How to pick an appropriate IV (Initialization Vector) for AES/CTR/NoPadding?

前端未结

关注

 5  818

别跟我提以往 2020-12-07 21:10

I would like to encrypt the cookies that are written by a webapp and I would like to keep the size of the cookies to minimum, hence the reason I picked AES/CTR/NoPadding.

5条回答

执笔经年 (楼主)

2020-12-07 21:28
Include a large random number with the cookie. A 64 or 128 bit number is probably large enough. It needs to be large enough for it to be very difficult to get duplicates. Be sure to put enough entropy into this number. Don't just use gettime(). If you have access to CRNG then use it here.

Store a 256 bit master key with your application. Use SHA256 to derive your key information. Again, use a CRNG for this.
```
$keyblob = sha256( concat("aeskeyid", $masterkey , $randomnumberwithcookie ) )
$aeskey = $keyblob[0..15]
$aesiv = $keyblob[16..31]
```
You may also want to derive a key for an HMAC.
```
$mackeyblob = sha256( concat("hmackeyid", $masterkey , $randomnumberwithcookie ) )
```
Alternatively, you could combine the above two hash operations into one by using SHA512.
```
$keyblob = sha512( concat("randomkeyid", $masterkey , $randomnumberwithcookie ) )
$aeskey = $keyblob[0..15]
$aesiv = $keyblob[16..31]
$hmackey = $keyblob[32..63] 
```
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...