Hi Jason, Assuming you're using a block cipher, your encryption output would depend on the Cipher Mode of Operation used for encryption (assuming you're using a block algorithm like AES or Blowfish). The Operation Mode determines how to utilize the Initialization Vector (IV) when starting encryption. When using an IV, the output *should* be significantly different across encryption operations even when encrypting the same exact plaintext [1] multiple times.
Shiro generates an IV using a Secure Random generator (by default), and that IV size must be compatible with the cipher algorithm (i.e. the block size of the cipher). Shiro prepends the IV to the encrypted output byte array automatically (this is conventional practice and 'safe' to do). I'm unsure as to why you needed to do this yourself. It sounds like you're doing the exact same thing that Shiro is doing by default - how might your logic differ? What cipher algorithm are you using? What Cipher Mode of Operation? Shiro block ciphers default to OperationMode.CBC. [1] http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Initialization_vector_.28IV.29 HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk On Mon, Jul 9, 2012 at 11:19 AM, jhericks <[email protected]> wrote: > I never got any response on this, but it seems that the problem was nothing > special with Shiro as I was able to reproduce it with just the bare Cipher > using the BouncyCastle provider. > > What I wound up doing was something similar but not identical to > initialization vector, which is that I generate the salt at random and put > the salt at the front of the encrypted byte array. Then to decrypt, I pull > the salt off the front and use it to decrypt the rest of the array. > > I'm not a security expert, so I don't know if I'm giving up a lot by using > this workaround. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Initialization-Vector-doesn-t-appear-to-be-doing-it-s-job-for-me-tp7577553p7577587.html > Sent from the Shiro User mailing list archive at Nabble.com.
