English 中文(简体)
Encryption: how to have 1 iv despite multiple fields
原标题:

I ve been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I m encrypting an address and I have it stored all in a single field, I need a single iv for this. But if I have the address spread over multiple fields, I need several ivs, one for each field. This is a problem.

Is there a way to encrypt multiple fields (all in the same row/record) with a single iv, while maintaining the individuality of the fields? The goal is to have a single iv per record.

What I was thinking about doing was something like this

//get input for fields 1-5

//encrypt them, so that each one has its iv appended to it
$field1_enc = encr($field1);
$field2_enc = encr($field2);
$field3_enc = encr($field3);
$field4_enc = encr($field4);
$field5_enc = encr($field5);

//then store them individually in the database

How do I encrypt all fields with a single key? Then what happens when I want to edit any of those fields? (my guess is I d have to un-ecrypt, then re-encrypt with a new iv). But the main question is aside from the concept, I don t understand how to programmatically get this done, i.e. encrypting all fields with a single iv

最佳回答

IV needs to be unique but doesn t have to unpredictable or secret. Why don t you create a random number as base of IV for each record. Adding 1 to the base and use it as IV for field 1, adding 2 for field 2 ...

EDIT: Here are some implementation details,

Create a column for iv_base, which is simply a random number,

$iv_base = random();

When you encryt or decrypt the fields, use this function to create IV,

function get_iv($base, $size, $seq) {
    $remaining = $size;
    $round = 0;
    $iv =   ;
    while ($remaining != 0) {
        $d = md5($base . $seq . $round, true);
        $len = min($remaining, 16);
        $iv .= substr($d, 0, $len);
        $remaining -= $len;
        $round++;
    }
    return $iv;
}

$base is the random number you stored in the database. $size is the IV size. $seq is the number you assigned for each field. You can use field name also.

时间:2009-11-06 14:33:08
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全