AES: weeNgcombolo ezintlantlu

Alithandabuzeki elokuba, abaninzi abasebenzisi ikhompyutha ukufikelela kwi Internet (hayi kuphela) ndivile kule kota, njengokuba encryption data AES. Loluphi uhlobo inkqubo, yintoni ubuchule isebenzisa yaye yintoni na isicelo, ine i ingcamango kunokuba isangqa eliqingqiweyo labantu. abasebenzisi eziqhelekileyo ngayo, niyaziyo enkulu kwaye awudingi. Noko ke, cinga le nkqubo incazelo, ingakumbi ngaphandle kokuyifunda zibalwa ngendlela entsonkothileyo izibalo kunye neefomula eziya kuba liyenze nawuphi na umntu.

Yintoni AES-lofihlo?

Masiqalise nesibakala sokuba inkqubo ngokwayo isethi algorithms ukufihla imboniselo yokuqala abathile ezosulela, wafumana okanye kugcinwe ngumsebenzisi kwi idatha kwikhompyutha. Amaninzi kusetyenziswa ubugcisa Internet njengoko kuyimfuneko ukuqinisekisa ukuba yimfihlo epheleleyo ulwazi, yaye libhekisela ebizwa njalo-algorithms twatsa ufihlo.

AES uhlobo lofihlo lubandakanya ukusetyenziswa kolwazi ukuguqulwa ngohlobo akhuselwe kwaye ekufundeni isichasi isitshixo enye, nto leyo eyaziwa, kwaye ukuthumela nokufumana icala, ngokungafaniyo Encryption twatsa, apho izitshixo ezimbini ezinikiweyo isicelo - vula iphinde ivalwe. Ngoko ke, kulula ukucinga ukuba xa omabini amaqela bayazi isitshixo echanekileyo, i-encryption khowudi yasiwa kumbhalo inkqubo yenziwa nje ngokwaneleyo.

A incinane

AES-uguqulelo okokuqala okhankanywe-2000, xa ozothatha ukhuphiswano yokhetho inkqubo ezintlantlu, nto leyo umgangatho eUnited States ukususela ngowe-1977, lo uphumeleleyo yaba algorithm Rijndael.

Ngowe-2001, AES-nkqubo iye yamkelwa ngokusesikweni njengoko omtsha Federal weeNgcombolo ezintlantlu-ntathu eziFihliweyo, yaye sele isetyenziswa ngokubanzi.

Types AES ukubethela

ubuchule Evolution ziquka izigaba eziliqela intermediate, apho ubukhulu becala yanxulunyaniswa nokonyuka ubude isitshixo. Namhlanje kukho iintlobo ezintathu eziphambili: AES-128 ufihlo, AES-192 kunye AES-256.

Igama uthetha ukuba ngokwayo. neempawu yedijithali elivumelana ubude isitshixo esetyenzisiweyo, ichazwe apha naphaya. Kwakhona, AES-ufihlo usebenza uhlobo block osebenza ngqo kunye neeyunithi data ubude esisigxina, ujiko ngamnye kubo, ngokungafaniyo ku-line ubuchule asebenza umyalezo avulekileyo phezu imiqondiso olunye, ukuguqulela ngendlela ifomu kwi khowudi. Xa AES ubude block 128 ziintanda.

Ukuthetha ulwimi isayensi, loo algorithm efanayo esebenzisa AES-256 ufihlo, akuthethi operation ngesisekelo nomelo polynomial kwemisebenzi kunye codes ekusetyenzweni kwimiboniso emacala-mabini (matrices).

Zisebenza njani?

I algorithm usebenza nzima, kodwa kubandakanya ukusetyenziswa kwezakhi ezingundoqo ezimbalwa. Ekuqaleni, matrix ezikumila kumacala mabini isetyenziswa, imijikelo ukuguqulwa (rounds), amaqhosha ngeenxa kunye neetafile reverse lobeko lokuqala.

I-encryption data iqulathe amanyathelo aliqela:

• yokubala isitshixo ngeenxa zonke;
• byte endaweni usebenzisa S-Ibhokisi itheyibhile engundoqo;
• shift ifomu usebenzisa izixa ezahlukeneyo (jonga umfanekiso ngentla.);
• ngokuxuba data ngaphakathi kumhlathi ngamnye isizalo (uyihlanganise);
• imilo Ukudibanisa kunye isitshixo ngeenxa zonke.

Kuqondwe lwenziwa ukuze reverse, kodwa endaweni kwetafile S-Ibhokisi itheyibhile usebenza yimveliso Ngokufanayo, leyo ikhankanywe ngasentla.

