The data to be decrypted exceeds the maximum for this modulus of 36 bytes

前端 未结 2 940
时光说笑
时光说笑 2021-01-22 18:51

I\'m trying to make a password safe, but theres something wrong with how I use RSA. Heres my codes:

    private void testencodedecode()
    {
        string mehd         


        
相关标签:
2条回答
  • 2021-01-22 19:30

    There are some major issues with the method here. The first, as you mentioned in a comment on another answer is that you're using a Guid to construct the RSA modulus, which is entirely invalid. You cannot use random data to construct the public key directly for a number of reasons:

    1. The modulus must conform to a specific structure, i.e. it is the product of two large prime numbers, whereas your Guid in binary form generally will not be.
    2. In order to decrypt the RSA-encrypted data, you must know the two primes used to generate the modulus. Even if your random modulus was magically the product of two large primes you wouldn't be able to determine them, since this would require factoring the modulus, which is an intentionally difficult thing to do (indeed, the difficulty is the entire basis of RSA's security).

    You should be generating the RSA key using the RsaCryptoServiceProvider constructor e.g.:

    // Construct the RsaCryptoServiceProvider, and create a new 2048bit key
    var csp = new RsaCryptoServiceProvider(2048);
    

    The parameters for this newly generated key can then be exported:

    // Export the RSA parameters, including the private parameters
    var parameters = csp.ExportParameters(true);
    

    The parameters can then be stored (securely) and used to re-initialize the CSP for decryption later.

    There are also other obvious problems, such as the fact that the amount of data you can actually encrypt with RSA is limited by the key size, so with a 2048 bit key as created above, you can encrypt 2048 / 8 - 11 = 245 bytes (where the 11 bytes is a result of the PKCS#1 v1.5 padding that is applied). If you want to encrypt more than this, the general method is to use a symmetric cipher (e.g. AES) to encrypt the data, and then use RSA only to encrypt the AES key.

    Finally, whilst this may work, I still wouldn't rely on it for security as there are almost always issues with roll-your-own encryption schemes.

    0 讨论(0)
  • 2021-01-22 19:44

    The modulus for RSA should be at least 1024 bits (128 bytes). Anything less will be completely insecure. And for modern applications it is even recommended to use a 2048 or larger modulus.

    And secondly, you are not generating the RSA keys properly! You shouldn't just use the password as a modulus..

    The public exponent and the modulus must be chosen such that the exponent is relatively prime to p-1 for all primes p which divide the modulus. If you are just arbitrarily setting the modulus to a binary representation of a password (PWDKEY) it's unlikely that you are choosing an appropriate exponent/modulus pair. And as I said earlier the modulus must be a relatively large number, usually chosen to be 1024, 2048 or 4096 bits long.

    0 讨论(0)
提交回复
热议问题