Php mcrypt encryption without IV
I need to use an encryption mechanism. I chose mcrypt as it is available for its examples as well. But I see that the generation time is too long. When I use the IV like in the above examples, it took a long time, and when I removed it, it instantly generated an encrypted value.
// Code example using IV
$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_RANDOM);
$encryptedString = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $encryptionKey, utf8_encode($origString), MCRYPT_MODE_ECB, $iv);
return base64_encode($encryptedString);
// Code example without IV
$encryptedString = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $encryptionKey, utf8_encode($origString), MCRYPT_MODE_ECB);
return base64_encode($encryptedString);
So if there are any big security issues with non-IV encryption?
source to share
DEV_RANDOM
generates random integers from /dev/random
or an equivalent that listens for unpredictable data like mouse movement, keyboard strokes, etc. to create secure data. If there are no keystrokes, etc., it just waits until there is enough data ... and why is it slowing down.
DEV_URANDOM
uses /dev/urandom
or the equivalent, and while it can also use the data above, in addition to that, it combines pseudo-random number generators to provide you with real-time random data (which is more predictable, but it often doesn't matter.)
They are used to determine how the IV is constructed.
Now on IVs.
IVs are used to get seed for random functions used by encryption functions.
You are using ECB. The first thing to note is that ECB does not use IV, so what you wrote does not make sense; if you are using ECB you can skip creating IVs altogether and you should be able to decrypt your data with no problem. But another thing is that you shouldn't be using ECB. ECB encodes your data so that every block with the same data looks the same. CBC, on the other hand, xors each block with data from the previous block (and it requires an IV for that). To demonstrate the difference between the two, take a look at this:
From left to right: original image, ECB encoded image, and CBC encoded image.
If you want to use CBC, you must also recover the IV for each piece of data that you encrypt separately, otherwise it's just as bad as using ECB. Regenerating IVs each time prevents repetition based attacks.
Finally, if you are using CBC, you will need to save your IV so that you can decrypt the text later. If you don't, you will get trash. Fortunately, most encryption algorithms are designed in such a way that IVs can be publicly available, so you don't need to worry about storing private keys.
TL; DR: Uses CBCs with public IVs regenerated for each separately.
(Also ... if you don't care about decryption, you might be interested in cryptographic hashes.)
source to share