AES 加密如何传输 IV [英] AES encryption how to transport IV
问题描述
我了解唯一 IV 在加密以防止频率分析等攻击方面很重要.问题:对于AES CBC加密,什么是重要的IV? 有一个非常明确的答案来解释 IV 的重要性.
I understand that unique IV is important in encrypting to prevent attacks like frequency analysis. The question: For AES CBC encryption, whats the importance of the IV? has a pretty clear answer explaining the importance of the IV.
以明文形式发送 IV 是否存在安全漏洞?或者是否需要使用用于发送对称密钥的相同公钥/私钥对其进行加密?
Would there be any security holes in sending the IV in clear text? Or would it need to be encrypted with the same public/private key that was used to send the symmetric key?
如果 IV 需要加密发送,那么为什么不每次都生成一个新的对称密钥并将 IV 视为密钥的一部分呢?生成对称密钥的成本是否太高?还是尽量减少传输的数据量?
If the IV needs to be sent encrypted, then why not generate a new symmetric key each time and consider the IV as part of the key? Is it that generating a symmetric key is too costly? Or is it to minimize the amount of data transported?
秘密与非秘密初始化向量状态的最佳答案:
典型的密钥建立协议将导致双方都参与计算一段数据,但只有他们自己知道.使用 Diffie-Hellman(或其任何椭圆曲线变体),所述共享数据块具有固定长度,并且它们无法控制其值(它们只是获得相同的看似随机的位序列).
A typical key establishment protocol will result in both involve parties computing a piece of data which they, but only they, both know. With Diffie-Hellman (or any Elliptic Curve variant thereof), the said shared piece of data has a fixed length and they have no control over its value (they just both get the same seemingly random sequence of bits).
两个实体如何在没有共享信息的情况下得出相同的看似随机的比特序列"?共享信息是加密发送的假设吗?而且,如果共享信息是加密发送的,为什么不直接发送 IV 加密呢?
How do two entities derive the "same seemingly random sequence of bits" without having a shared piece of information? Is the assumption that the shared information was sent encrypted? And, if the shared information is sent encrypted, why not just send the IV encrypted?
由于应用程序需要安全地传输对称密钥,因此将 IV 与密钥本身分开似乎本质上是一种优化.还是我错过了什么?
Because an application needs to transport the symmetric key securely, it would seem that separating the IV from the key itself is essentially an optimization. Or am I missing something?
推荐答案
以明文形式发送 IV 不会存在安全漏洞 - 这类似于以明文形式存储哈希值的盐:只要攻击者无法控制过IV/salt,只要是随机的就没有问题.
There is no security hole by sending the IV in cleartext - this is similar to storing the salt for a hash in plaintext: As long as the attacker has no control over the IV/salt, and as long as it is random, there is no problem.
这篇关于AES 加密如何传输 IV的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
