AES加密如何传输IV [英] AES encryption how to transport IV
问题描述
我知道独特的IV对于加密以防止诸如频率分析之类的攻击非常重要。问题:对于AES CBC加密, IV?有一个非常清晰的答案来解释IV的重要性。
I understand that unique IV is important in encrypting to prevent attacks like frequency analysis. The question: For AES CBC encryption, whats the importance of the IV? has a pretty clear answer explaining the importance of the IV.
以明文形式发送IV会不会有安全漏洞?还是需要使用与发送对称密钥相同的公钥/私钥对它进行加密?
Would there be any security holes in sending the IV in clear text? Or would it need to be encrypted with the same public/private key that was used to send the symmetric key?
如果需要对IV发送加密,那为什么不这样做每次生成一个新的对称密钥,并将IV视为密钥的一部分?生成对称密钥是否太昂贵?还是要减少传输的数据量?
If the IV needs to be sent encrypted, then why not generate a new symmetric key each time and consider the IV as part of the key? Is it that generating a symmetric key is too costly? Or is it to minimize the amount of data transported?
一个典型的密钥建立协议将导致双方都计算双方(但只有他们自己知道)的数据。使用Diffie-Hellman(或其任何椭圆曲线变体),所述共享数据段具有固定长度,并且无法控制其值(它们都获得相同的看似随机的位序列)。
A typical key establishment protocol will result in both involve parties computing a piece of data which they, but only they, both know. With Diffie-Hellman (or any Elliptic Curve variant thereof), the said shared piece of data has a fixed length and they have no control over its value (they just both get the same seemingly random sequence of bits).
两个实体如何在没有共享信息的情况下得出相同的看似随机的位序列?共享信息已发送的假设是否已加密?而且,如果共享信息是加密发送的,为什么不发送IV加密呢?
How do two entities derive the "same seemingly random sequence of bits" without having a shared piece of information? Is the assumption that the shared information was sent encrypted? And, if the shared information is sent encrypted, why not just send the IV encrypted?
因为应用程序需要传输安全地使用对称密钥,似乎将IV与密钥本身分开实际上是一种优化。还是我丢失了什么?
Because an application needs to transport the symmetric key securely, it would seem that separating the IV from the key itself is essentially an optimization. Or am I missing something?
推荐答案
以明文形式发送IV不会产生安全漏洞-类似于存储盐对于明文哈希:只要攻击者无法控制IV /盐,并且只要是随机的,就没有问题。
There is no security hole by sending the IV in cleartext - this is similar to storing the salt for a hash in plaintext: As long as the attacker has no control over the IV/salt, and as long as it is random, there is no problem.
这篇关于AES加密如何传输IV的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
