tags:

views:

183

answers:

2
Q: 

How does the receiver of a cipher text know the IV used for encryption?

If a random IV is used in encrypting plain text, how does the receiver of the cipher text know what the IV is in order to decrypt it?

This is a follow-up question to a response to the previous stackoverflow question on IVs here.

The IV allows for plaintext to be encrypted such that the encrypted text is harder to decrypt for an attacker. Each bit of IV you use will double the possibilities of encrypted text from a given plain text.

The point is that the attacker doesn't know what the IV is and therefore must compute every possible IV for a given plain text to find the matching cipher text. In this way, the IV acts like a password salt. Most commonly, an IV is used with a chaining cipher (either a stream or block cipher). ...

So, if you have a random IV used to encrypt the plain text, how do you decrypt it? Simple. Pass the IV (in plain text) along with your encrypted text.

Wait. You just said the IV is randomly generated. Then why pass it as plain text along with the encrypted text?

+1  A: 

If a random IV is used in encrypting plain text, how does the receiver of the cipher text know what the IV is in order to decrypt it?

  1. The Wikipedia article on Initialization vectors provides several examples of ways to tell the receiver what the IV is.

Wait. You just said the IV is randomly generated. Then why pass it as plain text along with the encrypted text?

  1. If the IV is randomly generated (at encrypt time), then only the sender knows what it is. In order to decrypt the message, the receiver needs to know the IV too.
Dave Bacher  2010-03-13 00:14:56
+1  A: 

The answer that you quote is wrong. So don't worry if it does not make sense to you. IVs don't make breaking a ciphertext harder. IVs are ususlly just prepended to the ciphertext and hence known to a potential attacker.

The main reason to use IVs is to randomize the ciphertext. If you encrypt the same plaintext twice with the same key, but different IVs then the ciphertext should be different. Ideally an attacker should not be able to tell if two ciphertexts correspond to the same plaintext or different plaintexts of the same length. More formally, IVs are used so that the encryption has ciphertext indistinguishability.

Accipitridae  2010-03-14 11:08:33

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords