|
|
|
|
|
|
by tzs
3999 days ago
|
|
|
Thanks for the feedback. If a random IV were used, then there would have to be some other mechanism to detect attempts to store duplicate strings. Perhaps a table that maps hashes of already stored plaintext strings to the row ID of the encrypted string. I don't like that, because if someone is able to steal a copy of the database, they have hashes of all the stored strings. I guess that could be dealt with by using HMAC for these hashes instead of just a plain hash. There is a lot less discussion on the net (at least that I could find) of using IVs derived from the message than I would have expected, since it has to be about the first thing anyone thinks of when they want identical plaintext to produce identical ciphertext. The most direct discussion seems to be in Thomas Pornin's comments on his answer in this stackoverflow discussion: http://stackoverflow.com/questions/4608489/how-to-pick-an-ap... |
|
|