Encryption: Use of initialization vector vs key?

前端 未结 4 774
半阙折子戏
半阙折子戏 2021-02-05 08:24

I am using PHP\'s mcrypt library and the AES-256 (rijndael) algorithm, which requires both a key + initialization vector to run.

My logical br

4条回答
  •  囚心锁ツ
    2021-02-05 09:10

    If you're using the EBP mode of the block cipher, or most of the stream ciphers, identical key+IV combinations on different plaintexts will offer the attackers a direct view on the XOR result of the key. This by extension reveals the key itself and to some extent the password.

    But do I mean IVs are definitely necessary? No. As long as you change your password each and every time on your next plaintext block(even the same block the second time), you're completely fine without IVs. In fact, all that an IV does is the automation of the above process.

提交回复
热议问题