多个字符串Base64解码为相同的字节数组

时间:2015-11-12 01:47:40

标签: security http encryption base64

我有一个字节数组(让我们称之为加密消息),我使用Base64编码来获取输出字符串(让我们称之为令牌)。稍后,我使用Base64解码此令牌,以恢复原始的加密消息。

出于测试目的,我尝试在令牌中注入一个随机位翻转,以验证当翻转随机位时加密/认证确实失败。 99%的情况下,情况确实如此。 1-3%的时间,这不会发生。我已将此调试回到以下行为:2个不同的令牌,当Base64解码时都会产生相同的字节数组。

I can understand if this happens for the last character,但在我的情况下,2个令牌实际上在中间不同。

发生这种情况的频率也非常令人费解。假设字节缓冲区中有~1kB,即使1-2个字节仅用于填充并且没有意义,随机位翻转命中填充字节的几率应为~0.1%。我发现这种行为发生的概率> 1%。

这种行为合理吗?或者我的代码中存在一些更深层次的问题?

问题摘要:当Base64解码时,2个不同的字符串是否可能在中间相差1位,以产生相同的字节数组?对于具有1个随机位翻转的1kB缓冲器,1%的时间是否合理?

完整详情

我使用Java的BASE64编码器/解码器类来完成以下所有操作。

String token = new BASE64Encoder().encode(encryptedMessage);
...
byte[] tokenBytes = token.getBytes();
int randomIndex = new Random().nextInt(tokenBytes.length);
int randomBit = 1 << new Random().nextInt(8);
tokenBytes[randomIndex] ^= randomBit;
token = new String(tokenBytes)
....
byte[] finalEncryptedMessage = new BASE64Decoder().decodeBuffer(token);
checkFinalEncryptedMessage!=initialEncryptedMessage

原始加密消息(字节数组):

