我在靜態加密類有一個方法,看起來像這樣:AES加密...缺少的重要棋子
public static byte[] EncryptString(string toEncrypt, byte[] encryptionKey)
{
var toEncryptBytes = Encoding.UTF8.GetBytes(toEncrypt);
using (var provider = new AesCryptoServiceProvider())
{
provider.Key = encryptionKey;
provider.Mode = CipherMode.ECB;
provider.Padding = PaddingMode.ISO10126;
using (var encryptor = provider.CreateEncryptor(provider.Key, provider.IV))
{
using (var ms = new MemoryStream())
{
using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
cs.Write(toEncryptBytes, 0, toEncryptBytes.Length);
cs.FlushFinalBlock();
}
return ms.ToArray();
}
}
}
}
我有一個單元測試,如下所示:
[TestMethod]
public void EncryptStringEncryptsTest()
{
var toEncrypt = "My text to encrypt";
var encryptionKey = Convert.FromBase64String("93mcgv9UBYpwgoUX0AXEaU1BqTCufPWPkFdOdoILLDA=");
var encrypted = Encryption.EncryptString(toEncrypt, encryptionKey);
var text = Convert.ToBase64String(encrypted);
Assert.IsTrue(false);
}
每次運行這個時,text
值都會改變。考慮到相同的投入,我希望它保持不變。期待我錯了,還是我做錯了什麼?
ECB不安全。 – SLaks
請在此定義「不安全」,如果我更改模式,是否需要更改代碼?我幾乎總是使用哈希,所以對稱可逆加密是我必須承認我有一個弱點。 –
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29 – SLaks