help

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

help

严雨涛
help
我想用java和c#同样的方式产生同样的结果,但是java的结果是固定的,c#的结果是随机的,是我使用的方式不正确吗?
I want to produce the same result in the same way as Java and c#, but the result of Java is fixed, and the result of c# is random. Is it the way I use it incorrect?

c#:
        private static string Test1(string password)
        {
            var kgen = GeneratorUtilities.GetKeyGenerator("AES");
            var random = SecureRandom.GetInstance("SHA1PRNG");
            random.SetSeed(Encoding.UTF8.GetBytes(password));
            var param = new KeyGenerationParameters(random, 128);
            kgen.Init(param);
            var secretKey = kgen.GenerateKey();
            return Convert.ToBase64String(secretKey);
        }
java:
private static String Test1(String password) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
java.security.SecureRandom random = java.security.SecureRandom.getInstance("SHA1PRNG");
random.setSeed(password.getBytes());
kgen.init(128, random);
SecretKey secretKey = kgen.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
return Base64.encode(enCodeFormat);
}
Reply | Threaded
Open this post in threaded view
|

RE: help

Eckenfels. Bernd
Hello.

SecureRandom.setSeed() is not a proper defined way for a password derivation function. Consequently you do not get the same result (and .Net seems to not allow to overwrite the initial seed completely).

You need to use a different key generator, maybe some of the PBE variants (or do a hashing of the password yourself).you should use a proper, seeded and random key derivation ifmyour password is low entropy and bruteforceable.

Gruss
Bernd
--
http://www.seeburger.com
________________________________________
From: 严雨涛 [[hidden email]]
Sent: Saturday, December 23, 2017 14:03
To: dev-crypto
Subject: [dev-crypto] help

help
我想用java和c#同样的方式产生同样的结果,但是java的结果是固定的,c#的结果是随机的,是我使用的方式不正确吗?
I want to produce the same result in the same way as Java and c#, but the result of Java is fixed, and the result of c# is random. Is it the way I use it incorrect?

c#:
        private static string Test1(string password)
        {
            var kgen = GeneratorUtilities.GetKeyGenerator("AES");
            var random = SecureRandom.GetInstance("SHA1PRNG");
            random.SetSeed(Encoding.UTF8.GetBytes(password));
            var param = new KeyGenerationParameters(random, 128);
            kgen.Init(param);
            var secretKey = kgen.GenerateKey();
            return Convert.ToBase64String(secretKey);
        }
java:
private static String Test1(String password) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
java.security.SecureRandom random = java.security.SecureRandom.getInstance("SHA1PRNG");
random.setSeed(password.getBytes());
kgen.init(128, random);
SecretKey secretKey = kgen.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
return Base64.encode(enCodeFormat);
}








SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.