0

In Safety of a private key when knowing the full content of an encrypted message in case of fixed initialization vector, an answer says

using a fixed IV is bad practice since it allows statistical analysis attacks (read about it here). While K may not be leaked, M might leak from statistical patterns.

In my situation, someone needs to send my web application a short numeric id like 12345 so I can log them in as a user with that id. I'm not sure if I care if an attacker could work out what those id's are, because all it would tell them is that there is a record with id 12345 in the system, and the id itself is meaningless.

Also, in the wiki article, the statistical attack does recover the original image, just aspects of it due to repeated blocks. But there the original image has repeating blocks of similar data. Would this be any issue if the message is just a short identifier like 12345?

In such a situation, can the IV be constant (do I need it at all)?

Joshua Frank
  • 123
  • 1
  • 5
  • What is the encryption method, what does prevents you using IVs? – kelalaka Apr 22 '21 at 15:29
  • I'm asking just generally. In this specific case, the encryption is PHP's openssl_encrypt, and nothing prevents me from using an IV, except that I'm communicating with another party and I'd like to keep the protocol as simple as possible. – Joshua Frank Apr 22 '21 at 15:31
  • openssl_encrypt can use many cipher and modes. The devil in details. The statistical attack ( frequency attack ) can be very dangerous. The time is shown to us. Don't use non-randomized cipher as longs as you know what really do. – kelalaka Apr 22 '21 at 15:34
  • If you don't care about the message leaking, why are you using encryption at all? Did you intend to use signatures or a MAC or something else authentication related, but didn't know about those things? I suspect you're trying to authenticate a user, so encryption isn't what you want. – SAI Peregrinus Apr 22 '21 at 16:02
  • @SAIPeregrinus: That's a good question. I suppose it's too strong to say that I don't care at all. I'd like to be reasonably secure in the face of casual snooping, but I don't know that I'm worried about a concerted statistical attack. I guess I am trying to do authentication. Why isn't encryption what I want? I was thinking, they send an encrypted user id and I decrypt it. What's a better way? – Joshua Frank Apr 22 '21 at 17:19
  • Look into the webauthn standards for authentication. In short, you first establish a TLS connection (so all communications get encrypted and the user's browser authenticates that the server is correct for the domain) and then webauthn verifies that the user is supposed to have access (authenticates the user to the server). – SAI Peregrinus Apr 23 '21 at 13:31

0 Answers0