[52, -11, 14, -3, 10, 92, 65, -46, -54, -25, 117, -126, 15, 2, -72, 123, -119, 111, -115, 114, -11, 48, -6, 47, 72, -47, 117, 76, -17, 82, 98, 23, 124, -99, 92, -45, 92, 48, -116, 20, -90, 52, 94, -25, -116, 7, 112, -51, 20, -2, -66, 126, 11, 117, 81, 33, 27, -116, -46, -115, -64, -7, -83, 78, -113, 85, -106, -70, 46, 35, 42, -51, 118, -40, 40, 99, -29, -78, -117, -34, -65, -49, -18, -98, -84, 79, -115, -42, 93, 55, -115, -71, 6, 8, 106, -11, -5, 12, 11, -61, -9, -31, -114, 112, -119, 31, 37, 125, -9, 82, -53, 90, -43, 77, -53, -114, 118, 9, -68, 93, -48, 116, -116, 54, -82, 6, -52, 64, -66, 54, -34, 51, -3, -83, 49, -79, 81, -88, -122, -113, 6, -102, -11, 60, -128, 12, -105, -66, 4, -80, -2, -106, -73, 117, 55, -14, 96, 96, 107, -41, 16, 10, -83, -60, -88, -25, 49, -30, 19, 48, -85, -65, -70, -90, 0, -43, 100, 7, -106, 77, 70, -8, -87, 16, 108, 49, 102, -91, 41, -31, -45, 101, 61, -11, 108, -23, -117, 16, 52, -30, -46, -106, 78, 114, 64, -31, -82, 40, -109, 97, 61, -54, 50, -70, -106, -82, -21, -14, 78, -93, 101, -68, 107, 22, 18, 115, 3, 125, 44, -106, 126, -109, 8, -90, -81, 118, -34, 98, -111, -73, -67, -39, -51, -85, -104, 41, -37, 31, -29, 26, -114, -88, -116, -89, 27, -36, 74, -99, 101, -13, 76, 126, 1, -32, 59, 80, -102, -93, -92, 30, -49, -87, -28, -70, 88, 16, 117, 37, -49, 56, -6, 106, -74, -60, -71, -72, -91, -81, -9, -122, 53, -126, 28, -16, -126, -14, -24, -89, 19, -17, 20, 110, -25, 73, -74, 67, -65, 78, 103, 107, 116, -63, 84, -113, -114, -114, 24, 66, -6, -74, -71, 126, -112, 68, -37, 117, -88, 92, -13, 39, 18, -44, 92, 97, -84, -111, -118, -13, -73, -60, 69, -43, 74, 38, -89, 82, 74, 33, -41, 73, 87, 12, -114, 0, -48, 80, 1, -79, -53, -19, -4, 60, -8, 108, -85, -54, 104, 36, 77, -6, 30, 78, -104, 120, 33, 85, -87, -86, -57, -102, 97, -111, 43, 29, -63, 103, 101, 57, 64, 124, 53, -43, 118, 103, 107, 77, -97, 81, 90, 90, -102, 28, -57, 26, 18, -26, -21, 92, 36, -83, 22, 57, -33, 112, 1, -46, -23, -51, 121, 68, 45, -89, -25, -42, 103, 30, -113, -120, 36, 0, 19, 60, -28, 15, -63, -8, 97, -117, -69, -86, -55, -114, -89, -78, -5, -60, 86, 41, 117, -85, -38, -106, 2, -126, -107, 89, -93, -72, 20, 11, 48, 117, -57, -52, -9, 29, 54, -28, -13, 95, -100, 62, 107, -126, -22, -110, 40, -14, -110, 22, -10, -107, -87, -8, 45, -117, -3, -59, 22, 68, 92, 97, 48, -47, 90, 72, -13, 116, 50, 86, -44, -106, 95, -30, -89, 6, -69, 77, -64, 98, -110, 40, -59, -60, 58, 58, -11, -83, 81, -59, 65, 56, 105, 94, -2, 110, 73, 125, 46, 42, -52, 68, -28, 25, 97, -111, -98, -51, -50, 43, -31, -92, -88, 99, 26, -81, -62, 104, -117, -87, 70, -75, 26, -68, 18, -35, -4, 92, 79, -63, -24, 42, 34, 96, 63, -78, 58, -52, -71, 79, -121, 81, 65, 69, -24, -23, 55, -49, 10, 11, 33, -2, -8, 105, -95, -15, 6, 66, -121, 13, -124, -21, -103, -30, -56, -72, -44, 61, -67, -24, 96, -81, 20, -38, -21, -93, -35, 25, -105, -116, -15, -3, 71, 77, 0, -108, 85, 63, -114, 82, 31, -28, -61, -116, 74, 9, -1, -88, 67, 92, 14, 1, -90, -55, 105, -31, 5, -91, 123, 105, 2, -44, 71, 31, 8, 6, -68, 5, -35, 66, 112, 120, -38, 48, 85, 67, 89, -103, -43, 29, 120, 16, -4, 53, 72, -36, -56, 9, 42, -32, -98, -24, 66, 70, 54, -112, 73, -59, -124, 4, -51, 84, -120, 1, -18, -70, 66, -85, 27, 127, -85, -19, 117, -91, -63, 94, -46, 97, -35, -105, -84, -81, -118, -81, 107, 63, 65, -109, -36, -49, 111, -8, 77, 57, -91, -49, 2, 93, 103, 71, 48, 38, 28, 102, 9, -13, 25, 121, 95, -75, 69, -74, -18, -112, -122, -59, 17, -26, 81, 123, 54, 56, -127, -92, 32, 12, 86, 103, -84, 39, -18, 78, 100, 62, -78, -56, 84, -65, 80, -78, 102, -9, -48, 73, -98, 118, 74, 116, 39, -103, -127, 33, 48, -6, -48, 10, -69, -11, 118, -51, 1, -56, -59, -48, 103, -105, -109, -29, -100, 77, 66, 4, -85, -93, 46, -64, 61, -57, -111, -29, 89, -25, 126, -89, 65, -32, 33, -65, -70, 36, -19, -18, -79, 88, -79, 20, -91, -71, 13, -114, -44, 68, -14, -48, 106, -46, 105, 126, -6, -72, 113, -117, -46, 9, 27, -55, 113, 19, -69, -15, 36, -117, -90, 35, 122, 64, -108, -56]

原始令牌(在上面的Base64编码之后):

