Charles B Cranston wrote: >Perhaps one way to think of the IV is that it is part of the key. >That is, the IV and key are used to encrypt, and then the (same) IV >and the (same) key can decrypt. > IOW I could hard-code the IV into my source code, or use one supplied by the user at build time (as with the key). As long as they're both the same for the encrypt as for the decrypt then it'll work.
(And by the same token, the PKCS5_pbe2_set() function is definitely no good for me because the IV won't be the same each time.) >It's just that if the IV is sent >in clear text ("included in the structure...") then it is not secret. > I don't think that this is an issue for me -- nothing's being "sent" anywhere. The IV would be as secret as the key in either of the above scenarios. >One popular algorithm is to use MD5 to make a 128 bit hash of a >password string, then use 64 bits of it as an IV and the other 64 >bits of it as a DES key. So the IV and the key are innately related. >Of course you could use the first and second 64 bits of an SHA1 hash >just as well. In these cases, the IV can be regenerated from the >password string at decrypt time, as long as it is the same string :-) > I assume that this is the sort of thing that the PKCS5_PBKDF2_HMAC_SHA1() function is doing, except that it only seems to output a key, not an IV as well. Am I missing something here? Is there any function in OpenSSL to generate a key+IV from some given data (in my case, the "key" supplied by the user), or do I have to resort to hard-coding an IV or asking the user for that too? >IV is used in "cipher block chaining", that is, the output from block >N is used as part of the input for block N+1, and the IV is the >initial shift in at the very beginning: > > clear clear clear > block 1 block 2 block 3 > | | | > v v v > +--+--+ +--+--+ +--+--+ >IV ->| DES +---->+ DES +---->+ DES +--- > +--+--+ +--+--+ +--+--+ > | | | > v v v > cipher cipher cipher 3 > block 1 block 2 block 3 > >You can find a diagram like this in any good book on encryption.. >Look under "Cipher Block Chaining". So, given that you are doing >chaining, the IV supplies the "startup value" for the chain. > Thanks for the info! - Steve ------------------------------------------------ Radan Computational Ltd. The information contained in this message and any files transmitted with it are confidential and intended for the addressee(s) only. If you have received this message in error or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Radan Computational Ltd. The recipient(s) of this message should check it and any attached files for viruses: Radan Computational will accept no liability for any damage caused by any virus transmitted by this email. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]