mcrypt: safe to use a fixed non-binary IV with a good key?
Posted: Tue Nov 18, 2008 8:51 am
When using mcrypt_encrypt and mcrypt_decrypt with MCRYPT_RIJNDAEL_256 encryption and MCRYPT_MODE_CBC block mode, it needs an IV (Initialization Vector).
The example on php.net shows the creation and usage of a random IV (whereas their example uses EBC block mode which actually doesn't use the IV, so it's kinda misleading). Creating a random IV before encryption doesn't seem very useful to me, as you need the same IV next time when you decrypt earlier encrypted data.
Instead, I use this for ALL my encryption and decryption:
And the keys I use when encrypting are different for various kinds of data, and not easy to brute force (for example $key="gP6s7m#G2VsLzg1c!SqA9").
Is this safe & secure? I mean, can I rely on just the keys being hard to crack? That is even though my IV is fixed, can be easily brute forced (rainbow tables), and consists of only 32 hexadecimal digits (as opposed to 32 random bytes).
The example on php.net shows the creation and usage of a random IV (whereas their example uses EBC block mode which actually doesn't use the IV, so it's kinda misleading). Creating a random IV before encryption doesn't seem very useful to me, as you need the same IV next time when you decrypt earlier encrypted data.
Instead, I use this for ALL my encryption and decryption:
Code: Select all
$fixedIV = md5('hello');
// note that mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC) == strlen($fixedIV)Is this safe & secure? I mean, can I rely on just the keys being hard to crack? That is even though my IV is fixed, can be easily brute forced (rainbow tables), and consists of only 32 hexadecimal digits (as opposed to 32 random bytes).