|
|
|
|
|
|
by foxyv
410 days ago
|
|
|
The reason for this is that AES is not an authenticated algorithm so there is no way to determine if the ciphertext has been modified since encryption. The ciphertext could be modified/corrupted and you wouldn't know. Also, AES is deterministic and will encrypt the same data the same way every time. This means if you are encrypting a lot of fields you will be able to do statistical attacks. Using an initialization vector with AES GCM is similar to salting a hash. This way there is no statistical method to determine the contents of the ciphertext. |
|
|