> Should the caller specify an empty ivec (to the correct length) in this case
> or am I missing something?
I think so too.
If you always initialise the IVEC to NUL bytes,
and use the same key to encrypt lots of small packets,
it becomes easier to crack the key.
If you use some variable data that both ends know for IV,
it is harder for crack the key. Even if the cracker knows the IV too.
If you dont initialise the IV to some known value,
it will still be set, but to some unknown value.
The DOCS could be improved to say to use nbytes the same as key length.
Its one of those things that people who know, know,
and the rest of us, guess. After several attempts.
Then are not quite sure ...
Graham
On 23 February 2010 16:02, Robert Doncaster <b...@edp.co.uk> wrote:
> Hello,
>
> Looking at test/evp_test.c and the test data test/evptests.txt for
> encryption/decryption, I don't understand how the initialisation vector
> ('iv' variable) is used.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
