英文:
Why doesn't the golang crypto example use a random IV?
问题
根据CWE-329的描述,非随机的初始化向量(IV)可能会导致字典攻击的可能性。然而,在AES加密的示例中,Golang文档使用了一个非随机的IV:
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
这个实现是否安全,还是应该使用一个随机函数来获取IV呢?
英文:
According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack.
However, in the AES crypto example, golang docs use a non-random IV:
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
Is this implementation safe or should I use a random function to get my IV?
答案1
得分: 2
这是一个安全的方法,因为 IV 是从一个密码学安全的伪随机数生成器(CSPRNG)中获取的,默认情况下是从操作系统提供的 /dev/urandom。在 ExampleNewCBCEncrypter 函数中:
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
英文:
It is secure, because the IV is filled from a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) which is /dev/urandom by default and provided from the OS. From the ExampleNewCBCEncrypter function:
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论