初始化向量的特性 [英] Characteristics of an Initialization Vector
问题描述
我绝不是一个密码专家,我一直在阅读关于Stack Overflow和维基百科的几个问题,但没有什么是真正的'明确'定义一个IV及其用法。
I'm by no means a cryptography expert, I have been reading a few questions around Stack Overflow and on Wikipedia but nothing is really 'clear cut' in terms of defining an IV and its usage.
我发现的点:
- IV加在明文信息前面,
- IV是真正随机的
- 每封邮件都有自己独特的IV
- 时间戳和加密哈希
- WEP(在802.11中)的一个弱点是,IV将在一个时间段之后重置特定数量的加密,因此重复IV
- An IV is prepended to a plaintext message in order to strengthen the encryption
- The IV is truely random
- Each message has its own unique IV
- Timestamps and cryptographic hashes are sometimes used instead of random values, but these are considered to be insecure as timestamps can be predicted
- One of the weaknesses of WEP (in 802.11) is the fact that the IV will reset after a specific amount of encryptions, thus repeating the IV
我确定有很多任何人都可以想到任何其他特性,我错过了?
I'm sure there are many other points to be made, can anyone think of any other characteristics which I've missed?
推荐答案
IV是影响加密过程的公共值。 IV的要点通常是随机化输入数据,以避免泄露关于哪些输入块在明文中是相同的信息(因为相同的块在现实生活数据中发生很多)。
An IV is "a public value which impacts the encryption process". The point of the IV is often to "randomize" the input data to avoid leaking information about which input blocks were identical in the plaintext (because identical blocks happen quite a lot in "real-life" data).
IV是通过预挂起还是以其他方式输入取决于使用它的算法。对于具有CBC模式中的块密码的对称加密,IV被预先提供给加密的数据(CBC对于每个块使用先前的加密块; IV起加密块的作用-1)。
Whether the IV is input by pre-pending it or otherwise depends on the algorithm in which it is used. For symmetric encryption with a block cipher in CBC mode, the IV is pre-pended to the encrypted data (CBC uses, for each block, the previous encrypted block; the IV plays the role of the encrypted block -1).
IV不同于密钥,因为密钥是秘密的,而IV不需要秘密; IV通常沿着加密消息传输。相反,IV对于每个消息必须是不同的,而密钥可以被重用。实际上,对于用相同的密钥加密的每个消息,IV必须是不同的 ;如果你为每个消息使用一个新的密钥,那么你可以使用一个常量,固定的IV。请注意,IV 不需要是秘密的,但如果您愿意,可以将其保密。但是发送者和接收者必须在IV上达成一致,并且由于每个消息的IV改变,所以在一些设置中可能不方便保持IV秘密。
An IV is distinct from a key in that a key is secret whereas the IV needs not be secret; the IV is often transmitted along the encrypted message. Conversely, the IV must be distinct for every message, whereas the key may be reused. Actually, the IV must be distinct for every message encrypted with the same key; if you use a new key for every message then you can use a constant, fixed IV. Note that the IV needs not be secret, but you can keep it secret if you wish. But the sender and the receiver must agree on the IV, and since the IV changes for every message then it can be inconvenient, in some setups, to keep IV secret.
IV是否必须是均匀随机的,或者仅仅是非重复的,取决于算法。 CBC需要随机IV。其他模式较不挑剔。 GCM。您可以使用正确的单向函数从主密钥导出密钥和。这是SSL的作用。
Whether the IV must be uniformly random, or simply non-repeating, depends on the algorithm. CBC requires a random IV. Other modes are less picky, e.g. GCM. You may derive the key and the IV from a "master key", using a proper one-way function. This is what SSL does. It is more tricky that it seems, do not try it at home.
重复IV是WEP的众多罪恶之一。
Repeating the IV is one of the numerous sins of WEP.
这篇关于初始化向量的特性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
