BMaximus has asked for the wisdom of the Perl Monks concerning the following question:

Happy Sunday my fellow Monks,

While looking through the man pages of Crypt::CBC I saw something new in it or something I've never paid attention to before. One of the keys to initialize the Crypt::CBC object is 'iv' => 'some random foo foo'. The man page says that this is an 'initialization vector' which may be used or if 'prepend_iv' is set to zero, not used. What is this initialization vector and how would I use it in the way it was meant to be used to the best of its purpose?

BMaximus

Replies are listed 'Best First'.
Re: Crypt::CBC question
by Zaxo (Archbishop) on Jul 21, 2003 at 01:07 UTC

    The IV for CBC mode of many cyphers is 8 octets (64 bits) of random data which is prepended to the plaintext before encyphering. The effect is to scramble the cyphertext still further. It is rather like the salt in builtin crypt digesting.

    Use of IV is mandatory for some CBC protocols. See, for instance, RFC-2405, The ESP DES-CBC Cipher Algorithm With Explicit IV.

    After Compline,
    Zaxo

Re: Crypt::CBC question
by blokhead (Monsignor) on Jul 21, 2003 at 01:02 UTC
    I don't know a whole lot about IVs in block ciphers, but they are used in hashing algorithms (MD5, SHS, etc). All hash algorithms that I know of are "cascading" hash algorithms. They take each block (say, 128 bits) of the input and recombine it with the results of the previous block into a hash function. The output of each step cascades and is used in conjunction with the next block. In this way, changing any block will change the output of the hash algorithm.

    To start out though, you need an extra block, so that's where the IV comes in. It's combined with the first message block into the first iteration.

    ______ IV --> | hash | ______ msg[1] --> |_func_| --> | hash | msg[2] ---------------> |_func_| --> msg[3] ----------------------------> ...
    Most hashing algorithms have a fixed IV, so that everyone agrees that the same file will have the same hash value.

    I'm not familiar with CBC, but I seem to recall that if you use a streaming/cascading cipher (where encryption results cascade to affect the next block), you'd also need an IV. If you can choose the IV yourself it will add some extra entropy, like having a longer key size. Also, a streaming cipher will prevent an attacker from detecting identical plaintext blocks from two snippets of ciphertext (unless they use the same IV and are at the very beginning of the plaintext). Of course, the person decrypting the message will need to know the IV you used.

    I'm sure someone more familiar with CBC can give you a little more info ;) ...

    blokhead