|
发表于 2010-8-21 17:59:12
|
显示全部楼层
回复【4楼】tfdsensor 毛毛虫
-----------------------------------------------------------------------
WinRAR的加密用的128位AES算法(当然啦就是Rijndael),确实也是个对称分块的强加密算法。
不过WinRAR有版权问题。呵呵。(在国内这个问题当然是次要的……)
PGP也有版权,不过有开放的版本。GnuPG是类似PGP的开源软件。
这两个软件都支持非对称加密,有时还是很有用的,比如服务器小批量数据的自动备份上。
还有,WinRAR是拿字符串当密码,而不是统计上的随机数。这样通常对winrar加密文件的攻击变得比较简单。
http://www.openrce.org/forums/posts/624
这里nezumi的回帖是不是也有些参考价值呢,提到winrar的安全问题
……
there're rumors about super-key allows to decrypt _any_ WinRAR archive, knowing only to Eugene Roshal
(the creator of the WinRAR) and probably to Government guys. personally, I don't believe into this.
As far as I know, WinRAR uses AES-128bit, and it's very hard to hide back-door inside it. but, I have
no guarantee that WinRAR uses standard AES algorithm. I was researching it for years and had found some
strange differences between standard AES algorithm and WinRAR AES-like realization. but I don't know
much about AES, so, maybe it's just some soft of optimization or something like that. I'm not a
crypto-expert.
……
p.s. don't forget dictionary attack. most passwords are not absolute random. |
|