Ukuba umzekelo, ukuba ubude iqhosha ziikhowudi-4 kufuneka iterate kuzo zonke izigaba-16 (rounds), oko kuyimfuneko ukuba utshekishe bonke lwendibaniso ezenzekayo, eqala ngo 0000 kunye nesiphelo 1111. Kakade ke, ukhuseleko loo kuqhekeze ngokukhawuleza ngokwaneleyo. Kodwa ukuba uthatha amaqhosha ngenxa-bit 16 kufuneka amanyathelo 65.536, nangenxa-bit 256 - 1.1 x 10 ^77. Yaye ziingcali lowu yaseMelika, ngenketho olufanelekileyo indibanisela (iqhosha) luya kuthatha malunga 149 ezigidi iminyaka.

Ezisebenza xa ukucwangcisa i network xa kusenziwa: AES okanye TKIP?

Ngoku nisinga ukusetyenziswa AES-256 ukuba uguqulele kwi khowudi i data wathumela zafunyanwa iinethiwekhi ze-wireless.

Njengomgaqo, nawuphi na umzila (umzila), kukho iindlela ezininzi ukuba bakhethe: Kuphela AES, TKIP, kunye AES kuphela + TKIP. Zisetyenziswa ngokuxhomekeke olandelwayo (WEP okanye WEP2). Kodwa! System TKIP akasebenzi kuba unezinga elisezantsi yokukhusela okanye inkxaso 802.11n connectivity ngeqondo data esingadlulanga 54 Mbits / s. Ngenxa yoko, isiphelo sokusebenzisa ephambili AES nge imo yokhuseleko WPA2-PSK Kucacile, nangona ungasebenzisa zombini ubuchule nesithandwa sakhe.

Imibuzo kukuthembeka kunye nokhuseleko AES algorithm

Nangona iingxelo elikhulu leengcali, AES algorithms kusekho babuthathaka ithiyori, kuba kanye uhlobo ufihlo na inkcazelo elula algebra. Kuye kwaqatshelwa Niels Ferguson. Kwaye ngo-2002, uYosefu Nikolya Kurtua Pepshik lapapasha inqaku ukuzithethelela xa isakhono ukuhlasela XSL. Nangona kunjalo, oku ehlabathini lwezenzululwazi ebangele okuninzi impikiswano, yaye ezinye waziva ubalo lwabo engalunganga.

Kwingcingane yenziwa ngo-2005 ukuba ohlaselayo ukuba usebenzise iindlela yomntu wesithathu, kungekhona nje izibalo. Ngelo xesha omnye Uhlaselo iye ibalwe isitshixo emva kwimisebenzi 800, ngoxa abanye usifumene 2 ³² imisebenzi (ngeenxa yesibhozo).

Ngaphandle kwamathandabuzo, kube namhlanje le nkqubo kwaye ingqalelo omnye kakhulu, ukuba akukho namnye kodwa. Kwiminyaka embalwa edlulileyo kwi yomtshangatshangiso Intanethi computer, apho coder ntsholongwane (kwaye ngaxeshanye kwakhona extortionist), angena iikhompyutha ifihliwe ngokupheleleyo iinkcukacha ezifuna zokucazulula ukuba isixa icocekile imali. Kulo mzekelo, ingxelo waphawula ukuba ufihlo kwenziwa ngokusebenzisa AES1024 algorithm, leyo kwakukholelwa de kutshanje, musa ayisekho.

Njengalo okanye hayi, kodwa umphuhlisi ezininzi ezaziwayo-kakuhle software unqulo, kuquka i "Kaspersky Lab", xa uzama ukubhala Iinkcukacha zazisetyenzwa namandla. Iingcali ezininzi wavuma ukuba bango intsholongwane I Love You, kanye wathelela izigidi iikhompyutha ehlabathini lonke, ubatshabalalise inkcazelo ebalulekileyo kuthelekiswa isisongelo yajika prattle zobuntwana. Ukongeza, I Love You Okunye ijoliswe kumajelo eendaba, kwaye intsholongwane ezintsha ukufikelela kulwazi oluyimfihlo iinkampani kuphela enkulu. Noko ke, ukuba babonisa ngokucacileyo ukuba apha yasetyenziswa encryption AES-1024, akukho namnye unako.

isiphelo

Ukuba ngandlel 'ithile ezishwankathela, kunjalo sinokuthi ukuba AES-ufihlo yeyona eliphezulu kakhulu kwaye ikhuselwe, nokuba ubude weqhosha esetyenziswayo ntoni. Akumangalisi ke, ukuba lo mgangatho lisetyenziswa cryptosystems ezininzi kwaye umbono ngokwaneleyo ebanzi kuphuhliso kunye nokuphuculwa kwixesha elizayo, ingakumbi njengoko kusenokwenzeka kakhulu kunokuba kuhlanganiswa iintlobo ezininzi ufihlo kwi iqela elinye (umz, ukusetyenziswa ngaxeshanye of twatsa kunye yezi zinto okanye ibhloko kunye umsinga encryption).