Andrew Dunstan wrote:
>
>
> Andrew Chernow wrote:
>>
>>> Encrypting lots of small chunks of data with the same key is a very
>>> dangerous thing to do and it's very tricky to get right.
>>
>> Using an initialization vector (IV) is the way to go, recommend using
>> CBC or CFB mode. Although, an IV is never supposed to be used more
>> than once with the same key; that can leak hints about the plaintext.
>> Where is the randomly generated IV stored for use during decryption?
>
> Well, you can store it along with the encrypted data. The IV doesn't
> need to be secret, just random. I do that for one of my clients.
>
That's correct. Duh!?! Probably the first N bytes of the cipher text.
Would the IV be regenerated every time the plaintext is updated, to avoid using
it twice? For instace: update t set text = 'abc' where id = 1 . ISTM that the
IV for OLD.text should be thrown away.
Where would the key come from? Where would it be stored? What cipher is used?
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/