NPUO/QpcQdLK53WCDwK4e4lvjXL1MPovSNF1TO9SYhd8nVzTXDCMFKY0XueMB3DNFP6+fgt1USEb
jNKNwPmtTo9VlrouIyrNdtgoY+Oyi96/z+6erE+N1l03jbkGCGr1+wwLw/fhjnCJHyV991LLWtVN
y452Cbxd0HSMNq4GzEC+Nt4z/a0xsVGoho8GmvU8gAyXvgSw/pa3dTfyYGBr1xAKrcSo5zHiEzCr
v7qmANVkB5ZNRvipEGwxZqUp4dNlPfVs6YsQNOLSlk5yQOGuKJNhPcoyupau6/JOo2W8axYScwN9
LJZ+kwimr3beYpG3vdnNq5gp2x/jGo6ojKcb3EqdZfNMfgHgO1Cao6Qez6nkulgQdSXPOPpqtsS5
uKWv94Y1ghzwgvLopxPvFG7nSbZDv05na3TBVI+OjhhC+ra5fpBE23WoXPMnEtRcYayRivO3xEXV
SianUkoh10lXDI4A0FABscvt/Dz4bKvKaCRN+h5OmHghVamqx5phkSsdwWdlOUB8NdV2Z2tNn1Fa
WpocxxoS5utcJK0WOd9wAdLpzXlELafn1mcej4gkABM85A/B+GGLu6rJjqey+8RWKXWr2pYCgpVZ
o7gUCzB1x8z3HTbk81+cPmuC6pIo8pIW9pWp+C2L/cUWRFxhMNFaSPN0MlbUll/ipwa7TcBikijF
xDo69a1RxUE4aV7+bkl9LirMROQZYZGezc4r4aSoYxqvwmiLqUa1GrwS3fxcT8HoKiJgP7I6zLlP
h1FBRejpN88KCyH++Gmh8QZChw2E65niyLjUPb3oYK8U2uuj3RmXjPH9R00AlFU/jlIf5MOMSgn/
qENcDgGmyWnhBaV7aQLURx8IBrwF3UJweNowVUNZmdUdeBD8NUjcyAkq4J7oQkY2kEnFhATNVIgB
7rpCqxt/q+11pcFe0mHdl6yviq9rP0GT3M9v+E05pc8CXWdHMCYcZgnzGXlftUW27pCGxRHmUXs2
OIGkIAxWZ6wn7k5kPrLIVL9Qsmb30Emedkp0J5mBITD60Aq79XbNAcjF0GeXk+OcTUIEq6MuwD3H
keNZ536nQeAhv7ok7e6xWLEUpbkNjtRE8tBq0ml++rhxi9IJG8lxE7vxJIumI3pAlMg=

令牌损坏(见第7行的位翻。/替换为?)

NPUO/QpcQdLK53WCDwK4e4lvjXL1MPovSNF1TO9SYhd8nVzTXDCMFKY0XueMB3DNFP6+fgt1USEb
jNKNwPmtTo9VlrouIyrNdtgoY+Oyi96/z+6erE+N1l03jbkGCGr1+wwLw/fhjnCJHyV991LLWtVN
y452Cbxd0HSMNq4GzEC+Nt4z/a0xsVGoho8GmvU8gAyXvgSw/pa3dTfyYGBr1xAKrcSo5zHiEzCr
v7qmANVkB5ZNRvipEGwxZqUp4dNlPfVs6YsQNOLSlk5yQOGuKJNhPcoyupau6/JOo2W8axYScwN9
LJZ+kwimr3beYpG3vdnNq5gp2x/jGo6ojKcb3EqdZfNMfgHgO1Cao6Qez6nkulgQdSXPOPpqtsS5
uKWv94Y1ghzwgvLopxPvFG7nSbZDv05na3TBVI+OjhhC+ra5fpBE23WoXPMnEtRcYayRivO3xEXV
SianUkoh10lXDI4A0FABscvt?Dz4bKvKaCRN+h5OmHghVamqx5phkSsdwWdlOUB8NdV2Z2tNn1Fa
WpocxxoS5utcJK0WOd9wAdLpzXlELafn1mcej4gkABM85A/B+GGLu6rJjqey+8RWKXWr2pYCgpVZ
o7gUCzB1x8z3HTbk81+cPmuC6pIo8pIW9pWp+C2L/cUWRFxhMNFaSPN0MlbUll/ipwa7TcBikijF
xDo69a1RxUE4aV7+bkl9LirMROQZYZGezc4r4aSoYxqvwmiLqUa1GrwS3fxcT8HoKiJgP7I6zLlP
h1FBRejpN88KCyH++Gmh8QZChw2E65niyLjUPb3oYK8U2uuj3RmXjPH9R00AlFU/jlIf5MOMSgn/
qENcDgGmyWnhBaV7aQLURx8IBrwF3UJweNowVUNZmdUdeBD8NUjcyAkq4J7oQkY2kEnFhATNVIgB
7rpCqxt/q+11pcFe0mHdl6yviq9rP0GT3M9v+E05pc8CXWdHMCYcZgnzGXlftUW27pCGxRHmUXs2
OIGkIAxWZ6wn7k5kPrLIVL9Qsmb30Emedkp0J5mBITD60Aq79XbNAcjF0GeXk+OcTUIEq6MuwD3H
keNZ536nQeAhv7ok7e6xWLEUpbkNjtRE8tBq0ml++rhxi9IJG8lxE7vxJIumI3pAlMg=

最终加密消息,在Base64解码之后:

[52, -11, 14, -3, 10, 92, 65, -46, -54, -25, 117, -126, 15, 2, -72, 123, -119, 111, -115, 114, -11, 48, -6, 47, 72, -47, 117, 76, -17, 82, 98, 23, 124, -99, 92, -45, 92, 48, -116, 20, -90, 52, 94, -25, -116, 7, 112, -51, 20, -2, -66, 126, 11, 117, 81, 33, 27, -116, -46, -115, -64, -7, -83, 78, -113, 85, -106, -70, 46, 35, 42, -51, 118, -40, 40, 99, -29, -78, -117, -34, -65, -49, -18, -98, -84, 79, -115, -42, 93, 55, -115, -71, 6, 8, 106, -11, -5, 12, 11, -61, -9, -31, -114, 112, -119, 31, 37, 125, -9, 82, -53, 90, -43, 77, -53, -114, 118, 9, -68, 93, -48, 116, -116, 54, -82, 6, -52, 64, -66, 54, -34, 51, -3, -83, 49, -79, 81, -88, -122, -113, 6, -102, -11, 60, -128, 12, -105, -66, 4, -80, -2, -106, -73, 117, 55, -14, 96, 96, 107, -41, 16, 10, -83, -60, -88, -25, 49, -30, 19, 48, -85, -65, -70, -90, 0, -43, 100, 7, -106, 77, 70, -8, -87, 16, 108, 49, 102, -91, 41, -31, -45, 101, 61, -11, 108, -23, -117, 16, 52, -30, -46, -106, 78, 114, 64, -31, -82, 40, -109, 97, 61, -54, 50, -70, -106, -82, -21, -14, 78, -93, 101, -68, 107, 22, 18, 115, 3, 125, 44, -106, 126, -109, 8, -90, -81, 118, -34, 98, -111, -73, -67, -39, -51, -85, -104, 41, -37, 31, -29, 26, -114, -88, -116, -89, 27, -36, 74, -99, 101, -13, 76, 126, 1, -32, 59, 80, -102, -93, -92, 30, -49, -87, -28, -70, 88, 16, 117, 37, -49, 56, -6, 106, -74, -60, -71, -72, -91, -81, -9, -122, 53, -126, 28, -16, -126, -14, -24, -89, 19, -17, 20, 110, -25, 73, -74, 67, -65, 78, 103, 107, 116, -63, 84, -113, -114, -114, 24, 66, -6, -74, -71, 126, -112, 68, -37, 117, -88, 92, -13, 39, 18, -44, 92, 97, -84, -111, -118, -13, -73, -60, 69, -43, 74, 38, -89, 82, 74, 33, -41, 73, 87, 12, -114, 0, -48, 80, 1, -79, -53, -19, -4, 60, -8, 108, -85, -54, 104, 36, 77, -6, 30, 78, -104, 120, 33, 85, -87, -86, -57, -102, 97, -111, 43, 29, -63, 103, 101, 57, 64, 124, 53, -43, 118, 103, 107, 77, -97, 81, 90, 90, -102, 28, -57, 26, 18, -26, -21, 92, 36, -83, 22, 57, -33, 112, 1, -46, -23, -51, 121, 68, 45, -89, -25, -42, 103, 30, -113, -120, 36, 0, 19, 60, -28, 15, -63, -8, 97, -117, -69, -86, -55, -114, -89, -78, -5, -60, 86, 41, 117, -85, -38, -106, 2, -126, -107, 89, -93, -72, 20, 11, 48, 117, -57, -52, -9, 29, 54, -28, -13, 95, -100, 62, 107, -126, -22, -110, 40, -14, -110, 22, -10, -107, -87, -8, 45, -117, -3, -59, 22, 68, 92, 97, 48, -47, 90, 72, -13, 116, 50, 86, -44, -106, 95, -30, -89, 6, -69, 77, -64, 98, -110, 40, -59, -60, 58, 58, -11, -83, 81, -59, 65, 56, 105, 94, -2, 110, 73, 125, 46, 42, -52, 68, -28, 25, 97, -111, -98, -51, -50, 43, -31, -92, -88, 99, 26, -81, -62, 104, -117, -87, 70, -75, 26, -68, 18, -35, -4, 92, 79, -63, -24, 42, 34, 96, 63, -78, 58, -52, -71, 79, -121, 81, 65, 69, -24, -23, 55, -49, 10, 11, 33, -2, -8, 105, -95, -15, 6, 66, -121, 13, -124, -21, -103, -30, -56, -72, -44, 61, -67, -24, 96, -81, 20, -38, -21, -93, -35, 25, -105, -116, -15, -3, 71, 77, 0, -108, 85, 63, -114, 82, 31, -28, -61, -116, 74, 9, -1, -88, 67, 92, 14, 1, -90, -55, 105, -31, 5, -91, 123, 105, 2, -44, 71, 31, 8, 6, -68, 5, -35, 66, 112, 120, -38, 48, 85, 67, 89, -103, -43, 29, 120, 16, -4, 53, 72, -36, -56, 9, 42, -32, -98, -24, 66, 70, 54, -112, 73, -59, -124, 4, -51, 84, -120, 1, -18, -70, 66, -85, 27, 127, -85, -19, 117, -91, -63, 94, -46, 97, -35, -105, -84, -81, -118, -81, 107, 63, 65, -109, -36, -49, 111, -8, 77, 57, -91, -49, 2, 93, 103, 71, 48, 38, 28, 102, 9, -13, 25, 121, 95, -75, 69, -74, -18, -112, -122, -59, 17, -26, 81, 123, 54, 56, -127, -92, 32, 12, 86, 103, -84, 39, -18, 78, 100, 62, -78, -56, 84, -65, 80, -78, 102, -9, -48, 73, -98, 118, 74, 116, 39, -103, -127, 33, 48, -6, -48, 10, -69, -11, 118, -51, 1, -56, -59, -48, 103, -105, -109, -29, -100, 77, 66, 4, -85, -93, 46, -64, 61, -57, -111, -29, 89, -25, 126, -89, 65, -32, 33, -65, -70, 36, -19, -18, -79, 88, -79, 20, -91, -71, 13, -114, -44, 68, -14, -48, 106, -46, 105, 126, -6, -72, 113, -117, -46, 9, 27, -55, 113, 19, -69, -15, 36, -117, -90, 35, 122, 64, -108, -56]

2 个答案:

答案 0 :(得分:2)

简短回答是“不”。

任何字节流B都只有一个base64编码E.编码流E是唯一有效的字节流,它解码为字节流B.这就是B64的工作方式。

您的示例中发生的事情是您将字符串中的字符更改为标准base64中的无效字符。解码器如何处理这将是特定于实现的。

答案 1 :(得分:2)

您已将该字符更改为无效的base64字符。因此,结果将特定于解码器。

您的测试显示,某些base64解码器比其他解码器更有效地处理无效的base64字符。最好的解决方案是使用Base64解码器,其记录的错误行为符合您的期望。现在Java 8中有两个,{8}中的一个在Java 8中首次出现,而java.util.Base64中的一些方法至少存在于Java 8中。还有其他类,例如iHarder base64类,javax.xml.bind.DatatypeConverter描述它和其他base64解码器,以及a nice page中的base64解码器。

请注意,上面提供的某些库在解码无效的Base64字符时不会抛出异常。这是我通过试验不同的Base64库而发现的。最后,我通过明确检查我的位翻转是否产生了Base64字符来解决问题。如果它没有,我解开位翻转并选择一个新位翻转。

相关问题
最新问题