问题
I am currently using AES-ECB encryption for user passwords on an android app, but I have to connect this app's database to a website where users can register and log in the same way as the mobile app.
I have read that ECB mode is not secured, so I wanted to use CBC by generating an IV.
Is it secure to store an IV as a constant in the code (I store the secret key this way too), both in php on the server side, and in the app ?
If not, is there a way for the website and the mobile app to share it's IV to encrypt /decrypt user password ?
Alternatively, I may have chosen the wrong encryption algorithm, there might be one that better suit my needs
回答1:
Best practice would be to create a new random IV for each encryption. The IV is basically a seed for that encryption call used in the first block.
Each IV can be safely stored in clear text along with the cypher text so it is available when decrypting the cypher text (the IV used to encrypt must be the same IV used to decrypt).
回答2:
If you are fixed with this algorithm, I may suggest - not to share IV from encrypting end to decrypting end.
Dummy Blocks Add an initial dummy block of 16 bytes before your actual message block of 16 bytes. So that, even if you are not sharing IV to the Decrypting End, as AES-CBC is a chaining mode, the first block (dummy block) at Decrypting end will be corrupted and rest of the blocks are not affected.
Encrypting End As per CBC mode in AES, In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. To make each message unique, an initialization vector must be used in the first block. Refer: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_.28CBC.29
Decrypting End Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. This is because a plaintext block can be recovered from two adjacent blocks of ciphertext.
来源:https://stackoverflow.com/questions/13819231/sharing-storing-iv-for-aes-encryption-decryption