兰德应该用于静脉注射吗?
[英]Should rand be used for an IV?
问题描述
CBC mode for AES specifies that to make each message unique, an IV should be used. 
AES的CBC模式指定为使每个消息唯一,应使用IV。 The IV should be random and only used once, otherwise it may allow people to decrypt other cipher texts which used the same key. IV应该是随机的,并且只能使用一次,否则它可能使人们可以解密使用相同密钥的其他密文。
Is the rand() function in C suitable for generating this IV? C中的rand()函数是否适合生成此IV? Does the fact that it is normally seeded with the current time make it vulnerable to some sort of attack? 它通常是当前时间播种的事实是否使它容易受到某种攻击?
1 个解决方案
解决方案1
2 已采纳 2017-07-17 06:23:42
The quick answer is NO . 快速答案是“ 否” 。 Don't use a non cryptographically-secure random generator for initialization vectors. 请勿将非密码安全的随机生成器用于初始化向量。 The initialization vectors are sent unencrypted, so one could think they can be generated by one of these functions. 初始化向量未加密地发送,因此可以认为它们可以由这些函数之一生成。 But this should lead to weakness, and I'll explain: If you use a poor (and rand() is such a weak random routine) you'll narrow the space of possible IVs you are generating. 但这会导致缺点,我将解释:如果您使用差的(并且rand()是这样的弱随机例程),则会缩小生成的可能IV的空间。 An example will suffice: 一个例子就足够了:
Let's suppose you are using a 8 bytes IV in some encrypted message. 假设您在某些加密消息中使用8字节IV。 But the random function you use has a 8 bit seed, there are only 256 possible byte sequences to be generated from such a poor random function, so probably there will be only a maximum of 256 possible IVs generated (even if they show pure randomness, or a wide spread hash values over the whole space) An attacker knowing this, can reproduce the whole 256 space of possible IV making them completely useless. 但是您使用的随机函数有一个8位种子,从这种不良的随机函数中只能生成256个可能的字节序列,因此大概最多只能生成256个IV(即使它们表现出纯随机性,或知道散列值散布在整个空间上)攻击者知道这一点后,便可以复制可能的IV的整个256个空间,从而使它们完全无用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.