Fatal编程技术网
  • security/
  • Security 多个字符串Base64解码为同一字节数组

Security 多个字符串Base64解码为同一字节数组

security http encryption

Security 多个字符串Base64解码为同一字节数组,security,http,encryption,base64,Security,Http,Encryption,Base64,我有一个字节数组(我们称之为加密消息),我使用Base64编码来获取输出字符串(我们称之为令牌)。稍后,我将对该令牌进行Base64解码,以恢复原始加密消息 出于测试目的,我尝试在令牌中注入一个随机位翻转,以验证在翻转随机位时加密/身份验证确实失败。99%的情况确实如此。1-3%的情况下,这种情况不会发生。我已将其调试回以下行为:2个不同的令牌,在Base64解码时都会产生相同的字节数组 ,但在我的例子中,2个令牌实际上在中间有所不同。 这种情况发生的频率也非常令人费解。假设字节缓冲区中有~1k

我有一个字节数组(我们称之为加密消息),我使用Base64编码来获取输出字符串(我们称之为令牌)。稍后,我将对该令牌进行Base64解码,以恢复原始加密消息

出于测试目的,我尝试在令牌中注入一个随机位翻转,以验证在翻转随机位时加密/身份验证确实失败。99%的情况确实如此。1-3%的情况下,这种情况不会发生。我已将其调试回以下行为:2个不同的令牌,在Base64解码时都会产生相同的字节数组

,但在我的例子中,2个令牌实际上在中间有所不同。 这种情况发生的频率也非常令人费解。假设字节缓冲区中有~1kB,即使1-2个字节仅用于填充且没有意义,随机位翻转命中填充字节的几率也应为~0.1%。我发现这种行为的发生率超过1%

这种行为合理吗?还是我的代码中有更深层次的问题

<强>问题摘要< /强>:在BASE64解码时,2个不同的字符串是否有可能在中间产生1位翻转,以产生相同的字节数组?对于具有1个随机位翻转的1kB缓冲区,1%的时间发生这种情况是否合理

详细信息

我使用Java的BASE64编码器/解码器类来执行下面的所有操作

String token = new BASE64Encoder().encode(encryptedMessage);
...
byte[] tokenBytes = token.getBytes();
int randomIndex = new Random().nextInt(tokenBytes.length);
int randomBit = 1 << new Random().nextInt(8);
tokenBytes[randomIndex] ^= randomBit;
token = new String(tokenBytes)
....
byte[] finalEncryptedMessage = new BASE64Decoder().decodeBuffer(token);
checkFinalEncryptedMessage!=initialEncryptedMessage
原始令牌(在上述Base64编码之后):

损坏的令牌(参见第7行的位翻转/替换为?)

Base64解码上述内容后的最终加密消息:

