Hi all Thanks for the swift replies.
On 12/11/2012 11:51 AM, Jakob Bohm wrote: >> >> - With a given key being reused for all encrypted files, the IV from my >> understanding is central to the strength of the encryption. So a unique >> random IV needs to be used for each file. Does this mean that for every >> file I have to record the IV in order to decrypt it later? Or is my >> understanding wrong? >> > Yes, you need to know the IV to decrypt correctly, and it should not be > predictable by anyone without the key, but it does not need to be secret. Is that also true after encryption? So I can just store the IV in plain together with the encrypted file and it will not lessen the encryption's strength? My gut feeling (very uneducated ;-) tells me that this could allow an attack on the crypttext to somebody with access to the files. thx again Markus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
