将 IV 与密文一起发送，安全吗? [英] Sending IV along with cipher text, safe?

问题描述

关于 IV 生成、加密和在发送方和接收方之间共享 IV 方面存在很多问题，但我想就从发送方向接收方发送 IV 的最佳方式发表明确的帖子.

There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.

从到目前为止我看到的所有帖子中，我不确定通过将 IV 附加到密文中来以明文"形式发送 IV 是否安全.所以第一个问题是，这样做安全吗?

From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "plaintext" by prepending it to the cipher text. So the first question is, is it safe to do so?

其次，在通过消息交换进行通信时，是否有更安全的方式在发送方和接收方之间共享 IV?

Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?

干杯

推荐答案

是的，以明文形式发送 IV 是安全的.以下是原因的证明":

Yes, it is safe to send the IV in the clear. Here is the 'proof' of why:

以CBC模式为例:

您可以看到一个块的密文与下一个块的明文进行了异或运算.我们需要 IV 的原因是因为在第一个块上，没有以前的密文可以使用.如果将 IV 保密存在安全风险，那么之后的每个块都会存在安全风险，因为密文与 IV 的作用相同.

You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.

话虽如此，但你需要确保你对它进行 MAC 处理.根据您如何处理消息身份验证代码，篡改 IV 的人可能会篡改解密时生成的明文.单独的加密不能提供消息的完整性.

That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.

另外，对于 IV 生成，这取决于您的要求.但大多数情况下，您的 IV 需要是随机且不可预测的.

Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.

这篇关于将 IV 与密文一起发送，安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！