Hello everybody Sorry for asking again, but not having worked with stream ciphers before, I really have no clue ... so any hint is more than welcome.
After encrypting multiple files with blowfish-cbc and distinct IV for each file, do I need to keep the IVs secret? Thanks Markus On 12/12/2012 05:56 PM, Markus Wernig wrote: > Hi all > > Thanks for the swift replies. > > On 12/11/2012 11:51 AM, Jakob Bohm wrote: > >>> >>> - With a given key being reused for all encrypted files, the IV from my >>> understanding is central to the strength of the encryption. So a unique >>> random IV needs to be used for each file. Does this mean that for every >>> file I have to record the IV in order to decrypt it later? Or is my >>> understanding wrong? >>> >> Yes, you need to know the IV to decrypt correctly, and it should not be >> predictable by anyone without the key, but it does not need to be secret. > > Is that also true after encryption? So I can just store the IV in plain > together with the encrypted file and it will not lessen the encryption's > strength? My gut feeling (very uneducated ;-) tells me that this could > allow an attack on the crypttext to somebody with access to the files. > > thx again > Markus > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
