On Sat, Dec 15, 2012 at 12:21 PM, Markus Wernig <[email protected]> wrote: > ... > > After encrypting multiple files with blowfish-cbc and distinct IV for > each file, do I need to keep the IVs secret? It depends on your security posture. IVs are considered public parameters, so there is usually no need to keep them secret. Some folks argue the case of keeping them secret.
Jeff > On 12/12/2012 05:56 PM, Markus Wernig wrote: >> Hi all >> >> Thanks for the swift replies. >> >> On 12/11/2012 11:51 AM, Jakob Bohm wrote: >> >>>> >>>> - With a given key being reused for all encrypted files, the IV from my >>>> understanding is central to the strength of the encryption. So a unique >>>> random IV needs to be used for each file. Does this mean that for every >>>> file I have to record the IV in order to decrypt it later? Or is my >>>> understanding wrong? >>>> >>> Yes, you need to know the IV to decrypt correctly, and it should not be >>> predictable by anyone without the key, but it does not need to be secret. >> >> Is that also true after encryption? So I can just store the IV in plain >> together with the encrypted file and it will not lessen the encryption's >> strength? My gut feeling (very uneducated ;-) tells me that this could >> allow an attack on the crypttext to somebody with access to the files. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
