider();
        des.Key = key;
        des.IV = new byte[8];
        des.Padding = PaddingMode.Zeros;
        MemoryStream ms = new MemoryStream();
        using(CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)){
          cs.Write(data, 0, data.Length);
        }
        byte[] encryption = ms.ToArray();
        byte[] mac = new byte[8];
        Array.Copy(encryption, encryption.Length-8, mac, 0, 8);
        PrintByteArray(encryption);
        return mac;
    }

这篇关于TripleDES:指定的密钥是“TripleDES"的已知弱密钥，不能使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！