我正在python3中使用pycrpytodomex库。这里我在生成RSA密钥时使用了一个密码短语:
from Cryptodome.PublicKey import RSA
def encrypt(pass1):
key = RSA.generate(2048)
encrypted_key = key.exportKey(passphrase=pass1, pkcs=8, protection="scryptAndAES128-CBC").decode('utf')
return encrypted_key
我已经放入了一个24字符的phassphrase,这是输出:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFJTBPBgkqhkiG9w0BBQ0wQjAhBgkrBgEEAdpHBAswFAQIpUW82j76E18CAkAA
AgEIAgEBMB0GCWCGSAFlAwQBAgQQKDB2dU0KvLw9KvDq/pkRRgSCBNAru/ZpRI7o
pHIVVXb8iEuQUc+suZXwH9IBTJzzjMAq1iEETWSCzMB1VWz+PBJ8RmUB0qEie0Cf
Kg6/j0tw3dcZ7P48GXjzFvV4e5gaFtGy4khjGSa5/T97n/pi5oZZ7qsnJRktlxdS
1E2nceChpQwLUPdkVkeG5F3iWc2U9Pgh165m5GSg+ai3Dl7YpJEvhA7LQv55a4kZ
HuTjTnoMxakaA4ncYJoQhiZ0cGKZrnBoAWB7tAwVwnNwobTUpIuReeIJYd+B09gl
ZaiTTJQQAyJ60hRz+bQQioT2HBg1nXi+9KzwPw1AMUY0nU9Y8kUMNtjUzbv7Y2Av
2KiVtlFZ4ottihCWX9W85UQ4gQ4o4/ZyT5B4b1VMiUTO7pCaheHfqPokGU9/MzPO
aZCqDL43efebKqdJ6ZJr0aTkJlAGWxHLJrvd87Fh5yvPdkTvZh++0xHcmHigtpDB
Ufe+jJJE9Xr6VpOtecW8KkVhmC3I6MwnwyhNn3vtSRfGWZi/V23DpdwFUXb8gZSe
Qou7GdjMZ5VXalhrqbVmz1RaS4yTPkXhd71hHZHkWF6jQmNfIZaBAGum7FRF8zgz
PmHvb3nbfYAwHz/I/fHOqsFM8N9UvTnHK5JLSfhKosdUtrq3Hotu6iU7EzLgl7qt
k1yfVbKiyMUFOFbU4n8hmOKy7eVpv1UW7Dh4guq/9xd7vBRZC03gSUBhJY1lj45p
vMqeASkwVSENHoHWS+jkuPgq6IrgYsF3VPfUw3hy0xhj9PSZoArikMaifIRjVwwq
Ayltn5yAU0wbAygwrnHG64t9MdFnoy3RvWe43sG7D+6wzrz53tUKqujV1Ve7rSmG
G6HoXNvwKpVCdGaURbgpac+UaDFwSKkcPEReMMEw46HvH6/s1Ufxv/ecQb1ac0dh
DgkiSNUPSAPDOhRxiI/NzGxny50IkIcI8HwigYFZkTZn081kaps9NEV8L/KfzmNn
KnJO9H3018BMR3TAPGsntUunjfTS9bVoUlYCcbSX/Xpz+sGjWJnnF9KdbpUPLTS2
B/YwvPaU6EtoehfavWX5qIA670hiPSwSGlbdT7KVx5cTzDuk5gOQCFGNWoosoPCV
SyeNpS/IUbPpk6s2mvQRoX09XsfzTqYkApByBdErEHWinkSmyrPNRdi/NXBerWW2
EKPQQw6dwO6RkD9sAv9ncoFkW6b3kn7FiUoFEhUUeVi4tfP3YcSiKzcSvNxgdc9x
KuRzfq+HD8DgHxgY4wciJxcErK52/snrV0vvkf6l2IczQV2tw5tDWF476E0iI2cV
7+ycp9crAjfS9nuMUr2RTZV0x9J1jc8pIZyocTfLMPHaqR5P9LmKmDfoy1U29PKu
TiiFagL2Ukon1r1KAIDlfHZP6MfqTWfxyfhfAMzRCDgR4uJAZi+JEeiZg21Y7caI
tBN5A92Ymiw7jIalAdUT7t1JOwF635c/fc8m33JNYQF+v8GCDBRFoPN2YpsT5ZvJ
P2EbcCNJxcqrSrf4SJl+tPkSuJPCQfeyX3MmyI9TEN5BPlCSpsDsO6VzRuDuGkMq
/JwN4VTltFD02Zhl+KotUkEjKsWLzIcIvaMMIh9jEcT+8TvRnWgBbwTpgIw/LDtv
Gv6LSf9906/YcHVI1xJRF2yTTWVFdLF04Q==
-----END ENCRYPTED PRIVATE KEY-----
我可以使用下面的函数用加密的密钥字符串验证密码短语:
def decrypt(encoded_key,pass1):
try:
key = RSA.import_key(encoded_key, passphrase=pass1)
return True
except ValueError:
return False
假设一个人只有私钥而没有密码短语(即你)。是否仍然有可能使用此私钥派生密码短语?替代方案:是否有可能构造任何将在上面的decrypt()函数上返回True的密码短语?
您能找出上面密钥的(或有效的)密码短语是什么吗?这需要多少计算能力和时间?
scryptAndAES128-CBC
不可能从密文中推导出密码(据我们目前所知)
您能找到上面键
的(或有效的)密码短语是什么吗?
密码的问题在于人。重复使用密码,使用简单密码,…
通常使用字典和组合工具查找密码。所以问题是如何"可猜测"或者使用随机密码