On 17 June 2013 14:02, enrico d'urso <e.du...@live.com> wrote: > Hi, thanks for answer. > At the moment in my application I create an random IV and a random KEY. > Client after this creation send them to Server encrpyting all with RSA > public key. > Client decrypt the message with private key, and from this point the > communication will be based > on DES in cbc mode using IV and KEY just created. > > in CBC mode the last cipher-text is used to recovery plain text (except for > first time , where IV is used). > > Client gets input from stdin , encrypt and send the message to Client. > Since, user input is not always multiple of 8 byte (in size) I need to use > some form of padding, to make this I used Encrypt_final . > > After called Encrypt_final you said me that is needed to recall Init > function. > Could I use always the same IV to make this? > Use the old cipher-text is wrong? > Recreate an IV and send it to Server seems result in bad perfomance, no? > I'm repeating the question because I added several details.
IV's should always be random - you should not reuse an IV. Using the the last block of cipher-text from a previous message as the IV gives a predictable IV which is insecure in CBC mode for certain classes of attack. If you MUST use CBC then you will need to send an IV every time - and yes this could result in bad performance if you are sending a lot of these. Hence my recommendation that you consider an alternative mode - CTR (or perhaps GCM if you require authenticated encryption). CTR does not have a restriction on predictable IVs. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
