Does encapsulating one CryptoStream in several others improve security?
I'm working on a project for Windows Phone 7 which stores highly secure information. This data is protected with a password. If I encrypt one CryptoStream within 3 other CryptoStreams (a total of 4 cryptostrea开发者_如何学JAVAms embedded in each other, each using different methods to generate the key, initialization vector, and salt). Is this method secure enough, or do I need more CryptoStreams (each one uses 256 bit AES encryption)?
It is far more likely someone will brute force or socially engineer the password than they would crack even a singly-encrypted stream since the password will generally have a smaller bitspace than the key. All encrypting it multiple times does is increase the time or effort required to brute force the password by O(n) (you really want complexity to increase by O(n^2) or more).
But if you need super-secure encryption, don't roll your own strategy, pick a DOD standard (or equivalent) and implement it.
To explain further, AES is a block cipher with three different key lengths. First part of the strategy is determining the key length you want to use. You could pick one at random, or pick the largest, but you really want to pick the best choice for your situation. Next is the actual usage of AES. Since it's a block cipher it will encode the identical plaintext into identical ciphertext, so you will want to use an initialization vector and salt and other such techniques to ensure that plaintext will become different ciphertext.
Then there's how you derive the key from the password, that may be weak. If you generate the key each time, you may have accidentally narrowed the keyspace and weakened it. You also have to take into account the random number generator that was used, as it may produce predictable values. If you use the password to unlock the key storage in some way, then your data is only as protected as that key store. If you fetch the key remotely only upon successful receipt of the password, then you've prevented off-line attacks of the data and can actively detect brute-force attacks.
Finally there's the aspect of the password itself, by far the weakest point of your encryption strategy. It doesn't matter how many ciphers you use if the user picks a weak password. That's why even if you only encrypt the data with a single 128-bit AES encryption it's more likely that an attacker will attempt to compromise the password than try to break the encryption.
Picking a set of strategies that have been tested will serve you better than coming up with your own, unless you plan to spend the requisite money on penetration testing and security audits.
For fun, read up on how TrueCrypt does it.
A single AES-256 encryption should be plenty strong enough. 4 sounds sufficiently paranoid.
精彩评论