Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using an OpenSSL cipher in Ruby to send text between a client and server and apparently it’s a good idea to employ an IV, but for decryption on the server-side, I’m going to need that IV which was generated client-side. My question is will I run into problems sending the IV over the network? I don’t know the first thing about cryptography, so I have no idea whether the IV can be used to decrypt the message or not.
The IV is public information, it’s totally fine to send it over the network. However, you should use a cryptographically secure random for every single encryption, especially if you are using CBC mode. Using a somehow predictable IV in a situation like that leaves your encryption vulnerable to certain kinds of attacks.
If you are completely new to cryptography and using
Cipher, have a look at the docs, we added some information there that should help you getting started. It illustrates some best practices, among them is handling the IV correctly.