[openssl-users] AES-256 Do I need random IV?
Yaşar Arabacı
yasar11732 at gmail.com
Thu Apr 27 12:52:33 UTC 2017
Hello Again,
Sorry, I should have explained myself better. I am using AES-256 in
CBC mode. I am getting a string as a password, and using
PKCS5_PBKDF2_HMAC_SHA1 function to generate 256 bit key and 128 bit
IV. I was wondering if generating and IV like this is necessary, or
can I just use a constant IV value with every encryption.
Here is my actual test code in C;
#define SZ_SALT 16 /* 128 bit salt */
#define NUM_ITER 1000
#define SZ_KEY 32 /* 256 bits */
#define SZ_IV 16 /* 128 bits */
#define SZ_GENERATED (SZ_KEY+SZ_IV)
/* +1 for null terminator */
unsigned char key[SZ_KEY+1];
unsigned char iv[SZ_IV + 1];
char *password = "ThisMyPass";
char *data = "This is important data to be encrypted";
unsigned char salt[SZ_SALT];
RAND_bytes(salt, SZ_SALT);
unsigned char generated[SZ_GENERATED];
if (PKCS5_PBKDF2_HMAC_SHA1(password, -1, salt, SZ_SALT, NUM_ITER,
SZ_GENERATED, &generated[0]) == 0)
{
exit(1);
}
memcpy(key, generated, SZ_KEY);
key[SZ_KEY] == '\0';
memcpy(iv, (unsigned char *)generated + SZ_KEY, SZ_IV);
iv[SZ_IV] = '\0';
2017-04-27 15:34 GMT+03:00 Salz, Rich via openssl-users
<openssl-users at openssl.org>:
>> For AES-256 encryption, should IV be random? I am already using a random
>> salt, so I was wondering if IV should be random too.
>
> It should be non-repeating. It can just be a counter.
>
> (Yes, I know OP didn't ask about AESGCM. But if they're coming here for advice ... )
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
http://ysar.net/
More information about the openssl-users
mailing list