libgcrypt - Initialization Vector
Brad Hards
bradh at frogmouth.net
Thu Apr 28 23:53:36 CEST 2005
On Fri, 29 Apr 2005 03:38 am, Tod Thomas wrote:
> I wrote two seperate programs using libgcrypt, one to perform encryption
> and one to perform decryption. Whan I pass a string to the encryption
> module and then pipe its output to the decryption module I get the
> correct value returned - as long as the IV is the same.
This is the correct usage.
> Once I change the IV in one I no longer get the correct, decrypted
> string back. I discovered this because I decided to make my IV a truly
> random value by using the output of gcry_randomize to set it and that
> failed.
This is the intended behaviour. As Moritz explained, the ciphertext is a
function of the plain text, the key and the IV. The IV is intended to protect
from the case when you use the same key over and over, and you might encrypt
the same plaintext. In this case, if you don't have a salt/IV anyone who can
see the ciphertext knows that it the plaintext. IV also makes dictionary
attacks much harder.
> My question then is if the IV should behave as the documentation
> suggests why isn't my test working? I suspect I have misunderstood
> something in the reading or in my implementation, just not sure what.
>
> I'll be happy to provide more details upon request.
Can you tell me which part of the documentation led you think it might be OK
to use a different IV for encryption and decryption? I can take a look at
it, and perhaps propose some changes.
Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050429/6fc37a84/attachment.pgp
More information about the Gcrypt-devel
mailing list