| |
 |
|
|
Science Forum Index » Cryptography Forum » Purpose and generation of initialization vector
Page 1 of 1
|
| Author |
Message |
| Goh, Yong Kwang |
 Posted: Sun Dec 28, 2003 8:59 am |
|
|
|
Guest
|
My understanding of encryption is limited and I understand that
basically for a symmetric encryption, an encryption algorithm is
applied to plaintext with the password/passphrase/key to produce the
ciphertext.
But on reading up more on some algorithm like DES and Blowfish, I came
across modes like Electronic Code Book (ECB) and Cipher Block Chaining
(CBC).
The only thing I notice is that ECB seems to be easier to implement
while CBC requires an Initialization Vector (IV).
What are the differences between CBC and ECB?
And what is the purpose of the IV for CBC?
Why doesn't ECB mode needs one?
How do we initialize the IV? Do we fill it in with random
numbers/bytes from any cryptographically secure random number
generator? |
|
|
| Back to top |
|
| Tom St Denis |
| Posted: Sun Dec 28, 2003 10:12 am |
|
|
|
Guest
|
"Goh, Yong Kwang" <gohyongkwang@hotmail.com> wrote in message
news:354933d6.0312280559.6f2a6b32@posting.google.com...
Quote: My understanding of encryption is limited and I understand that
basically for a symmetric encryption, an encryption algorithm is
applied to plaintext with the password/passphrase/key to produce the
ciphertext.
But on reading up more on some algorithm like DES and Blowfish, I came
across modes like Electronic Code Book (ECB) and Cipher Block Chaining
(CBC).
There are also OFB, CFB and CTR modes in popular use. I'd recommend CTR
over the rest of them myself...
Quote: The only thing I notice is that ECB seems to be easier to implement
while CBC requires an Initialization Vector (IV).
ECB is the block cipher itself. CBC is applied to the cipher itself.
Quote: What are the differences between CBC and ECB?
Security. One is strong against replay attacks.
Quote: And what is the purpose of the IV for CBC?
See above.
Quote: Why doesn't ECB mode needs one?
ECB mode is just the block cipher itself [think of the cipher as a box, ECB
is just the box, CBC is the box with a feedback mechanism].
Quote: How do we initialize the IV? Do we fill it in with random
numbers/bytes from any cryptographically secure random number
generator?
Normally.
Tom |
|
|
| Back to top |
|
| Tim Smith |
| Posted: Sun Dec 28, 2003 11:08 am |
|
|
|
Guest
|
In article <354933d6.0312280559.6f2a6b32@posting.google.com>, Goh, Yong
Kwang wrote:
Quote: What are the differences between CBC and ECB?
Suppose you have an encryption algorithm that operates on blocks 16 bytes
long (128 bits). In ECB mode, you split your message into 16 byte chunks,
encrypt each one, and send them.
Suppose your message in, say, a banking system, to transfer money from one
account to another looked like this, before encryption:
header (16 bytes)
source account number (16 bytes)
destination account number (16 bytes)
amount to transfer (5 bytes)
With ECB, you'd pad the total message out to 64 bytes, and split it into 4
blocks of 16 bytes, and encrypt each separately. So, each message becomes:
encrypted header
encrypted source account
encrypted destination account
encrypted amount
Someone spying on that data stream could learn a lot. Suppose I transfer a
certain amount of money from account #1 to account #2. The spy sees four
blocks go by. Call them A B C D. Later, I transfer the same amount from
account #2 to account #3. The spy sees four blocks: E C F D.
Even worse, if the spy is able to tamper with the data, he can do very bad
things. The spy transfers some money to his account, and sees what blocks
go buy. That gives him the encryption for his account number and for that
amount. Now we can use those blocks to replace the destination account and
amount on other transactions.
In many applications, this ability of an attacker to recognize when two
different messages encrypted with the same key have parts in common, and to
even make meaningful changes to those parts, is a very bad thing. The
purpose of many of the modes you'll see, such as CBC, is to overcome those
problems.
