AES/CBC真的需要IV参数吗? [英] Does AES/CBC really require IV parameter?

问题描述

我正在编写一个简单的应用程序，以使用AES/CBC(模式)对我的消息进行加密.据我了解，CBC模式需要IV参数，但是我不知道为什么我的代码在不使用IV参数的情况下也能工作.任何人都可以解释为什么?谢谢.

I am writing a simple app to encrypt my message using AES / CBC (mode). As my understanding CBC mode requires IV parameter but I don't know why my code work without IV parameter used. Anyone can explain why? Thanks.

打印的加密消息:T9KdWxVZ5xStaisXn6llfg ==毫无例外.

public class TestAES {

    public static void main(String[] args) {

        try {
            byte[] salt = new byte[8];
            new SecureRandom().nextBytes(salt);

            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
            KeySpec keySpec = new PBEKeySpec("myPassword".toCharArray(), salt, 100, 128);

            SecretKey tmp = keyFactory.generateSecret(keySpec);
            SecretKeySpec key = new SecretKeySpec(tmp.getEncoded(), "AES");

            Cipher enCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            enCipher.init(Cipher.ENCRYPT_MODE, key);

            // enCipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));

            byte[] cipherBytes = enCipher.doFinal("myMessage".getBytes());
            String cipherMsg = BaseEncoding.base64().encode(cipherBytes);

            System.out.println("Encrypted message: " + cipherMsg);

        } catch (Exception ex) {
            ex.printStackTrace();
        }

    }
}

推荐答案

在不使用IV的情况下使用它时，对于包括AES在内的某些类型的密码，它隐式使用0 IV.请参阅密码类文档.

When it is used without an IV, for certain types of ciphers including AES, it implicitly uses 0 IV. See Cipher class documentation.

空IV(或确定性IV)的缺点是它很容易受到字典攻击.IV的要求是防止相同的纯文本块每次都产生相同的密文.

The disadvantage of a null IV (or a deterministic IV) is that it is vulnerable to dictionary attacks. The requirement for IV is to prevent the same plain text block producing the same cipher text every time.

这篇关于AES/CBC真的需要IV参数吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！