分享&安培;存储IV的AES加密/解密 [英] sharing & storing IV for AES Encryption/decryption
问题描述
我目前使用AES-ECB加密的Android应用程序的用户密码,但我必须把这个应用程序的数据库连接到一个网站,用户可以注册并登录相同的方式,移动应用。
I am currently using AES-ECB encryption for user passwords on an android app, but I have to connect this app's database to a website where users can register and log in the same way as the mobile app.
我已阅读,ECB模式是不安全的,所以我想通过生成IV使用CBC。
I have read that ECB mode is not secured, so I wanted to use CBC by generating an IV.
它是固定的IV存储作为code(I存储密钥这种方式太)恒定,无论是在服务器端PHP,并在应用程序?
Is it secure to store an IV as a constant in the code (I store the secret key this way too), both in php on the server side, and in the app ?
如果不是,是那里的网站方式和移动应用分享它的IV加密/解密的用户密码?
If not, is there a way for the website and the mobile app to share it's IV to encrypt /decrypt user password ?
另外,我可能选择了错误的加密算法,有可能是一个更好的适合我的需要。
Alternatively, I may have chosen the wrong encryption algorithm, there might be one that better suit my needs
推荐答案
最佳做法是为每一个加密的一个新的随机IV。 IV是基本上为在第一块中使用的加密呼叫的种子。
Best practice would be to create a new random IV for each encryption. The IV is basically a seed for that encryption call used in the first block.
每个IV可以安全地储存在明文与CYPHER文本,从而解密(静脉注射用于加密必须IV用于解密相同)的暗号文本时,可沿。
Each IV can be safely stored in clear text along with the cypher text so it is available when decrypting the cypher text (the IV used to encrypt must be the same IV used to decrypt).
这篇关于分享&安培;存储IV的AES加密/解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
