feat: allow using ciphers with no IV or the same IV for every encryption #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit enables modes of operation that do not require an IV, such as ECB. It also allows reusing of IVs. This is not recommended if it can be avoided, because if the (first few blocks of) plaintext are the same, the (first few blocks of) the ciphertext will be the same, thus disclosing information. However, this can be useful to implement a form of "searchable encryption", where one can search whether a string is present without having to decrypt all ciphertexts first. This commit also renames references to "salt" with "IV". A salt is some random string added to a passphrase. Some algorithm (such as PBKDF2) is then used to derive a key from this passphrase. This key is then used by the block cipher. The salt makes sure the same passphrase does not always result in the same key. An IV, on the other hand, is used by a block cipher mode of operation (such as CBC) to ensure that the same plaintext does not always encrypt to the same ciphertext. In this case, it is clear "IV" was meant.
|
Turns out, this was a pretty half-baked idea. A new MR is coming that should be a bit better. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit enables modes of operation that do not require an IV, such
as ECB. It also allows reusing of IVs. This is not recommended if it can
be avoided, because if the (first few blocks of) plaintext are the same,
the (first few blocks of) the ciphertext will be the same, thus
disclosing information. However, this can be useful to implement a form
of "searchable encryption", where one can search whether a string is
present without having to decrypt all ciphertexts first.
This commit also renames references to "salt" with "IV". A salt is some
random string added to a passphrase. Some algorithm (such as PBKDF2) is
then used to derive a key from this passphrase. This key is then used by
the block cipher. The salt makes sure the same passphrase does not
always result in the same key. An IV, on the other hand, is used by a
block cipher mode of operation (such as CBC) to ensure that the same
plaintext does not always encrypt to the same ciphertext. In this case,
it is clear "IV" was meant.