tags:

views:

64

answers:

1
+1  Q: 

Encryption: how to have 1 iv despite multiple fields

I've been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I'm encrypting an address and I have it stored all in a single field, I need a single iv for this. But if I have the address spread over multiple fields, I need several ivs, one for each field. This is a problem.

Is there a way to encrypt multiple fields (all in the same row/record) with a single iv, while maintaining the individuality of the fields? The goal is to have a single iv per record.

What I was thinking about doing was something like this

//get input for fields 1-5

//encrypt them, so that each one has its iv appended to it
$field1_enc = encr($field1);
$field2_enc = encr($field2);
$field3_enc = encr($field3);
$field4_enc = encr($field4);
$field5_enc = encr($field5);

//then store them individually in the database

How do I encrypt all fields with a single key? Then what happens when I want to edit any of those fields? (my guess is I'd have to un-ecrypt, then re-encrypt with a new iv). But the main question is aside from the concept, I don't understand how to programmatically get this done, i.e. encrypting all fields with a single iv

+2  A: 

IV needs to be unique but doesn't have to unpredictable or secret. Why don't you create a random number as base of IV for each record. Adding 1 to the base and use it as IV for field 1, adding 2 for field 2 ...

EDIT: Here are some implementation details,

Create a column for iv_base, which is simply a random number,

$iv_base = random();

When you encryt or decrypt the fields, use this function to create IV,

function get_iv($base, $size, $seq) {
    $remaining = $size;
    $round = 0;
    $iv = '';
    while ($remaining != 0) {
        $d = md5($base . $seq . $round, true);
        $len = min($remaining, 16);
        $iv .= substr($d, 0, $len);
        $remaining -= $len;
        $round++;
    }
    return $iv;
}

$base is the random number you stored in the database. $size is the IV size. $seq is the number you assigned for each field. You can use field name also.

ZZ Coder  2009-11-06 14:33:08
Good point. But what do you mean by adding 1, 2, 3, etc.? The iv generated is a base64 encoded string. It was initially generated from MCRYPT_DEV_RANDOM, then passed to `mcrypt_enc_get_iv_size` to get the right size for this cipher, then passed to `mcrypt_create_iv`, then the base64 encoding that yielded something like this `Vi6emRmemexY=` So if I consider that my base, how am I supposed to **add** 1,2,3,etc. I don't suppose you mean simple concatenation, because that won't produce a matching `mcrypt_enc_get_iv_size` when decoded. Please clarify :)
Chris  2009-11-06 17:07:07
See my edits ........................
ZZ Coder  2009-11-06 18:40:30
I saw it now, will give it a try and get back
Chris  2009-11-06 19:13:55

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases