在CBC中使用具有相同IV的AES消息 [英] Using AES in CBC with the same IV for messages

问题描述

是否会在CBC中以相同的IV在AES中用AES加密两个相同的明文消息而产生相同的密文？

Will encrypting two identical plaintext messages with AES in CBC with the same IV yield the same ciphertext?

根据我的理解，第一个块与IV进行了XOR运算。 ，然后将每个后续块与上一个。这是否意味着使用相同的IV和相同的消息，每个块都将被加密为同一事物？我知道使用可预测的或不变的IV进行加密是非常糟糕的事情，我想知道为什么-是因为攻击者可以建立已知信息的书，还是因为

From my understanding the first block is XOR'd with the IV, and then each subsequent block with the previous. Does this mean that with the same IV and identical messages that every block will be encrypted to the same thing? I understand using a predictable or non-changing IV for encryption is a very bad thing to do, and I am wondering why - is it because attackers can build up a "book" of known messages, or because we leave the first block vulnerable to frequency checks?

谢谢

推荐答案

如果两次都使用相同的键，那么可以，您将获得相同的输出。如果使用其他密钥，则会得到不同的输出（将前一个块与当前块进行异或，但是，然后对结果进行加密以生成密文块）。

If you use the same key both times, then yes, you'd get identical output. If you use a different key, then you'd get different output (you XOR the previous block with the current block, but then you encrypt the result to produce a block of ciphertext).

但是，这通常没有什么帮助。使用CBC之类的基本原因之一是，即使它们包含相同的数据 ，也要避免在消息之间重复，尽管您继续使用相同的密钥（当然，避免模式也很有用。以及 中的一条消息）。更改IV可使每条消息保持唯一性（即使某些纯文本内容是可预测的），而无需进行为每条消息分配新密钥的工作（通常会比较痛苦）。

That, however, is generally of little help. One of the basic reasons for using something like CBC is to avoid repetition among messages even if they contain the same data and you continue to use the same key (though of course, it's also useful that it avoids patterns within a single message as well). Changing the IV keeps each message unique (even if some of the plaintext content is predictable) without going to all the work of distributing a new key for every message (which would generally be relatively painful).

这篇关于在CBC中使用具有相同IV的AES消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！