[52, -11, 14, -3, 10, 92, 65, -46, -54, -25, 117, -126, 15, 2, -72, 123, -119, 111, -115, 114, -11, 48, -6, 47, 72, -47, 117, 76, -17, 82, 98, 23, 124, -99, 92, -45, 92, 48, -116, 20, -90, 52, 94, -25, -116, 7, 112, -51, 20, -2, -66, 126, 11, 117, 81, 33, 27, -116, -46, -115, -64, -7, -83, 78, -113, 85, -106, -70, 46, 35, 42, -51, 118, -40, 40, 99, -29, -78, -117, -34, -65, -49, -18, -98, -84, 79, -115, -42, 93, 55, -115, -71, 6, 8, 106, -11, -5, 12, 11, -61, -9, -31, -114, 112, -119, 31, 37, 125, -9, 82, -53, 90, -43, 77, -53, -114, 118, 9, -68, 93, -48, 116, -116, 54, -82, 6, -52, 64, -66, 54, -34, 51, -3, -83, 49, -79, 81, -88, -122, -113, 6, -102, -11, 60, -128, 12, -105, -66, 4, -80, -2, -106, -73, 117, 55, -14, 96, 96, 107, -41, 16, 10, -83, -60, -88, -25, 49, -30, 19, 48, -85, -65, -70, -90, 0, -43, 100, 7, -106, 77, 70, -8, -87, 16, 108, 49, 102, -91, 41, -31, -45, 101, 61, -11, 108, -23, -117, 16, 52, -30, -46, -106, 78, 114, 64, -31, -82, 40, -109, 97, 61, -54, 50, -70, -106, -82, -21, -14, 78, -93, 101, -68, 107, 22, 18, 115, 3, 125, 44, -106, 126, -109, 8, -90, -81, 118, -34, 98, -111, -73, -67, -39, -51, -85, -104, 41, -37, 31, -29, 26, -114, -88, -116, -89, 27, -36, 74, -99, 101, -13, 76, 126, 1, -32, 59, 80, -102, -93, -92, 30, -49, -87, -28, -70, 88, 16, 117, 37, -49, 56, -6, 106, -74, -60, -71, -72, -91, -81, -9, -122, 53, -126, 28, -16, -126, -14, -24, -89, 19, -17, 20, 110, -25, 73, -74, 67, -65, 78, 103, 107, 116, -63, 84, -113, -114, -114, 24, 66, -6, -74, -71, 126, -112, 68, -37, 117, -88, 92, -13, 39, 18, -44, 92, 97, -84, -111, -118, -13, -73, -60, 69, -43, 74, 38, -89, 82, 74, 33, -41, 73, 87, 12, -114, 0, -48, 80, 1, -79, -53, -19, -4, 60, -8, 108, -85, -54, 104, 36, 77, -6, 30, 78, -104, 120, 33, 85, -87, -86, -57, -102, 97, -111, 43, 29, -63, 103, 101, 57, 64, 124, 53, -43, 118, 103, 107, 77, -97, 81, 90, 90, -102, 28, -57, 26, 18, -26, -21, 92, 36, -83, 22, 57, -33, 112, 1, -46, -23, -51, 121, 68, 45, -89, -25, -42, 103, 30, -113, -120, 36, 0, 19, 60, -28, 15, -63, -8, 97, -117, -69, -86, -55, -114, -89, -78, -5, -60, 86, 41, 117, -85, -38, -106, 2, -126, -107, 89, -93, -72, 20, 11, 48, 117, -57, -52, -9, 29, 54, -28, -13, 95, -100, 62, 107, -126, -22, -110, 40, -14, -110, 22, -10, -107, -87, -8, 45, -117, -3, -59, 22, 68, 92, 97, 48, -47, 90, 72, -13, 116, 50, 86, -44, -106, 95, -30, -89, 6, -69, 77, -64, 98, -110, 40, -59, -60, 58, 58, -11, -83, 81, -59, 65, 56, 105, 94, -2, 110, 73, 125, 46, 42, -52, 68, -28, 25, 97, -111, -98, -51, -50, 43, -31, -92, -88, 99, 26, -81, -62, 104, -117, -87, 70, -75, 26, -68, 18, -35, -4, 92, 79, -63, -24, 42, 34, 96, 63, -78, 58, -52, -71, 79, -121, 81, 65, 69, -24, -23, 55, -49, 10, 11, 33, -2, -8, 105, -95, -15, 6, 66, -121, 13, -124, -21, -103, -30, -56, -72, -44, 61, -67, -24, 96, -81, 20, -38, -21, -93, -35, 25, -105, -116, -15, -3, 71, 77, 0, -108, 85, 63, -114, 82, 31, -28, -61, -116, 74, 9, -1, -88, 67, 92, 14, 1, -90, -55, 105, -31, 5, -91, 123, 105, 2, -44, 71, 31, 8, 6, -68, 5, -35, 66, 112, 120, -38, 48, 85, 67, 89, -103, -43, 29, 120, 16, -4, 53, 72, -36, -56, 9, 42, -32, -98, -24, 66, 70, 54, -112, 73, -59, -124, 4, -51, 84, -120, 1, -18, -70, 66, -85, 27, 127, -85, -19, 117, -91, -63, 94, -46, 97, -35, -105, -84, -81, -118, -81, 107, 63, 65, -109, -36, -49, 111, -8, 77, 57, -91, -49, 2, 93, 103, 71, 48, 38, 28, 102, 9, -13, 25, 121, 95, -75, 69, -74, -18, -112, -122, -59, 17, -26, 81, 123, 54, 56, -127, -92, 32, 12, 86, 103, -84, 39, -18, 78, 100, 62, -78, -56, 84, -65, 80, -78, 102, -9, -48, 73, -98, 118, 74, 116, 39, -103, -127, 33, 48, -6, -48, 10, -69, -11, 118, -51, 1, -56, -59, -48, 103, -105, -109, -29, -100, 77, 66, 4, -85, -93, 46, -64, 61, -57, -111, -29, 89, -25, 126, -89, 65, -32, 33, -65, -70, 36, -19, -18, -79, 88, -79, 20, -91, -71, 13, -114, -44, 68, -14, -48, 106, -46, 105, 126, -6, -72, 113, -117, -46, 9, 27, -55, 113, 19, -69, -15, 36, -117, -90, 35, 122, 64, -108, -56]
简短的回答是“不”

任何bytestream B都只有一个base64编码E。编码流E是唯一有效的bytestream,可以解码为bytestream B。这就是B64的工作方式

在您的示例中,您将字符串中的一个字符更改为标准base64中的无效字符。解码器如何处理这一问题将取决于具体的实现。

简短的回答是“否”

任何bytestream B都只有一个base64编码E。编码流E是唯一有效的bytestream,可以解码为bytestream B。这就是B64的工作方式

在您的示例中,您将字符串中的一个字符更改为标准base64中的无效字符。解码器如何处理这一问题将取决于具体实现。

您已将该字符更改为无效的base64字符。因此,结果将是特定于解码器的

测试表明,某些base64解码器比其他解码器更好地处理无效的base64字符。最好的解决方案是使用Base64解码器,并记录符合您期望的错误行为。现在Java8中有两个,一个是Java8中首次出现的,还有一些方法至少从Java6开始就存在了。还有其他的类,比如iHarder base64类,它描述了它和其他base64解码器,以及中的base64解码器

请注意,上面提供的一些库在解码无效的Base64字符时也不会引发异常。这是我通过实验不同的Base64库发现的。最终,我通过显式检查位翻转是否产生Base64字符解决了这个问题。如果没有,我会取消位翻转并选择一个新的位进行翻转。

您已将该字符更改为无效的base64字符。因此,结果将是特定于解码器的

测试表明,某些base64解码器比其他解码器更好地处理无效的base64字符。最好的解决方案是使用Base64解码器,并记录符合您期望的错误行为。现在Java8中有两个,一个是Java8中首次出现的,还有一些方法至少从Java6开始就存在了。还有其他的类,比如iHarder base64类,它描述了它和其他base64解码器,以及中的base64解码器

请注意,上面提供的一些库在解码无效的Base64字符时也不会引发异常。这是我通过实验不同的Base64库发现的。最终,我通过显式检查位翻转是否产生Base64字符解决了这个问题。如果没有,我会取消位翻转并选择一个新位进行翻转。

