blocks|key|279184|text|随机性意味着不可猜测的输入。如果输入是可猜测的，那么可以很容易地计算输出。那是很糟糕的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|279185|例如，Debian在其SSL实现中有一个长期存在的错误，在创建密钥时无法收集足够的随机性。这导致软件生成仅有32k个可能密钥中的一个。因此，很容易通过尝试所有32k的可能性来解密用这样的密钥加密的任何东西，考虑到今天的处理器速度，这是非常快的。|279186|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Randomness means unguessable input. If the input is guessable, then the output can be easily calculated. That is bad.

For example, Debian had a long standing bug in its SSL implementation that failed to gather enough randomness when creating a key. This resulted in the software generating one of only 32k possible keys. It is thus easily possible to decrypt anything encrypted with such a key by trying all 32k possibilities by trying them out, which is very fast given today's processor speeds.

blocks|key|3496307|text|要解密消息，您需要知道正确的密钥。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3496308|您必须尝试的密钥越多，解密消息的难度就越大。|3496309|举个极端的例子，假设根本没有随机性。当我生成一个用来加密我的消息的密钥时，我最终总是得到完全相同的密钥。无论我何时何地运行keygen程序，它都会给我相同的密钥。|3496310|这意味着任何人只要有权访问我用来生成密钥的程序，就可以轻松地解密我的消息。毕竟，他们只需要要求它也生成一个密钥，他们就会得到一个与我使用的密钥完全相同的密钥。|3496311|因此，我们需要一些随机性，使它无法预测您最终会使用哪个密钥。正如David+Schmitt提到的，Debian有一个bug，使得它只生成少量的唯一密钥，这意味着要解密Debian上默认的OpenSSL实现加密的消息，我只需要尝试这个较小数量的可能密钥。我可以忽略大量的其他有效密钥，因为Debian的SSL实现永远不会生成这些密钥。|3496312|另一方面，如果在密钥生成中有足够的随机性，就不可能猜测关于密钥的任何事情。你必须尝试每种可能的位模式。(对于128位密钥，有很多组合。)|3496313|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|O|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|P|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|Q|8|@]|9|@]|A|$]]|$1|H|3|I|5|6|7|R|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|S|8|@]|9|@]|A|$]]|$1|L|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|M|$]]

To decrypt a message, you need to know the right key.

The more possibly keys you have to try, the harder it is to decrypt the message.

Taking an extreme example, let's say there's no randomness at all. When I generate a key to use in encrypting my messages, I'll always end up with the exact same key. No matter where or when I run the keygen program, it'll always give me the same key.

That means anyone who have access to the program I used to generate the key, can trivially decrypt my messages. After all, they just have to ask it to generate a key too, and they get one identical to the one I used.

So we need some randomness to make it unpredictable which key you end up using. As David Schmitt mentions, Debian had a bug which made it generate only a small number of unique keys, which means that to decrypt a message encrypted by the default OpenSSL implementation on Debian, I just have to try this smaller number of possible keys. I can ignore the vast number of other valid keys, because Debian's SSL implementation will never generate those.

On the other hand, if there was enough randomness in the key generation, it's impossible to guess anything about the key. You have to try every possible bit pattern. (and for a 128-bit key, that's a lot of combinations.)

blocks|key|4343587|text|大多数加密操作的重要特征是，如果你有正确的信息(例如密钥)，它们很容易执行，而如果你没有这些信息，执行起来就不可行。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4343588|例如，对称加密:如果您有密钥，加密和解密就很容易。如果你没有密钥(并且对它的构造一无所知)，那么你必须着手做一些昂贵的事情，比如详尽地搜索密钥空间，或者对密码进行更有效的密码分析，这仍然需要一些非常大量的样本。|4343589|另一方面，如果您有关于密钥的可能值的任何信息，则对密钥空间的详尽搜索要容易得多(或者您的密码分析所需的样本数量要少得多)。例如，(目前)不可能通过执行2%5E128次试验解密来发现128位密钥的实际含义。如果您知道密钥材料来自您知道的时间值，而您知道的时间值不超过10亿个刻度，那么您的搜索就变得简单了340282366920938463463374607431倍。|4343590|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

The important feature of most cryptographic operations is that they are easy to perform if you have the right information (e.g. a key) and infeasible to perform if you don't have that information.

For example, symmetric cryptography: if you have the key, encrypting and decrypting is easy. If you don't have the key (and don't know anything about its construction) then you must embark on something expensive like an exhaustive search of the key space, or a more-efficient cryptanalysis of the cipher which will nonetheless require some extremely large number of samples.

