java AES / CFB / NoPadding：加密相似数据时，结果也相似

Question

package com.game;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
public class MainTest5 {
    public static byte[] encrypt(String content, String key) {
        try {
            Cipher aesECB = Cipher.getInstance("AES/CFB/NoPadding");
            SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");
            IvParameterSpec ivSpec = new IvParameterSpec(key.getBytes());
            aesECB.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
            byte[] result = aesECB.doFinal(content.getBytes());
            return result;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
    public static void main(String[] args) throws UnsupportedEncodingException {
        System.out.println(new String(encrypt("1234567890123456", "1234567890123456"), "ISO_8859_1"));
        System.out.println(new String(encrypt("1234567890123457", "1234567890123456"), "ISO_8859_1"));
    }
}

I just want to encrypt some similar data and hope that the result is not similar, but the length must be the same. What can I do?

Answer 1

Your IV should not just re-use the key bytes. The whole point of the IV is to act as a 'seed' to ensure the ciphertext does not remain constant.

See wikipedia for more information.

Answer 2

If you want semantic security (that is what you're talking about here when you say you want vastly different ciphertexts for similar/same plaintexts), you need to use a random IV. The IV is not supposed to be secret, it only needs to be random to achieve this property.

SecureRandom r = new SecureRandom();
byte[] ivBytes = new byte[16];
r.nextBytes(ivBytes);

For the decryption to work, you need to provide the same IV again. Since it's not supposed to be secret you can send it along with the ciphertext. A common way is to prepend it to the ciphertext, since the IV is always 16 bytes long for AES.