您有什么身份验证?你到底希望发生什么?当加密“失败”时到底会发生什么?@JamesKPolk感谢您的关注。我想避免陷入关于加密的讨论中,因为我的问题不是关于加密的。这纯粹是关于Base64编码/解码的。如果我必须在1行中总结我的问题:2个不同的字符串是否可能在中间被1位翻转,当Base64解码时产生相同的字节数组?对于具有1个随机位翻转的1kB缓冲区,1%的时间发生这种情况是否合理?base64编码是一对一的。更改任何字符都保证在解码时生成不同的字节数组。您已将该字符更改为无效的base64字符。因此,结果将是特定于解码器的。然而,我希望大多数解码器要么抛出异常,要么忽略字符。不管怎样,你都不会得到同样的结果。我不知道您正在使用的特定base64类。哦,那个BaseDecoder类。这无疑是sun.misc.base64解码器。这些是内部类,不应使用。它们是未记录的,特别是它们的错误行为是未记录的。对于java 8,java.util.Base64是一个更好的选择。您有什么身份验证?你到底希望发生什么?当加密“失败”时到底会发生什么?@JamesKPolk感谢您的关注。我想避免陷入关于加密的讨论中,因为那不是什么 
NPUO/QpcQdLK53WCDwK4e4lvjXL1MPovSNF1TO9SYhd8nVzTXDCMFKY0XueMB3DNFP6+fgt1USEb
jNKNwPmtTo9VlrouIyrNdtgoY+Oyi96/z+6erE+N1l03jbkGCGr1+wwLw/fhjnCJHyV991LLWtVN
y452Cbxd0HSMNq4GzEC+Nt4z/a0xsVGoho8GmvU8gAyXvgSw/pa3dTfyYGBr1xAKrcSo5zHiEzCr
v7qmANVkB5ZNRvipEGwxZqUp4dNlPfVs6YsQNOLSlk5yQOGuKJNhPcoyupau6/JOo2W8axYScwN9
LJZ+kwimr3beYpG3vdnNq5gp2x/jGo6ojKcb3EqdZfNMfgHgO1Cao6Qez6nkulgQdSXPOPpqtsS5
uKWv94Y1ghzwgvLopxPvFG7nSbZDv05na3TBVI+OjhhC+ra5fpBE23WoXPMnEtRcYayRivO3xEXV
SianUkoh10lXDI4A0FABscvt/Dz4bKvKaCRN+h5OmHghVamqx5phkSsdwWdlOUB8NdV2Z2tNn1Fa
WpocxxoS5utcJK0WOd9wAdLpzXlELafn1mcej4gkABM85A/B+GGLu6rJjqey+8RWKXWr2pYCgpVZ
o7gUCzB1x8z3HTbk81+cPmuC6pIo8pIW9pWp+C2L/cUWRFxhMNFaSPN0MlbUll/ipwa7TcBikijF
xDo69a1RxUE4aV7+bkl9LirMROQZYZGezc4r4aSoYxqvwmiLqUa1GrwS3fxcT8HoKiJgP7I6zLlP
h1FBRejpN88KCyH++Gmh8QZChw2E65niyLjUPb3oYK8U2uuj3RmXjPH9R00AlFU/jlIf5MOMSgn/
qENcDgGmyWnhBaV7aQLURx8IBrwF3UJweNowVUNZmdUdeBD8NUjcyAkq4J7oQkY2kEnFhATNVIgB
7rpCqxt/q+11pcFe0mHdl6yviq9rP0GT3M9v+E05pc8CXWdHMCYcZgnzGXlftUW27pCGxRHmUXs2
OIGkIAxWZ6wn7k5kPrLIVL9Qsmb30Emedkp0J5mBITD60Aq79XbNAcjF0GeXk+OcTUIEq6MuwD3H
keNZ536nQeAhv7ok7e6xWLEUpbkNjtRE8tBq0ml++rhxi9IJG8lxE7vxJIumI3pAlMg=

