发表新帖
发表新帖

Why do different implementations of AES produce different output?

前端 未结
关注
2 1899
-上瘾入骨i
-上瘾入骨i 2021-01-21 19:33

I feel I have a pretty good understanding of hash functions and the contracts they entail.

SHA1 on Input X will ALWAYS produce the same output. You could use a Python l

2条回答
  • 粉色の甜心
    粉色の甜心 (楼主)
    2021-01-21 20:03

    In the SHA-1 example you give, there is only a single input to the function, and any correct SHA-1 implementation should produce the same output as any other when provided the same input data.

    For AES however things are a bit tricker, and since you don't specify what you mean exactly by "AES", this itself seems likely to be the source of the perceived differences between implementations.

    Firstly, "AES" isn't a single algorithm, but a family of algorithms that take different key sizes (128, 192 or 256 bits). AES is also a block cipher, it takes a single block of 128 bits/16 bytes of plaintext input, and encrypts this using the key to produce a single 16 byte block of output.

    Of course in practice we often want to encrypt more than 16 bytes of data at once, so we must find a way to repeatedly apply the AES algorithm in order to encrypt all the data. Naively we could split it into 16 byte chunks and encrypt each one in turn, but this mode (described as Electronic Codebook or ECB) turns out to be horribly insecure. Instead, various other more secure modes are usually used, and most of these require an Initialization Vector (IV) which helps to ensure that encrypting the same data with the same key doesn't result in the same ciphertext (which would otherwise leak information).

    Most of these modes still operate on fixed-sized blocks of data, but again we often want to encrypt data that isn't a multiple of the block size, so we have to use some form of padding, and again there are various different possibilities for how we pad a message to a length that is a multiple of the block size.

    So to put all of this together, two different implementations of "AES" should produce the same output if all of the following are identical:

    • Plaintext input data
    • Key (and hence key size)
    • IV
    • Mode (including any mode-specific inputs)
    • Padding

    0 讨论(0)
 看不清?
提交回复
热议问题