加密:使用初始化向量与密钥? [英] Encryption: Use of initialization vector vs key?
问题描述
mcrypt 库和 AES-256 (rijndael)算法,这需要一个键+初始化向量运行。 我的逻辑大脑不是真的跟着这个。
理论情景
如果我有存储在数据库中的加密敏感数据(只有所有者应该能够解密)是否适合使用用户将密钥或初始化向量加密到他或她的数据?
如果密钥被认为比初始化向量更私有,或者是其他方式?
不,事实上,IV在大多数实现中至关重要。 IV也被认为是安全的公共使用,例如IV以WEP和WPA1 / WPA2的纯文本传输。当使用相同的密钥+ iv加密相同的纯文本时出现问题。密码将相同,除非您使用IV。如果攻击者可以使用该密钥加密任意纯文本,然后查看密文。这是一个更快的方式强制攻击者获得的其他密码。
不仅如此,IV必须是随机的,否则您将违反< a href =http://cwe.mitre.org/data/definitions/329.html =nofollow noreferrer> CWE-329 。这是一个问题的原因有点更微妙,我没有得到它。你没有提到这个,但我希望你使用 CBC或CMAC模式
使用密码的哈希函数与使用String2Key函数几乎相同。这是一个坚实的设计,只要攻击者不能使用SQL Injection来获取密钥。
I am using PHP's mcrypt library and the AES-256 (rijndael) algorithm, which requires both a key + initialization vector to run.
My logical brainside isn't really going along with this. Isn't just one key enough?
Theoretical scenario:
If I had encrypted sensitive data stored in a database, which only the owner should be able to decrypt, would it be appropriate to use the users hashed password to either the key or the initialization vector to his or her data?
Should the key be considered more private than the initialization vector or is it the other way around?
No, in fact an IV is vital in most implementations. The IV is also considered to be safe for public use, for instance the IV is transmitted in plain text for WEP and WPA1/WPA2. The problem arises when this same key+iv is used to encrypt the same plain text. The cipher texts will be identical, unless you use an IV. If an attacker can encrypt arbitrary plain text with this key, and then view the cipher text. This is a much faster way of brute forcing other cipher text that the attacker has obtained.
Not only that, the IV must be random or you would be in violation of CWE-329. The reason why this is a problem is a bit more subtle and I didn't get it at first. You didn't mention this, but i hope you are using either the CBC or CMAC modes
The use of a hash function on a password is nearly identical to using a String2Key function. This is a solid design so long as an attacker can't use SQL Injection to obtain the key.
这篇关于加密:使用初始化向量与密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
