> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of MauMau > > But folks here gave me suggestions that different IVs should be used for > each 4KB block. I think I should do that, and I'd like to follow those > precious advice. > > (However, I'm wondering if it is really dangerous to use the same IV for all > blocks in a file, because the IVs are random and encrypted.)
Ultimately, everything comes down to one basic point: A block cipher is a black box function, which takes three inputs (key, IV, plaintext) and generates one output (ciphertext). If for any reason you repeat your inputs, then you will get repeat output. You just have to make sure you don't do that. Given your plaintext is prone to patterns and repetition... You just have to make sure you don't repeat a key/IV combination. Just scope your key and IV accordingly. Suppose you have a 128bit random secret key (dedicated to some file) that means you've scoped yourself down to the individual file. Suppose you have an IV which is serializable and guaranteed uniqe for all the 128-bit blocks in the file... Then you have a solution. Your only leak happens when the user repeatedly writes the same data back to the same block where they previously wrote that data. Then an attacker can know the user repeated their actions on that block of that file. Instead, suppose you have only one key that you're using for all files. Now your key is repeated across files, so unless you take some measure to ensure the IV is unique across all files... Then you would have a problem. So if you have a single key for all files, then you need some way to ensure the IV is serializable and unique across all files. If you are guaranteeing unique key & unique IV for all blocks of all files, that's certainly sufficent, but it's also overkill. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
