发送IV和密文,安全吗? [英] Sending IV along with cipher text, safe?
问题描述
从目前为止所看到的所有帖子中,我不确定是否可以通过将其添加到密文中将IV发送到明文 。所以第一个问题是这样做是否安全?
第二,在通过交换消息进行通信时,是否有更安全的方式在发送者和接收者之间共享IV?
cheers
是的,可以安全地发送IV。以下是为什么的证明:
以CBC模式为例:
你可以看到密文的块与下一个块的明文进行异或。我们需要一个IV的原因是因为在第一个块上,没有以前的密文使用。如果有IV的秘密存在安全隐患,则每个块后都会存在安全风险,因为密文与IV相同。
尽管如此,您需要确保您的MAC。根据你的消息身份验证码的不同,篡改IV的人可以篡改解密时的明文。单独的加密不能提供消息的完整性。
此外,对于IV代,这取决于您的要求。但是最常见的是,您的IV需要随机和不可预测。
There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.
From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "plaintext" by prepending it to the cipher text. So the first question is, is it safe to do so?
Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?
Cheers
Yes, it is safe to send the IV in the clear. Here is the 'proof' of why:
Take CBC mode for example:
You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.
That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.
Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.
这篇关于发送IV和密文,安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