The different modes have different characteristics with regard to things
like what kind of errors show up in the decrypted message if the attacker
modifies encrypted blocks in various ways. Most books on cryptography
should explain the pluses and minuses of the various modes.
The general way they do this is by making each encrypted block of a message
depend somehow on previous blocks, so that if two different messages happen
to contain the same block, it will encrypt different. That stops the
attacker from easily seeing when messages have something in common, and from
making easy changes to the message.
However, what happens if two messages *start* with the same block? There
are no previous blocks, so they will encrypt the same way. That can be
quite a problem in some applications. In fact, if the messages start with
the same block sequence, all those blocks will encrypt the same way.
The general purpose of an IV is to prevent that. Basically, it serves as
the "previous blocks" for the first block.
....
Quote: How do we initialize the IV? Do we fill it in with random numbers/bytes
from any cryptographically secure random number generator?
In most modes, the IV doesn't need to be kept secret, so there is no need to
use a secure random number generator. You need the same IV on the
decryption side, and you need to change the IV for each message, so the
usual thing to do is transmit the IV before the first block of the message,
so the attacker is going to see the IV. The main thing is that you don't
want to reuse IVs when encrypting with a given key.
--
--Tim Smith |
|
|
| Back to top |
|
| David A. Scott |
| Posted: Sun Dec 28, 2003 12:40 pm |
|
|
|
Guest
|
gohyongkwang@hotmail.com (Goh, Yong Kwang) wrote in
news:354933d6.0312280559.6f2a6b32@posting.google.com:
Quote: My understanding of encryption is limited and I understand that
basically for a symmetric encryption, an encryption algorithm is
applied to plaintext with the password/passphrase/key to produce the
ciphertext.
But on reading up more on some algorithm like DES and Blowfish, I came
across modes like Electronic Code Book (ECB) and Cipher Block Chaining
(CBC).
The only thing I notice is that ECB seems to be easier to implement
while CBC requires an Initialization Vector (IV).
What are the differences between CBC and ECB?
The diffence it every time you have the same set of
plaintext characters in a block they have the same ciphertext
for the output block. One could possible build a dictionary
over time it this used for many codes thats why ECB is not
used to often.
Quote: And what is the purpose of the IV for CBC?
The purpose is so that if you ecnrypt the same
file several times if you use a different IV it will
look different. Hoever if you key is lost use the wrong
IV only effects one block of dat rest would decrypt the same.
Quote: Why doesn't ECB mode needs one?
You could put one in but it has no effect on trailing
blocks not matter with the IV is
Quote:
How do we initialize the IV? Do we fill it in with random
numbers/bytes from any cryptographically secure random number
generator?
That the hard one make it as random as you can.
I noticed I answered another one of your posts. And suggest you
use BICOM. However BICOM assumes a given IV so that if same file
encrypted twice you get same output. If you wish to randomize
the output the easy way is just add some random string to front
say 20 character. Every time you encrypt change the 20 characters
when you recieve a message from decryption you just ignore the
first 20 characters. If the total message decrypted is 20 or less
than the null message was encrypted.
David A. Scott
--
My Crypto code
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott16u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link" |
|
|
| Back to top |
|
| Michael Amling |
| Posted: Sun Dec 28, 2003 2:02 pm |
|
|
|
Guest
|
Tim Smith wrote:
Quote: In article <354933d6.0312280559.6f2a6b32@posting.google.com>, Goh, Yong
Kwang wrote:
[snip]
How do we initialize the IV? Do we fill it in with random numbers/bytes
from any cryptographically secure random number generator?
In most modes, the IV doesn't need to be kept secret, so there is no need to
use a secure random number generator. You need the same IV on the
decryption side, and you need to change the IV for each message, so the
usual thing to do is transmit the IV before the first block of the message,
so the attacker is going to see the IV. The main thing is that you don't
want to reuse IVs when encrypting with a given key.
In some modes, the attacker must not be allowed to choose the IV. In
some modes (OCB comes to mind.) it's safe to let an attacker choose the
IV (called nonce in OCB).
--Mike Amling |
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Sat Nov 22, 2008 7:52 pm
|
|