对于 AES CBC 加密，IV 的重要性是什么? [英] For AES CBC encryption, whats the importance of the IV?

问题描述

始终对 IV 使用全零的安全威胁是什么?如果它允许解密加密文本，攻击者怎么能做到呢?

What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that?

更新:那么，如果第一个未加密数据块的时间戳从不重复，是否仍然需要 IV?

UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary?

推荐答案

一旦攻击者有一个明文消息和匹配的密文(也许她在其他地方截获了它，比如目的地)，她将能够知道其他任何时候发送具有相同起始顺序的消息.由于她可以了解您加密消息的内容，因此这是不安全的.

Once the attacker has one plaintext message and the matching ciphertext (perhaps she intercepted it somewhere else, like the destination), she will be able to know when any other messages with the same starting sequence are sent. Since she can learn something about the contents of your encrypted messages, this is insecure.

它还允许攻击者执行频率分析.例如，假设您的纯文本消息是对股票市场平台后端的命令，因此它们都以 "COMMAND=BUY" 或 "COMMAND=SELL" 开头.这意味着加密消息仅以两个不同的密文序列开头.攻击者不能直接解密它们——但是如果她以后能够通过观察市场数据来观察你下了多少 SELL 订单，她就可以回去算出哪个是哪个，从现在开始她'当您下订单时，我们会确切地知道您正在下哪些订单.

It also allows the attacker to perform frequency analysis. For example, imagine that your plaintext messages are commands to the backend of a stock market platform, so they all start with either "COMMAND=BUY" or "COMMAND=SELL". This means that the encrypted messages start with only two different ciphertext sequences. The attacker can't directly decrypt them - but if she is able to later observe how many SELL orders you placed through observing the market data, she'll be able to go back and work out which is which, and from now on she'll know exactly which orders you are placing as you place them.

频率分析是简单的替换密码被破解的方式，这并非巧合 - 使用固定的 IV 意味着您的消息的初始部分实际上只是使用替换，一次一个块.

Frequency analysis is how simple substitution ciphers are broken, and this is no coincidence - using a fixed IV means that the initial portion of your messages are effectively just using substitution, a block at a time.

这篇关于对于 AES CBC 加密，IV 的重要性是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！