[openssl-users] AES-256 Do I need random IV?

Yaşar Arabacı yasar11732 at gmail.com
Thu Apr 27 12:52:33 UTC 2017


Hello Again,

Sorry, I should have explained myself better. I am using AES-256 in
CBC mode. I am getting a string as a password, and using
PKCS5_PBKDF2_HMAC_SHA1 function to generate 256 bit key and 128 bit
IV. I was wondering if generating and IV like this is necessary, or
can I just use a constant IV value with every encryption.


Here is my actual test code in C;

#define SZ_SALT 16 /* 128 bit salt */
#define NUM_ITER 1000

#define SZ_KEY 32 /* 256 bits */
#define SZ_IV 16 /* 128 bits */

#define SZ_GENERATED (SZ_KEY+SZ_IV)

/* +1 for null terminator */
unsigned char key[SZ_KEY+1];
unsigned char iv[SZ_IV + 1];

char *password = "ThisMyPass";
char *data = "This is important data to be encrypted";

unsigned char salt[SZ_SALT];
RAND_bytes(salt, SZ_SALT);

unsigned char generated[SZ_GENERATED];

if (PKCS5_PBKDF2_HMAC_SHA1(password, -1, salt, SZ_SALT, NUM_ITER,
SZ_GENERATED, &generated[0]) == 0)
{
exit(1);
}

memcpy(key, generated, SZ_KEY);
key[SZ_KEY] == '\0';

memcpy(iv, (unsigned char *)generated + SZ_KEY, SZ_IV);
iv[SZ_IV] = '\0';


2017-04-27 15:34 GMT+03:00 Salz, Rich via openssl-users
<openssl-users at openssl.org>:
>> For AES-256 encryption, should IV be random? I am already using a random
>> salt, so I was wondering if IV should be random too.
>
> It should be non-repeating.  It can just be a counter.
>
> (Yes, I know OP didn't ask about AESGCM.  But if they're coming here for advice ... )
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
http://ysar.net/


More information about the openssl-users mailing list