Does IV really need to be encrypted? #5
Comments
|
I've done more research and while there are some who suggest that for authentication purposes, making the IV a secret can be helpful, the best information I see indicates that the symmetric cbc cypher is no less secure for the initialization vector being in the clear. Of course, having the IV encrypted to the secret key doesn't normally (in current Strongbox usage) present a practical problem, it does in fact become a practical problem if we wish to use a symmetric-only encryption (using a key that's not always- available) if the private key is unavailable at the moments when the symmetric key is ready for decrypting the ciphertext. I will provide a patch in the hopes it's acceptable. Randy |
|
My fork has the ability to store IV's without encryption. |
According to this article http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
the IV doesn't to be secret; instead, it should only be ensured that the IV isn't re-used with the same key. Since you do generate a random key already, then it should be fine to record the IV without need for encrypting it.
Of course, backward compatibility is an issue with that. There would need to be an option to indicate unencrypted IV's - that, or a marker on the IV to indicate that it's cleartext.
Thoughts?
Randy
The text was updated successfully, but these errors were encountered: