All geek questions in one place

Using Constant IV with One-Block Encryption

I have many little secrets that I want to keep encrypted in the database. The database client will have keys, and the database server will not handle encryption and decryption. All my secrets are 16 bytes or less, which means only one block when using AES. I use the IV constant (and key) to do the encryption decryption, and my reason for doing deterministic encryption is the ability to easily query the database using encrypted text and make sure that the same secret is not saved twice (by creating a UNIQUE column). As far as I can see, there should be no problem with this if the key is secret. But I want to be sure: am I right or wrong? If I am mistaken, what attacks can be made?

By the way: hashes are completely useless due to the relatively small number of possible plaintexts. With a hash, it would be trivial to get the source text.

+3
source share
3 answers

An ideal cipher for messages of length n bits is a permutation of sequences of 2 n n bits randomly selected in 2 n ! such permutations. A “key” is a description of which permutation was selected.

A secure block cipher should be indistinguishable from an ideal cipher, with n being the block size. For AES, n = 128 (i.e. 16 bytes). AES is assumed to be a secure block cipher.

16 ( 16 , , 16 ), - , , AES " " , AES, , , ECB CBC IV.

, IV, , CBC, . AES 16- ( , ): - . 16 ( , ), "" AES; IV AES.

, :

  • , . . , - ( ). ? ?

  • , . ( , , , , ). : , , ? ? , , ( , "", , ).

+8

, IV , Reflector, , . , . MSIL, ; , .

0

Static IV will make your implementation vulnerable to frequency attacks. See For AES CBC encryption, what is the value of IV?

0
source

Source: https://habr.com/ru/post/1796336/

More articles:


All Articles