我应该在加密的同时使用初始化向量 (IV) 吗? [英] Should I use an initialization vector (IV) along with my encryption?

问题描述

是否建议我使用初始化向量来加密/解密我的数据?它会让事情更安全吗?这是需要逐案评估的事情之一吗?

Is it recommended that I use an initialization vector to encrypt/decrypt my data? Will it make things more secure? Is it one of those things that need to be evaluated on a case by case basis?

为了将其置于实际上下文中，Win32 加密函数，CryptSetKeyParam 允许在加密/解密之前在密钥上设置初始化向量.其他 API 也允许这样做.

To put this into actual context, the Win32 Cryptography function, CryptSetKeyParam allows for the setting of an initialization vector on a key prior to encrypting/decrypting. Other API's also allow for this.

一般推荐什么以及为什么?

What is generally recommended and why?

推荐答案

当同一个密钥可能被用于加密多个消息时，IV 是必不可少的.

An IV is essential when the same key might ever be used to encrypt more than one message.

原因是，在大多数加密模式下，可以一起分析使用相同密钥加密的两条消息.例如，在一个简单的流密码中，对使用相同密钥加密的两个密文进行异或会导致两个消息的异或，使用传统的密码分析技术可以很容易地从中提取明文.

The reason is because, under most encryption modes, two messages encrypted with the same key can be analyzed together. In a simple stream cipher, for instance, XORing two ciphertexts encrypted with the same key results in the XOR of the two messages, from which the plaintext can be easily extracted using traditional cryptanalysis techniques.

弱 IV 是 WEP 易碎的部分原因.

A weak IV is part of what made WEP breakable.

IV 基本上将一些独特的、非秘密的数据混合到密钥中，以防止同一个密钥被使用两次.

An IV basically mixes some unique, non-secret data into the key to prevent the same key ever being used twice.

这篇关于我应该在加密的同时使用初始化向量 (IV) 吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！