分享程序员开发的那些事...
更新时间:2023-12-03 18:50:40
至于性能,如果你可以流视频和放大器;音乐,即对其进行处理一块的时间,那么你只需要解密解密整个文件的一个块,而不是提前。这可能会不够好表现,无论算法。
Regarding performance, if you can stream the video & music, i.e. process them one block at a time, then you only need to decrypt one block ahead instead of decrypting the entire file. This will probably be good enough for performance no matter the algorithm.
有关***安全性的尝试AES-256,preferably在CTR模式(见的科林·珀西瓦尔的文章原理)。需要注意的是CTR模式转换的AES分组密码流加密相当于而不降低其安全性 - 这有一些有用的特性,如随机存取解密(对CBC这迫使你解密一切取决于你想要的数据)。
For the best security try AES-256, preferably in CTR mode (see Colin Percival's article for rationale). Note that CTR mode converts the AES block cipher to the equivalent of a stream cipher without reducing its security - this has some useful properties, like random-access decryption (vs. CBC which forces you to decrypt everything up to the data you want).
如果CPU负载过高,RC4是较弱的,但对于大多数应用已经足够了。一定要使用256位密钥。
If the CPU load is too high, RC4 is weaker but good enough for most uses. Be sure to use a 256-bit key.
最后,你的方式生成加密密钥时的很重要的:
Finally, the way you generate the encryption keys is very important:
如果您使用相同的基本密钥的所有文件进行加密,总是使用随机数(又名IV或初始化向量)加密时:
If you use the same base key to encrypt all the files, always use a nonce (a.k.a IV or "Initialization Vector") when encrypting:
如果用户输入密码,生成使用PBKDF2基加密密钥(再次,参见科林·珀西瓦尔的文章原理)。
If the user enters a password, generate the base encryption key using PBKDF2 (again, see Colin Percival's article for rationale).
既然你已经在图书馆的HMAC-SHA256执行可以很容易地实现PBKDF2-HMAC-SHA256自己,搜索网络左右的示例实现。
Since you have an hmac-sha256 implementation in the library it's easy to implement PBKDF2-HMAC-SHA256 yourself, search the net or SO for sample implementations.