On the other hand, if you have any information on likely values of the key, your exhaustive search of the keyspace is much easier (or the number of samples you need for your cryptanalysis is much lower). For example, it is (currently) infeasible to perform 2^128 trial decryptions to discover what a 128-bit key actually is. If you know the key material came out of a time value that you know within a billion ticks, then your search just became 340282366920938463463374607431 times easier.

blocks|key|3496439|text|这与密码学的一些基本原因有关：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3496440|确保邮件在传输过程中未被更改(Immutable)|3496441|Make确保邮件未在传输过程中被读取(安全)|unordered-list-item|3496442|
|3496443|3496444|3496445|确保邮件来自声称来自(Authentic)|3496446|3496447|Make的人确保邮件与之前发送的邮件不同(无Replay)|3496448|3496449|etc|3496450|3496451|有几件事你需要包括，然后，以确保上述是正确的。其中一个重要的事情是随机值。|3496452|例如，如果我用密钥加密“太多的秘密”，结果可能是"dWua3hTOeVzO2d9w“。|3496453|这有两个问题-攻击者可能更容易破解加密，因为我使用的字符集非常有限。此外，如果我再次发送相同的消息，它将完全相同。最后，攻击者可以记录它，并再次发送消息，收件人不会知道我没有发送它，即使攻击者没有破解它。|3496454|如果我在每次加密字符串时都随机添加一些垃圾，那么它不仅会增加破解的难度，而且每次加密的消息都是不同的。|3496455|上面项目符号中的密码学的其他功能是使用随机性以外的方法修复的(种子值、双向身份验证等)，但随机性解决了一些问题，并帮助解决了其他问题。|3496456|一个糟糕的随机性来源再次限制了字符集，因此它更容易破解，如果它很容易猜测，或者其他方面受到限制，那么攻击者在进行暴力破解攻击时可以尝试的路径更少。|3496457|-Adam|3496458|entityMap^0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|19|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|1A|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|1B|8|@]|9|@]|A|$]]|$1|G|3|H|5|6|7|1C|8|@]|9|@]|A|$]]|$1|I|3|-4|5|F|7|1D|8|@]|9|@]|A|$]]|$1|J|3|H|5|6|7|1E|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|1F|8|@]|9|@]|A|$]]|$1|M|3|H|5|6|7|1G|8|@]|9|@]|A|$]]|$1|N|3|O|5|F|7|1H|8|@]|9|@]|A|$]]|$1|P|3|H|5|6|7|1I|8|@]|9|@]|A|$]]|$1|Q|3|R|5|F|7|1J|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|1K|8|@]|9|@]|A|$]]|$1|T|3|U|5|6|7|1L|8|@]|9|@]|A|$]]|$1|V|3|W|5|6|7|1M|8|@]|9|@]|A|$]]|$1|X|3|Y|5|6|7|1N|8|@]|9|@]|A|$]]|$1|Z|3|10|5|6|7|1O|8|@]|9|@]|A|$]]|$1|11|3|12|5|6|7|1P|8|@]|9|@]|A|$]]|$1|13|3|14|5|6|7|1Q|8|@]|9|@]|A|$]]|$1|15|3|16|5|6|7|1R|8|@]|9|@]|A|$]]|$1|17|3|-4|5|6|7|1S|8|@]|9|@]|A|$]]]|18|$]]

It has to do with some of the basic reasons for cryptography:

<ul>
<li>Make sure a message isn't altered in transit (Immutable)</li>
<li>Make sure a message isn't read in transit (Secure)</li>
<li>Make sure the message is from who it says it's from (Authentic)</li>
<li>Make sure the message isn't the same as one previously sent (No Replay)</li>
<li>etc</li>
</ul>

There's a few things you need to include, then, to make sure that the above is true. One of the important things is a random value.

For instance, if I encrypt "Too many secrets" with a key, it might come out with "dWua3hTOeVzO2d9w" 

There are two problems with this - an attacker might be able to break the encryption more easily since I'm using a very limited set of characters. Further, if I send the same message again, it's going to come out exactly the same. Lastly, and attacker could record it, and send the message again and the recipient wouldn't know that I didn't send it, even if the attacker didn't break it.

If I add some random garbage to the string each time I encrypt it, then not only does it make it harder to crack, but the encrypted message is different each time.

The other features of cryptography in the bullets above are fixed using means other than randomness (seed values, two way authentication, etc) but the randomness takes care of a few problems, and helps out on other problems.

A bad source of randomness limits the character set again, so it's easier to break, and if it's easy to guess, or otherwise limited, then the attacker has fewer paths to try when doing a brute force attack. 

