Charles B Cranston wrote:
>Perhaps one way to think of the IV is that it is part of the key.
>That is, the IV and key are used to encrypt, and then the (same) IV
>and the (same) key can decrypt.
>
IOW I could hard-code the IV into my source code, or use one supplied by
the user at build time (as with the key). As long as they're both the
same for the encrypt as for the decrypt then it'll work.
(And by the same token, the PKCS5_pbe2_set() function is definitely no
good for me because the IV won't be the same each time.)
>It's just that if the IV is sent
>in clear text ("included in the structure...") then it is not secret.
>
I don't think that this is an issue for me -- nothing's being "sent"
anywhere. The IV would be as secret as the key in either of the above
scenarios.
>One popular algorithm is to use MD5 to make a 128 bit hash of a
>password string, then use 64 bits of it as an IV and the other 64
>bits of it as a DES key. So the IV and the key are innately related.
>Of course you could use the first and second 64 bits of an SHA1 hash
>just as well. In these cases, the IV can be regenerated from the
>password string at decrypt time, as long as it is the same string :-)
>
I assume that this is the sort of thing that the
PKCS5_PBKDF2_HMAC_SHA1() function is doing, except that it only seems to
output a key, not an IV as well. Am I missing something here?
Is there any function in OpenSSL to generate a key+IV from some given
data (in my case, the "key" supplied by the user), or do I have to
resort to hard-coding an IV or asking the user for that too?
>IV is used in "cipher block chaining", that is, the output from block
>N is used as part of the input for block N+1, and the IV is the
>initial shift in at the very beginning:
>
> clear clear clear
> block 1 block 2 block 3
> | | |
> v v v
> +--+--+ +--+--+ +--+--+
>IV ->| DES +---->+ DES +---->+ DES +---
> +--+--+ +--+--+ +--+--+
> | | |
> v v v
> cipher cipher cipher 3
> block 1 block 2 block 3
>
>You can find a diagram like this in any good book on encryption..
>Look under "Cipher Block Chaining". So, given that you are doing
>chaining, the IV supplies the "startup value" for the chain.
>
Thanks for the info!
- Steve
------------------------------------------------
Radan Computational Ltd.
The information contained in this message and any files transmitted with it are
confidential and intended for the addressee(s) only. If you have received this
message in error or there are any problems, please notify the sender immediately. The
unauthorized use, disclosure, copying or alteration of this message is strictly
forbidden. Note that any views or opinions presented in this email are solely those
of the author and do not necessarily represent those of Radan Computational Ltd. The
recipient(s) of this message should check it and any attached files for viruses: Radan
Computational will accept no liability for any damage caused by any virus transmitted
by this email.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
