Re: AES-256 Do I need random IV?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Again,

Sorry, I should have explained myself better. I am using AES-256 in
CBC mode. I am getting a string as a password, and using
PKCS5_PBKDF2_HMAC_SHA1 function to generate 256 bit key and 128 bit
IV. I was wondering if generating and IV like this is necessary, or
can I just use a constant IV value with every encryption.


Here is my actual test code in C;

#define SZ_SALT 16 /* 128 bit salt */
#define NUM_ITER 1000

#define SZ_KEY 32 /* 256 bits */
#define SZ_IV 16 /* 128 bits */

#define SZ_GENERATED (SZ_KEY+SZ_IV)

/* +1 for null terminator */
unsigned char key[SZ_KEY+1];
unsigned char iv[SZ_IV + 1];

char *password = "ThisMyPass";
char *data = "This is important data to be encrypted";

unsigned char salt[SZ_SALT];
RAND_bytes(salt, SZ_SALT);

unsigned char generated[SZ_GENERATED];

if (PKCS5_PBKDF2_HMAC_SHA1(password, -1, salt, SZ_SALT, NUM_ITER,
SZ_GENERATED, &generated[0]) == 0)
{
exit(1);
}

memcpy(key, generated, SZ_KEY);
key[SZ_KEY] == '\0';

memcpy(iv, (unsigned char *)generated + SZ_KEY, SZ_IV);
iv[SZ_IV] = '\0';


2017-04-27 15:34 GMT+03:00 Salz, Rich via openssl-users
<openssl-users@xxxxxxxxxxx>:
>> For AES-256 encryption, should IV be random? I am already using a random
>> salt, so I was wondering if IV should be random too.
>
> It should be non-repeating.  It can just be a counter.
>
> (Yes, I know OP didn't ask about AESGCM.  But if they're coming here for advice ... )
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
http://ysar.net/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux