Daniel Rychlik wrote: > Hello, > > I have been playing with the mycrypt function. Im having a bit of > trouble understanding why it is important to use a vector IV. > > I was wandering if there is a reasonably powerful encryption algorithm. > That uses a key only instead of getting the block size and using a IV. > > I basically want to know if there is something simple out there that > will do the same job. > > Kind Regards, > Daniel
An initialization vector is basically used to 'seed' the algorithm to make it more difficult to crack the ciphertext. Using an IV with a block cipher is recommended because it generally makes the cipher more resiliant to known-plaintext attacks. You can use an algorithm without an IV, but you're risking security if you do. In ECB mode, for instance, the IV is actually completely ignored, but if you use the same key, identical blocks of plaintext will translate to identical blocks of ciphertext. This is why an IV and block cipher modes which utilize IVs are important. Using an IV is definitely recommended. A good start would be Rijndael in CBC mode with random IVs. You can safely transport the IV with the ciphertext. If you really, really don't want to use IVs, you should try to stick with a strong cipher such as Rijndael or Twofish and a mode like CBC. You might also want to look into a stream cipher, such as ARC4 or SEAL. But I'd still recommend using an IV. J -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
