将 IV 与密文一起发送,安全吗?

Sending IV along with cipher text, safe?(将 IV 与密文一起发送,安全吗?)
本文介绍了将 IV 与密文一起发送,安全吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

关于 IV 生成、加密和在发送方和接收方之间共享 IV 方面存在很多问题,但我想就从发送方向接收方发送 IV 的最佳方式发表明确的帖子.

There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.

从到目前为止我看到的所有帖子中,我不确定通过将 IV 附加到密文中来以明文"形式发送 IV 是否安全.所以第一个问题是,这样做安全吗?

From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "plaintext" by prepending it to the cipher text. So the first question is, is it safe to do so?

其次,在通过消息交换进行通信时,是否有更安全的方式在发送方和接收方之间共享 IV?

Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?

干杯

推荐答案

是的,以明文形式发送 IV 是安全的.以下是原因的证明":

Yes, it is safe to send the IV in the clear. Here is the 'proof' of why:

以CBC模式为例:

您可以看到一个块的密文与下一个块的明文进行了异或运算.我们需要 IV 的原因是因为在第一个块上,没有以前的密文可以使用.如果将 IV 保密存在安全风险,那么之后的每个块都会存在安全风险,因为密文与 IV 的作用相同.

You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.

话虽如此,但你需要确保你对它进行 MAC 处理.根据您如何处理消息身份验证代码,篡改 IV 的人可能会篡改解密时生成的明文.单独的加密不能提供消息的完整性.

That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.

另外,对于 IV 生成,这取决于您的要求.但大多数情况下,您的 IV 需要是随机且不可预测的.

Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.

这篇关于将 IV 与密文一起发送,安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

c# Generic Setlt;Tgt; implementation to access objects by type(按类型访问对象的C#泛型集实现)
InvalidOperationException When using Context Injection in ASP.Net Core(在ASP.NET核心中使用上下文注入时发生InvalidOperationException)
quot;Overflowquot; compiler error with -9223372036854775808L(编译器错误-9223372036854775808L(Q;溢出Q))
Visual Studio 2010 ReportViewer Assembly References(Visual Studio 2010 ReportViewer程序集引用)
Weird behaviour when I open a reportviewer in WPF(在WPF中打开报表查看器时出现奇怪的行为)
how do i pass parameters to aspnet reportviewer(如何将参数传递给aspnet report查看器)