对于AES CBC加密，IV的重要性是什么？ [英] For AES CBC encryption, whats the importance of the IV?

问题描述

总是对IV使用全零的安全威胁是什么？如果允许加密文本被解密，攻击者如何做呢？

What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that?

UPDATE：那么，如果第一个未加密数据块的时间戳不会重复

UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary?

推荐答案

一旦攻击者有一个明文消息和匹配的密文（也许她拦截它在某处否则，像目的地），她将能够知道何时发送具有相同起始序列的任何其他消息。由于她可以了解加密邮件的内容，因此这是不安全的。

Once the attacker has one plaintext message and the matching ciphertext (perhaps she intercepted it somewhere else, like the destination), she will be able to know when any other messages with the same starting sequence are sent. Since she can learn something about the contents of your encrypted messages, this is insecure.

它还允许攻击者执行频率分析。例如，假设您的明文消息是对股市平台后端的命令，因此它们都以COMMAND = BUY或 COMMAND = SELL。这意味着加密的消息仅以两个不同的密文序列开始。攻击者不能直接解密它们 - 但是如果她能够以后通过观察市场数据来观察你放置了多少SELL订单，她就能够回去并确定哪个是哪个，从现在起，

It also allows the attacker to perform frequency analysis. For example, imagine that your plaintext messages are commands to the backend of a stock market platform, so they all start with either "COMMAND=BUY" or "COMMAND=SELL". This means that the encrypted messages start with only two different ciphertext sequences. The attacker can't directly decrypt them - but if she is able to later observe how many SELL orders you placed through observing the market data, she'll be able to go back and work out which is which, and from now on she'll know exactly which orders you are placing as you place them.

频率分析是如何破坏简单的替换密码，这不是巧合 - 使用固定的IV意味着您的邮件的初始部分实际上只是使用替换，一次一个块。

Frequency analysis is how simple substitution ciphers are broken, and this is no coincidence - using a fixed IV means that the initial portion of your messages are effectively just using substitution, a block at a time.

这篇关于对于AES CBC加密，IV的重要性是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！