tags:

views:

234

answers:

4
+1  Q: 

Does IV work like salt

In AES, my understanding is salt is the stuff to make the passphrase more secure and it wont be added into encypted text. But IV is the stuff used to encypt first block of message and will be added into encypted text.

Do I get anything wrong? Many Thanks.

A: 

It´s different things...

The first link contains an excellent description
http://www.windows-tech.info/15/8688788177772d3e.php
http://stackoverflow.com/questions/1905112/passphrase-salt-and-iv-do-i-need-all-of-these

Jens Granlund  2009-12-22 22:40:31
A: 

No. The IV prevents otherwise-identical messages from appearing the same. This would leak information, specifically, the fact that you're transmitting the same message more than once.

Peter  2009-12-22 22:40:52
+1  A: 

I don't quite follow what you are saying, but here is an overview.

Salts are used in cryptographic hashing in order to eliminate the rainbow table method of cracking. (A rainbow table being a reverse lookup table of hashes to passwords)

IVs are used in encryption of larger files to avoid similar sections from encrypting to the same thing.

They are extremely similar, but here are the differences.

Salts are typically added before or after what they are encrypting (to my knowledge). This means that the encryption is also performed on the salt.

IVs are always XORed with the result of the encryption. The reason it is done afterwords is because only the first chunk uses the IV, the rest use the previous chunk for this XORing.

The distinction is important because a salt that is XORed with the encrypted form of a password is easily broken, and IVs are designed to stop pattern recognition style attacks versus the dictionary attacks of password files.

Guvante  2009-12-22 22:44:54
+1  A: 

AES itself does not directly use a salt (or indeed, an IV).

A situation when you might use a salt in combination with AES is when you are using Password Based Encryption (PBE). In this scheme, a human-memorizable password is used, in combination with a salt, to generate an AES key. A salt is used so that the same password does not always generate the same key; however, because the recipient must be able to generate the correct key, the salt must be transmitted along with the encrypted data.

An IV is required if you are using AES in certain block cipher modes, like CBC. In this case, it used to ensure that the same plaintext data under the same key does not always encrypt to the same ciphertext. Again, the IV is required by the recipient to correctly decrypt the data, so it must be transmitted along with the encrypted data.

So, if you are using PBE with AES in CBC mode as the underlying cipher, you would expect to have to send both a PBE salt and a CBC IV along with the encrypted data.

caf  2009-12-23 04:22:47
If bothe salt and IV sent with encrypted data, what's the point to have them? Cause attacker can get salt and IV easily from the data, then the only job is to get passphrase, which isnt the same as the method without salt and IV?
Kelvin  2009-12-23 22:16:58
Read my response carefully again. The salt is used **so that the same password does not always generate the same key** - this means, among other things, that an attacker cannot offline build a dictionary of passwords-to-keys. An IV similarly ensures that the **same plaintext does not produce the same ciphertext** - this means that an attacker can't build up a set of cribs. These do not *stop* bruteforce attacks (you cannot do that) - but they maximise the time/memory required for a bruteforce attack, and effectively prevent some precomputations.
caf  2009-12-23 22:27:59
Thank you for ur quick response.My understanding is a cryption without salt and IV will be something like equation f(data) = x(passphrase)And the one with salt and IV will be f(data) = x + y(salt) + z(IV)You get y and z, then the 2nd equation will be the same as 1st one.Anything I misunderstood here?
Kelvin  2009-12-23 22:47:56
Yes, what you've misunderstood is that the second equation is actually `X'(data, passphrase, salt, IV)` - the effect of the salt and IV can't be factored out separately.
caf  2009-12-23 23:04:20
BTW, some ppl mentioned IV could be public but salt must be kept in secure. How could you transmit salt with ciphertext then? Cause transmitting it with cipertext will make it public?
Kelvin  2009-12-23 23:50:17
The salt under PBE does not need to be kept secure (and can't be, because the legitimate recipient needs it to be able to reconstruct the key). Just make sure you pick the salt randomly, and pick a new one each time you start a new encryption session.
caf  2009-12-23 23:59:37

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords