Mark, > I was polishing the Language Reference for Firebird 4.0, and I noticed that we > seem to be missing a function to use with ENCRYPT: > > A function to generate a BINARY (or VARBINARY) of a specified size populated > with random bytes (from a secure random number generator). A lot of > encryption algorithms require an IV, and a proper IV should be unique and > random for each message encrypted. > > An alternative approach would be that ENCRYPT - through an explicit option > (eg `IV GENERATED` instead of `IV _value_`) - generates the IV and returns the > IV + encrypted value (that is <IV-bytes><enc-bytes>). > Similarly, if `IV GENERATED` is specified for DECRYPT, it should take the > first > (IV/block size) bytes of the input as the IV and use that for decryption.
A comment from a "simple language" POV. While "IV" or "Initialization Vector" are the technically correct terms, I would suggest that we use the term "seed" or "salt" instead. A much simpler terms that directly convey purpose, without needing for someone to google "IV". They could be used in syntax (along with optional keyword "Random") as "ENCRYPT RANDOM | {Seed String} | {Seed Function| SEED" or "ENCRYPT SEED RANDOM | {Seed String} | {Seed Function}" Sean Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel