我想模拟登录自己学校的教务系统,发现登录的表单里密码那一栏是加密的,应该是AES-128-CBC模式的,让我不明白的是它的**iv偏移量**为什么是random出来的?这样的话后端服务器要怎么验证内容呢?
ps:pwd1为表单内提交给后端的加密内容,pwdDefaultEncryptSalt为页面内嵌入的key的值
下面贴出代码:
function getAesString(data,key0,iv0){
key0 = key0.replace(/(^\s+)|(\s+$)/g, "");
var key = CryptoJS.enc.Utf8.parse(key0);
var iv = CryptoJS.enc.Utf8.parse(iv0);randomString(16)
var encrypted =CryptoJS.AES.encrypt(data,key,
{
iv:iv,
mode:CryptoJS.mode.CBC,
padding:CryptoJS.pad.Pkcs7
});
console.log(encrypted.toString())
return encrypted.toString();
}
function encryptAES(data,aesKey){
if(!aesKey){
return data;
}
var encrypted =getAesString(randomString(64)+data,aesKey,randomString(16));
return encrypted;
}
var $aes_chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678';/****默认去掉了容易混淆的字符oOLl,9gq,Vv,Uu,I1****/
var aes_chars_len = $aes_chars.length;
function randomString(len) {
var retStr = '';
for (i = 0; i < len; i++) {
retStr += $aes_chars.charAt(Math.floor(Math.random() * aes_chars_len));
}
return retStr;
}
var pwd1 = encryptAES('输入的原始密码','页面内嵌入的key(pwdDefaultEncryptSalt)');
