mcrypt IV

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

mcrypt IV

Post by nwp »

can anybody decribe me whats an IV in mcrypt . I've searched a lot but I didnt got any explanation about whats an IV and whats the need of an IV . can anybody help me ou ??
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Where did you read about this in the first place?
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

from php.net
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

:? Never heard of it...
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Interesting...
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

Guys its a simple argument of mcrypt everybody needs this encrypting somthing .
You always need it to encrypt something securly .
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Yes, but what is your interest in IV? Why encryption? Why not hashing?
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

superdezign wrote:Yes, but what is your interest in IV?
I wanna know what is teh theory behind IV and whats it is. ?? why some(3) MODE requires it ??
superdezign wrote: Why encryption? Why not hashing?
Encryption is not hashing . I need enencryption not hashing .
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

Iv (Initilization vector) is a RANDOM (string)[8 bit Octet String] .
How Random ??
MCRYPT_DEV_RANDOM makes it random by reading from /dev/random
MCRYPT_DEV_URANDOM makes it random by reading from /dev/urandom
Its obvious that <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> Windows doesnt have /dev So MCRYPT_RAND is for that
I'vent used PHP that much on Windows . I donno much about MCRYPT_RAND.
[We need to pass one of these constants to the Function see Manual]
this is an example.

Code: Select all

$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($mcrypt_module_open_res), MCRYPT_DEV_RANDOM);
to know mcrypt_create_iv() we first need to know mcrypt_enc_get_iv_size().
the Algorithm you use for encryption encrypts Block wise in a chain . and IV affects teh First block By the Random string and as teh string is random it prevents from dictonary attacks. [ecb mode doesnt require IV]. So to do that it must know teh iv Size. as teh Iv Size depends on teh ALGO and teh mode you are using. mcrypt_enc_get_iv_size() returns the IV size and get a resource Argument thats teh resource (Pointer) created By mcrypt_module_open(). .
You try to echo the mcrypt_create_iv() . You will see that its random string. and you will also see taht its length varies By changing teh ALGO and MODE .
Hope this helps.
nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

Thanks . and thanks to msn Messenger .
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Post by shiflett »

nwp
Forum Contributor
Posts: 105
Joined: Sun Feb 04, 2007 12:25 pm

Post by nwp »

:banghead: :banghead: :banghead: :banghead: :banghead: mcrypt is too hard to use. ecb mode is easy but unsecure. cbc mode requires IV so results changes time to time. isnt it possible to do it without mcrypt (I meant do you have any encryption class thats easy :D ) ?? I think you have please .
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

OK here it is viewtopic.php?p=406619#406619
But I'd still ask you to learn mcrypt.
Post Reply