TripleDES: Specified key is a known weak key for #39;TripleDES#39; and cannot be used(TripleDES:指定的密钥是“TripleDES的已知弱密钥,不能使用)


我正在使用 .NET 3.0 类 System.Security.Cryptography.MACTripleDES 类来生成 MAC 值.不幸的是,我正在使用一个使用1111111111111111"(作为十六进制)作为单长 DES 密钥的硬件设备.System.Security.Cryptography 库会对密钥进行一些完整性检查,如果您尝试使用加密弱密钥,则会返回异常.

I'm using the .NET 3.0 class System.Security.Cryptography.MACTripleDES class to generate a MAC value. Unfortunately, I am working with a hardware device that uses "1111111111111111" (as hex) as a single-length DES key. The System.Security.Cryptography library does some sanity checking on the key and returns a Exception if you try to use a cryptographically weak key.


byte[] key = new byte[24];
for (int i = 0; i < key.Length; i++)
  key[i] = 0x11;

byte[] data = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte[] computedMac = null;
using (MACTripleDES mac = new MACTripleDES(key))
  computedMac = mac.ComputeHash(data);


System.Security.Cryptography.CryptographicException : Specified key is a known weak key for 'TripleDES' and cannot be used.

我知道这不是安全密钥.在生产中,设备将使用新的安全密钥进行闪存.同时,有什么方法可以抑制这个异常被抛出?也许是 app.config 或注册表设置?

I know this is not a secure key. In production, the device will be flashed with a new, secure key. In the mean time, is there any way to inhibit this Exception from being thrown? Perhaps an app.config or registry setting?

由于算法强制奇校验,密钥实际上是 101010....我不确定这是否适用于 DES 算法,或者只是我所做的支付处理工作中的一个要求.

The key would actually be 101010... due to the algorithm forcing odd parity. I'm not sure if this is universal to the DES algorithm or just a requirement in the payment processing work I do.

编辑 2:Daniel 在下面的回答中有一些关于 .NET 黑客的非常好的信息.不幸的是,我无法使用这种技术解决我的问题,但仍然有一些有趣的阅读.

Edit 2: Daniel's answer below has some very good information about hacking .NET. Unfortunately, I wasn't able to solve my problem using this technique, but there is still some interesting reading there.


您可以在 DESCryptoServiceProvider.

<1111111111111111> 不是弱 DES 密钥.

<1111111111111111> is not a weak DES key.

这将计算一个 DES CBC-MAC:

This will calculate a DES CBC-MAC:

public static byte[] CalcDesMac(byte[] key, byte[] data){
        DESCryptoServiceProvider des = new DESCryptoServiceProvider();
        des.Key = key;
        des.IV = new byte[8];
        des.Padding = PaddingMode.Zeros;
        MemoryStream ms = new MemoryStream();
        using(CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write)){
          cs.Write(data, 0, data.Length);
        byte[] encryption = ms.ToArray();
        byte[] mac = new byte[8];
        Array.Copy(encryption, encryption.Length-8, mac, 0, 8);
        return mac;




Custom Error Queue Name when using EasyNetQ for RabbitMQ?(使用 EasyNetQ for RabbitMQ 时自定义错误队列名称?)
How to generate password_hash for RabbitMQ Management HTTP API(如何为 RabbitMQ 管理 HTTP API 生成密码哈希)
Rabbitmq Ack or Nack, leaving messages on the queue(Rabbitmq Ack 或 Nack,将消息留在队列中)
Wait for a single RabbitMQ message with a timeout(等待一条带有超时的 RabbitMQ 消息)
Setup RabbitMQ consumer in ASP.NET Core application(在 ASP.NET Core 应用程序中设置 RabbitMQ 消费者)
Specify Publish timeouts in mass transit(指定公共交通中的发布超时)