NPUO/QpcQdLK53WCDwK4e4lvjXL1MPovSNF1TO9SYhd8nVzTXDCMFKY0XueMB3DNFP6+fgt1USEb
jNKNwPmtTo9VlrouIyrNdtgoY+Oyi96/z+6erE+N1l03jbkGCGr1+wwLw/fhjnCJHyV991LLWtVN
y452Cbxd0HSMNq4GzEC+Nt4z/a0xsVGoho8GmvU8gAyXvgSw/pa3dTfyYGBr1xAKrcSo5zHiEzCr
v7qmANVkB5ZNRvipEGwxZqUp4dNlPfVs6YsQNOLSlk5yQOGuKJNhPcoyupau6/JOo2W8axYScwN9
LJZ+kwimr3beYpG3vdnNq5gp2x/jGo6ojKcb3EqdZfNMfgHgO1Cao6Qez6nkulgQdSXPOPpqtsS5
uKWv94Y1ghzwgvLopxPvFG7nSbZDv05na3TBVI+OjhhC+ra5fpBE23WoXPMnEtRcYayRivO3xEXV
SianUkoh10lXDI4A0FABscvt?Dz4bKvKaCRN+h5OmHghVamqx5phkSsdwWdlOUB8NdV2Z2tNn1Fa
WpocxxoS5utcJK0WOd9wAdLpzXlELafn1mcej4gkABM85A/B+GGLu6rJjqey+8RWKXWr2pYCgpVZ
o7gUCzB1x8z3HTbk81+cPmuC6pIo8pIW9pWp+C2L/cUWRFxhMNFaSPN0MlbUll/ipwa7TcBikijF
xDo69a1RxUE4aV7+bkl9LirMROQZYZGezc4r4aSoYxqvwmiLqUa1GrwS3fxcT8HoKiJgP7I6zLlP
h1FBRejpN88KCyH++Gmh8QZChw2E65niyLjUPb3oYK8U2uuj3RmXjPH9R00AlFU/jlIf5MOMSgn/
qENcDgGmyWnhBaV7aQLURx8IBrwF3UJweNowVUNZmdUdeBD8NUjcyAkq4J7oQkY2kEnFhATNVIgB
7rpCqxt/q+11pcFe0mHdl6yviq9rP0GT3M9v+E05pc8CXWdHMCYcZgnzGXlftUW27pCGxRHmUXs2
OIGkIAxWZ6wn7k5kPrLIVL9Qsmb30Emedkp0J5mBITD60Aq79XbNAcjF0GeXk+OcTUIEq6MuwD3H
keNZ536nQeAhv7ok7e6xWLEUpbkNjtRE8tBq0ml++rhxi9IJG8lxE7vxJIumI3pAlMg=

