Is it safe to store AES IV prepended to CipherText in a DB?

About

Asked 16/6, 2017 at 10:2 Answered 16/6, 2017 at 10:10

Solved database cryptography initialization-vector

I would like to store AES encrypted data in a DB field.

Is it safe to store the AES IV (unique for each row) prepended to the cipher text? e.g.

IV_CipherText

Both would be encoded in Base64.

The Key used will be not be stored in the database.

Disjoin answered 16/6, 2017 at 10:2 Comment(0)

It is safe. The purpose of initialization vector is to insert some randomness into resulting cipher (so the same message won't result into same ciphers). It just must be unpredictable.

It can be publicly stored in the database. Often it is appended to the first bytes of the message. As said, it exists to avoid statistical attacks.

Delineator answered 16/6, 2017 at 10:10 Comment(1)

"It just must be unpredictable." - Yes, but this advice doesn't work for all modes. Unpredictable IVs are suggested for CBC mode, but the CTR mode needs unique IVs (actually called nonces) like almost all streaming modes do. – Simitar 16/6, 2017 at 17:54

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags