What is Initialization Vector?

4

When I used a function in PHP, called openssl_encrypt , which encrypts data, I came across the term iv , which is Initialization Vector .

I'd like to understand a little bit about this;

I saw this in an example like this:

$iv = openssl_random_pseudo_bytes(16);

openssl_encrypt($texto, $cipher, $password, $options, $iv)

I understood that this initialization vector has to do with a random value, but it was just a little perception.

I would like to know more in detail:

  • What is Initialization Vector ?
  • What does it have to do with encryption? Why is it necessary?
asked by anonymous 22.02.2017 / 19:24

2 answers

2

In its context, iv is a set of random characters, they are usually used to ensure that their encryption is always unique, and a new one should always be generated when using it, preferably never reusing a given iv .

Your relationship to encryption is because it is a way of ensuring that the same text does not always return the hash when encrypted by your method.

Let's assume you try to encrypt the text "hello" always with iv xpto ## it will generate hash sahsau = 7273 , and this result will be saving for all people who use the text "Hello", if any person happens to discover that this generated hash represents "Hello" he will be able to indendify all "Hello" your system. Now if you use a different iv for each time you encrypt the text "hello" it will always generate a different hash, since iv is joined together with text that was entered when encryption was used. This will improve the security of your system.

Note: As a new iv is always generated, you must also save it in your database in order to use hashs or decryption     

23.02.2017 / 02:49
1

As Jeferson has already replied, the Initial Vector serves to initialize your encryption vector.

Imagine that you have an algorithm that always generates the sequence 1,2,3,4. For it to change this value, it will need a different initial value.

Normally the algorithms automatically capture this from somewhere (such as / dev / random on UNIX systems). This allows you to generate a good hash, but it's bad for encryption, as long as the hash is generated and never reversed, encryption needs to be rolled back.

For this reason, whenever a text is encrypted, you need to enter a startup value to ensure that that text is not vulnerable to attacks such as Rainbow Tables , at the same time that you must allow you to decrypt the text.

    
01.03.2017 / 20:45