Examples of encryption for database access

Mark Wieder ahsoftware at sonic.net
Thu Jun 28 18:53:47 EDT 2018


On 06/28/2018 01:49 PM, Brian Milby via use-livecode wrote:
> Random IV means that an attacker can not generate a dictionary in advance. Knowing it at the same time is not an issue since they cypher is not cracked. The other reason is that the IV seeds the AES encryption so that the first block does not give anything away. If the first encrypted block for the same data is always the same, the attacker can use that to test guesses if they can control what is being encrypted. Same issue if they can predict the IV. See the Wikipedia entry I linked to for a better discussion.

Encryption with an initialization vector isn't a reversible operation. 
It's not like XORing a value with another. Being able to *predict* an iv 
value, however, as opposed to just knowing the current value, is a 
security problem.

> 
> IV is fixed at the block size of the cipher. So for AES it is 16 bytes.

Yes, I stand corrected. Silly me assumed that aes-256 would use a larger 
block size. AES uses only 128-bit blocks with different key sizes.

-- 
  Mark Wieder
  ahsoftware at gmail.com




More information about the Use-livecode mailing list