Java – is this AES encryption secure enough?

Java

I from http://www.ravenblast.com/index.php/blog/android-password-text-encryption/ Having obtained this code, although it is effective, I increasingly doubt that it is not safe enough According to other sources, there seems to be no initialization vector

public static String encrypt(String toEncrypt,byte[ ] key) throws Exception {
    SecretKeySpec skeySpec = new SecretKeySpec(key,"AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE,skeySpec);
    byte[ ] encryptedBytes = cipher.doFinal(toEncrypt.getBytes());
    String encrypted = Base64.encodeBytes(encryptedBytes);
    return encrypted;
}

public static String decrypt(String encryptedText,"AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE,skeySpec);
    byte[] toDecrypt = Base64.decode(encryptedText);
    byte[] encrypted = cipher.doFinal(toDecrypt);
    return new String(encrypted);
}

Solution

Yes, it's not very safe There is no IV because there is no block link

AES algorithm can only encrypt 128 byte blocks, regardless of the size of the key (it is irrelevant) How these blocks are linked together is another problem The simplest way is to encrypt each block separately from other blocks (ECB mode), as if they were separate messages The Wikipedia article I link to tells you when and why it's not safe. Other methods (i.e. CBC mode) are preferred

When you do cipher, cipher = cipher getInstance(“AES”); You will get the AES password in ECB mode There is no immediate danger, but if your message has a recurring pattern, it can lead to the following:

Original text: encryption:

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>