問題描述

關(guān)于 IV 生成、加密和在發(fā)送方和接收方之間共享 IV 方面存在很多問題，但我想就從發(fā)送方向接收方發(fā)送 IV 的最佳方式發(fā)表明確的帖子.

There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.

從到目前為止我看到的所有帖子中，我不確定通過將 IV 附加到密文中來以明文"形式發(fā)送 IV 是否安全.所以第一個(gè)問題是，這樣做安全嗎?

From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "plaintext" by prepending it to the cipher text. So the first question is, is it safe to do so?

其次，在通過消息交換進(jìn)行通信時(shí)，是否有更安全的方式在發(fā)送方和接收方之間共享 IV?

Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?

干杯

推薦答案

是的，以明文形式發(fā)送 IV 是安全的.以下是原因的證明":

Yes, it is safe to send the IV in the clear. Here is the 'proof' of why:

以CBC模式為例:

您可以看到一個(gè)塊的密文與下一個(gè)塊的明文進(jìn)行了異或運(yùn)算.我們需要 IV 的原因是因?yàn)樵诘谝粋€(gè)塊上，沒有以前的密文可以使用.如果將 IV 保密存在安全風(fēng)險(xiǎn)，那么之后的每個(gè)塊都會(huì)存在安全風(fēng)險(xiǎn)，因?yàn)槊芪呐c IV 的作用相同.

You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.

話雖如此，但你需要確保你對(duì)它進(jìn)行 MAC 處理.根據(jù)您如何處理消息身份驗(yàn)證代碼，篡改 IV 的人可能會(huì)篡改解密時(shí)生成的明文.單獨(dú)的加密不能提供消息的完整性.

That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.

另外，對(duì)于 IV 生成，這取決于您的要求.但大多數(shù)情況下，您的 IV 需要是隨機(jī)且不可預(yù)測(cè)的.

Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.

這篇關(guān)于將 IV 與密文一起發(fā)送，安全嗎?的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！