[52, -11, 14, -3, 10, 92, 65, -46, -54, -25, 117, -126, 15, 2, -72, 123, -119, 111, -115, 114, -11, 48, -6, 47, 72, -47, 117, 76, -17, 82, 98, 23, 124, -99, 92, -45, 92, 48, -116, 20, -90, 52, 94, -25, -116, 7, 112, -51, 20, -2, -66, 126, 11, 117, 81, 33, 27, -116, -46, -115, -64, -7, -83, 78, -113, 85, -106, -70, 46, 35, 42, -51, 118, -40, 40, 99, -29, -78, -117, -34, -65, -49, -18, -98, -84, 79, -115, -42, 93, 55, -115, -71, 6, 8, 106, -11, -5, 12, 11, -61, -9, -31, -114, 112, -119, 31, 37, 125, -9, 82, -53, 90, -43, 77, -53, -114, 118, 9, -68, 93, -48, 116, -116, 54, -82, 6, -52, 64, -66, 54, -34, 51, -3, -83, 49, -79, 81, -88, -122, -113, 6, -102, -11, 60, -128, 12, -105, -66, 4, -80, -2, -106, -73, 117, 55, -14, 96, 96, 107, -41, 16, 10, -83, -60, -88, -25, 49, -30, 19, 48, -85, -65, -70, -90, 0, -43, 100, 7, -106, 77, 70, -8, -87, 16, 108, 49, 102, -91, 41, -31, -45, 101, 61, -11, 108, -23, -117, 16, 52, -30, -46, -106, 78, 114, 64, -31, -82, 40, -109, 97, 61, -54, 50, -70, -106, -82, -21, -14, 78, -93, 101, -68, 107, 22, 18, 115, 3, 125, 44, -106, 126, -109, 8, -90, -81, 118, -34, 98, -111, -73, -67, -39, -51, -85, -104, 41, -37, 31, -29, 26, -114, -88, -116, -89, 27, -36, 74, -99, 101, -13, 76, 126, 1, -32, 59, 80, -102, -93, -92, 30, -49, -87, -28, -70, 88, 16, 117, 37, -49, 56, -6, 106, -74, -60, -71, -72, -91, -81, -9, -122, 53, -126, 28, -16, -126, -14, -24, -89, 19, -17, 20, 110, -25, 73, -74, 67, -65, 78, 103, 107, 116, -63, 84, -113, -114, -114, 24, 66, -6, -74, -71, 126, -112, 68, -37, 117, -88, 92, -13, 39, 18, -44, 92, 97, -84, -111, -118, -13, -73, -60, 69, -43, 74, 38, -89, 82, 74, 33, -41, 73, 87, 12, -114, 0, -48, 80, 1, -79, -53, -19, -4, 60, -8, 108, -85, -54, 104, 36, 77, -6, 30, 78, -104, 120, 33, 85, -87, -86, -57, -102, 97, -111, 43, 29, -63, 103, 101, 57, 64, 124, 53, -43, 118, 103, 107, 77, -97, 81, 90, 90, -102, 28, -57, 26, 18, -26, -21, 92, 36, -83, 22, 57, -33, 112, 1, -46, -23, -51, 121, 68, 45, -89, -25, -42, 103, 30, -113, -120, 36, 0, 19, 60, -28, 15, -63, -8, 97, -117, -69, -86, -55, -114, -89, -78, -5, -60, 86, 41, 117, -85, -38, -106, 2, -126, -107, 89, -93, -72, 20, 11, 48, 117, -57, -52, -9, 29, 54, -28, -13, 95, -100, 62, 107, -126, -22, -110, 40, -14, -110, 22, -10, -107, -87, -8, 45, -117, -3, -59, 22, 68, 92, 97, 48, -47, 90, 72, -13, 116, 50, 86, -44, -106, 95, -30, -89, 6, -69, 77, -64, 98, -110, 40, -59, -60, 58, 58, -11, -83, 81, -59, 65, 56, 105, 94, -2, 110, 73, 125, 46, 42, -52, 68, -28, 25, 97, -111, -98, -51, -50, 43, -31, -92, -88, 99, 26, -81, -62, 104, -117, -87, 70, -75, 26, -68, 18, -35, -4, 92, 79, -63, -24, 42, 34, 96, 63, -78, 58, -52, -71, 79, -121, 81, 65, 69, -24, -23, 55, -49, 10, 11, 33, -2, -8, 105, -95, -15, 6, 66, -121, 13, -124, -21, -103, -30, -56, -72, -44, 61, -67, -24, 96, -81, 20, -38, -21, -93, -35, 25, -105, -116, -15, -3, 71, 77, 0, -108, 85, 63, -114, 82, 31, -28, -61, -116, 74, 9, -1, -88, 67, 92, 14, 1, -90, -55, 105, -31, 5, -91, 123, 105, 2, -44, 71, 31, 8, 6, -68, 5, -35, 66, 112, 120, -38, 48, 85, 67, 89, -103, -43, 29, 120, 16, -4, 53, 72, -36, -56, 9, 42, -32, -98, -24, 66, 70, 54, -112, 73, -59, -124, 4, -51, 84, -120, 1, -18, -70, 66, -85, 27, 127, -85, -19, 117, -91, -63, 94, -46, 97, -35, -105, -84, -81, -118, -81, 107, 63, 65, -109, -36, -49, 111, -8, 77, 57, -91, -49, 2, 93, 103, 71, 48, 38, 28, 102, 9, -13, 25, 121, 95, -75, 69, -74, -18, -112, -122, -59, 17, -26, 81, 123, 54, 56, -127, -92, 32, 12, 86, 103, -84, 39, -18, 78, 100, 62, -78, -56, 84, -65, 80, -78, 102, -9, -48, 73, -98, 118, 74, 116, 39, -103, -127, 33, 48, -6, -48, 10, -69, -11, 118, -51, 1, -56, -59, -48, 103, -105, -109, -29, -100, 77, 66, 4, -85, -93, 46, -64, 61, -57, -111, -29, 89, -25, 126, -89, 65, -32, 33, -65, -70, 36, -19, -18, -79, 88, -79, 20, -91, -71, 13, -114, -44, 68, -14, -48, 106, -46, 105, 126, -6, -72, 113, -117, -46, 9, 27, -55, 113, 19, -69, -15, 36, -117, -90, 35, 122, 64, -108, -56]