<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
In the past I've found base64 is the preferred way to encode IVs, kets,
etc so it plays nicely with OpenSSL for example. I do not know if
OpenSSL or other implementations choke on non-base64 but I know it was
a hard requirement when I fudged together our encryption library.<br>
Jim Manico wrote:
<pre wrap="">I think we currently base64 encoding our IV's, is there any downside
to this, or are we just doing it in a non standard way?
Kevin, can you also please re-post your other encryption question from
last month, if you have it handy? It was very important but no one
responded. I'd like to reopen that conversation on the list.
Thank you for digging so deeply into this Kevin.
On Aug 19, 2009, at 12:12 AM, "Kevin W. Wall" <a class="moz-txt-link-rfc2396E" href="mailto:firstname.lastname@example.org"><email@example.com></a>
<pre wrap="">I wanted to support both fixed (i.e., pre-shared) IVs and random IVs
additions I'm putting into ESAPI Java 2.0 in the support of stronger
modes such as CBC mode.
I figured that such a fixed IV would be specified in the
and it seemed logical to specify this fixed IV as a hexadecimal
generally the most frequent way you see them specified in test
I checked and there doesn't seem to be a hex encoder/decoder codec.
planning on doing one? Not that complicated; last one I wrote a few
probably was less than 40 lines including the Javadoc, but I don't
have the time
to code it and write all the test cases.
Should I just have them use base64 encoding for specifying fixed IVs
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of
OWASP-ESAPI mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-ESAPI@lists.owasp.org">OWASP-ESAPI@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-esapi">https://lists.owasp.org/mailman/listinfo/owasp-esapi</a>