What is Initialization Vector?

Asked

Viewed 576 times

4

When I used a PHP function, called openssl_encrypt, that encrypts data, I came across the term iv, that is Initialization Vector.

I’d like to understand a little bit about that;

I saw it in a similar example:

$iv = openssl_random_pseudo_bytes(16);

openssl_encrypt($texto, $cipher, $password, $options, $iv)

I understood that this initialization vector has to do with a random value, but it was just a small perception.

I wanted to know more in detail:

  • What is Initialization Vector?
  • What does it have to do with encryption? Why is it necessary?

2 answers

3

In its context the iv is a random character set, usually they are used to ensure that your encryption is always unique, and should always be generated a new one when using it, preferably never reusing the same one iv generated.

Its relation to encryption must be that it is a way to ensure that the same text does not always return the same hash when it is encrypted by your method.

Suppose you try to encrypt the text "Hello" always with the iv exposure## it will generate the hash sahsau=7273, and this result will be stored for all people who use the text "Hello", if anyone happens to discover that this generated hash represents "Hello" he can indendificar all "Hello" texts in your system. Now if you use a iv different for each time you encrypt the text "Hello" it will always generate a different hash, since the iv is joined together with the text that was informed when using encryption. Thus improving the security of your system.

Obs: as a new iv is always generated, it must also be stored in your database to be able to use in the comparison of hashs or decryption

1

As Jeferson has already responded, the Initial Vector serves to initialize your encryption vector.

Imagine that you have an algorithm that always manages the sequence 1,2,3,4. In order for it to change this value, you will need a different starting value.

Usually algorithms automatically capture this from somewhere (such as /dev/Random on UNIX systems). This allows generating a good hash, but it is bad for encryption, because while the hash will be generated and never reverted, the encryption needs to be possible to revert.

For this reason, whenever a text is encrypted, you need to enter a boot value, to ensure that that text is not vulnerable to attacks such as Rainbow Tables, at the same time it has to allow you to decrypt the text.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.