On Fri, Jul 30, 2004 at 11:43:31 +0200, Daniel Struck <struck.d@xxxxxxxxxxxxxxxx> wrote: > > IVs act to make the key appear longer. This is especially useful when humans > > are picking passphrases that are used to generate the key. If you control > > what the actual keys are, then you can make dictionary attacks impractical. > > However, there still would be the problem that identical items in the > > database would be identical. Which, depnding on your application, might > > be a problem because of information leakage. I should have stated the above a bit differently. IVs are probably more used to prevent the information leakage from have the same plain text encode to the same cipher text when using the same, then for protecting users from using poorly chosen keys. > I don't think this is true for CBC mode. Here the first block of plaintext is XORed with the IV then encrypted with a block ciper like AES for example. The next plaintext block is than XORed with the previous cyphertext and so on. In the context of records in a database you aren't (at least not normally) going to treat multiple records as part of the same cipher stream, so that using various types of block chaining over say a whole table isn't going to happen. > In my application I do use a different IV for every encrypted plaintext: That is certainly a reasonable approach, though there may be cases where it is useful to trade some information leakage for the ability to use indexes while doing all decryption on the client.