Page 1 of 1

mcrypt: safe to use a fixed non-binary IV with a good key?

Posted: Tue Nov 18, 2008 8:51 am
by Apollo
When using mcrypt_encrypt and mcrypt_decrypt with MCRYPT_RIJNDAEL_256 encryption and MCRYPT_MODE_CBC block mode, it needs an IV (Initialization Vector).

The example on php.net shows the creation and usage of a random IV (whereas their example uses EBC block mode which actually doesn't use the IV, so it's kinda misleading). Creating a random IV before encryption doesn't seem very useful to me, as you need the same IV next time when you decrypt earlier encrypted data.

Instead, I use this for ALL my encryption and decryption:

Code: Select all

$fixedIV = md5('hello');
// note that mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC) == strlen($fixedIV)
And the keys I use when encrypting are different for various kinds of data, and not easy to brute force (for example $key="gP6s7m#G2VsLzg1c!SqA9").

Is this safe & secure? I mean, can I rely on just the keys being hard to crack? That is even though my IV is fixed, can be easily brute forced (rainbow tables), and consists of only 32 hexadecimal digits (as opposed to 32 random bytes).

Re: mcrypt: safe to use a fixed non-binary IV with a good key?

Posted: Tue Nov 18, 2008 10:17 am
by Hannes2k
Hi,
the IV do not realy increase the security of your algorithm. If you use a random IV, an attacker cannot see if the message you send had already been send earlier.

But: If you use for each encrytion a different key, there won't be any trouble with a fixed IV.


PS:
The common way to share the IV is by setting the IV as the first ciphertext block. (IV | Cipherblock1 | Cipherblock 2 | ...)
So for decryption you read the frist 128 bits (of the first ciphertext block), set it as the IV and then start to decrypt the rest of the message.

Re: mcrypt: safe to use a fixed non-binary IV with a good key?

Posted: Thu Nov 20, 2008 3:58 am
by Apollo
Hannes2k wrote:If you use a random IV, an attacker cannot see if the message you send had already been send earlier.
Good point.
The common way to share the IV is by setting the IV as the first ciphertext block. (IV | Cipherblock1 | Cipherblock 2 | ...)
Seems like a good idea.

Thanks!