-Adam

blocks|key|4343639|text|密码学中的一种常见模式如下(将文本从alice发送到bob)：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4343640|Take+plaintext+p
Generate+random+k
Encrypt+p+with+k+using+symmetric+encryption,+producing+crypttext+c
Encrypt+k+with+bob's+private+key,+using+asymmetric+encryption,+producing+x
Send+c%2Bx+to+bob
Bob+reverses+the+processes,+decrypting+x+using+his+private+key+to+obtain+k|code-block|syntax|javascript|4343641|这种模式的原因是对称加密比非对称加密快得多。当然，它依赖于一个好的随机数生成器来产生k，否则坏人只能猜到它。|4343642|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

A common pattern in cryptography is the following (sending text from alice to bob):

<pre><code>Take plaintext p
Generate random k
Encrypt p with k using symmetric encryption, producing crypttext c
Encrypt k with bob's private key, using asymmetric encryption, producing x
Send c+x to bob
Bob reverses the processes, decrypting x using his private key to obtain k
</code></pre>

The reason for this pattern is that symmetric encryption is much faster than asymmetric encryption. Of course, it depends on a good random number generator to produce k, otherwise the bad guys can just guess it.

blocks|key|279387|text|从Project+Euler中解出this问题，它将真正将“许多随机性”为你所做的事情带回家。当我看到这个问题时，我首先想到的就是这个问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|279388|使用他在那里谈到的方法，你可以很容易地看到“更多的随机性”会给你带来什么。|279389|entityMap|0|LINK|mutability|MUTABLE|url|http://projecteuler.net/index.php?section=problems&id=59^0|H|4|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

Work out <a href="http://projecteuler.net/index.php?section=problems&amp;id=59" rel="nofollow noreferrer">this</a> problem from Project Euler, and it will really drive home what "lots of randomness" will do for you. When I saw this question, that was the first thing that popped into my mind.

Using the method he talks about there, you can easily see what "more randomness" would gain you.

blocks|key|1006844|text|一篇很好的论文概述了为什么不小心随机性会导致不安全感：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1006845|1006846|http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html|unordered-list-item|offset|length|1006847|1006848|本文描述了在1995年，Netscape浏览器的密钥SSL实现是如何由于PRNG播种问题而容易被猜测SSL密钥的。|1006849|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|0|1K|0|0|0|0^^$0|@$1|2|3|4|5|6|7|R|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|S|8|@]|9|@]|A|$]]|$1|C|3|D|5|E|7|T|8|@]|9|@$F|U|G|V|1|W]]|A|$]]|$1|H|3|-4|5|6|7|X|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|Y|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]]|L|$M|$5|N|O|P|A|$Q|D]]]]

A pretty good paper that outlines why not being careful with randomness can lead to insecurity:

<ul>
<li><a href="http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html" rel="nofollow noreferrer">http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html</a></li>
</ul>

This describes how back in 1995 the Netscape browser's key SSL implementation was vulnerable to guessing the SSL keys because of a problem seeding the PRNG.

blocks|key|4343733|text|这里有一个“纸牌游戏”的类比:假设我们用同一副纸牌玩了几轮游戏。两轮之间的牌洗牌是随机性的主要来源。如果我们没有正确地洗牌，你可以通过预测纸牌来击败这个游戏。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4343734|当您使用较差的随机性来源来生成加密密钥时，可以显著降低密钥值的熵(或不确定性)。这可能会损害加密，因为它使得在密钥空间上进行暴力搜索变得容易得多。|4343735|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Here's a "card game" analogy: Suppose we play several rounds of a game with the same deck of cards. The shuffling of the deck between rounds is the primary source of randomness. If we didn't shuffle properly, you could beat the game by predicting cards.

When you use a poor source of randomness to generate an encryption key, you significantly reduce the entropy (or uncertainty) of the key value. This could compromise the encryption because it makes a brute-force search over the key space much easier.

I've seen it mentioned in many places that randomness is important for generating keys for symmetric and asymmetric cryptography and when using the keys to encrypt messages. 

Can someone provide an explanation of how security could be compromised if there isn't enough randomness?

Why do you need lots of randomness for effective encryption?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

我在许多地方都看到，随机性对于生成对称和非对称密码学的密钥以及使用密钥加密消息非常重要。有人能解释一下，如果没有足够的随机性，安全性如何会受到损害吗？

问为什么你需要大量的随机性来进行有效的加密？
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问为什么你需要大量的随机性来进行有效的加密？EN