在CBC中用相同的IV加密两个相同的明文消息会产生相同的密文吗?
根据我的理解,第一个块与IV进行异或,然后每个后续块与前一个进行异或。 这是否意味着使用相同的IV和相同的消息,每个块将被加密到同一个东西? 我理解使用可预测或不变的IV进行加密是一件非常糟糕的事情,我想知道为什么 - 是因为攻击者可以建立已知消息的“书”,或者因为我们让第一个块容易受到攻击频率检查?
谢谢
Will encrypting two identical plaintext messages with AES in CBC with the same IV yield the same ciphertext?
From my understanding the first block is XOR'd with the IV, and then each subsequent block with the previous. Does this mean that with the same IV and identical messages that every block will be encrypted to the same thing? I understand using a predictable or non-changing IV for encryption is a very bad thing to do, and I am wondering why - is it because attackers can build up a "book" of known messages, or because we leave the first block vulnerable to frequency checks?
Thanks
最满意答案
如果你两次都使用相同的键,那么是的,你会获得相同的输出。 如果你使用不同的键,那么你将得到不同的输出(你用当前块对前一个块进行异或,然后加密结果以产生一个密文块)。
然而,这通常没什么帮助。 使用像CBC这样的东西的一个基本原因是避免消息中的重复,即使它们包含相同的数据并且你继续使用相同的密钥(当然,它也有用,它也避免了单个消息中的模式) 。 更改IV会使每条消息保持唯一(即使某些明文内容是可预测的),而不需要为每条消息分配新密钥的所有工作(这通常会相对痛苦)。
If you use the same key both times, then yes, you'd get identical output. If you use a different key, then you'd get different output (you XOR the previous block with the current block, but then you encrypt the result to produce a block of ciphertext).
That, however, is generally of little help. One of the basic reasons for using something like CBC is to avoid repetition among messages even if they contain the same data and you continue to use the same key (though of course, it's also useful that it avoids patterns within a single message as well). Changing the IV keeps each message unique (even if some of the plaintext content is predictable) without going to all the work of distributing a new key for every message (which would generally be relatively painful).
更多推荐
发布评论