0

I'm looking for a cipher algorithm which doesn't require an initialization vector. I use the NodeJS function crypto.createCipheriv which documents at least the option to pass no initialization vector.

If the cipher does not need an initialization vector, iv may be null.

const encryptionAlgoritm = 'aes-192-cbc';
const encryptionKey = '...';
const cipher = createCipheriv(encryptionAlgoritm, encryptionKey, null);
// Error: Missing IV for cipher aes-192-cbc

Which OpenSSL algorithm can be used without the iv parameter?

Background: I don't need to decrypt the encrypted value. I want to pass the encrypted value to the database and also query the database with the encrypted value. Therefore the encryption algorithm needs to be bijective.

sschmeck
  • 7,233
  • 4
  • 40
  • 67
  • 1
    You could use the ECB algorithm. However, it is not secure (neither is CBC). – Benedict Schlüter Jun 20 '22 at 07:40
  • Why then use encryption in the first place? Why not work with checksums? I see no benefit here using encryption. For a one way thing, checksums should work fine. – Marc Jun 20 '22 at 07:43
  • @Marc, the transformation needs to be bijective to support the database query use case. Since I assume, that checksum algorithms may return the same hash for different values, I'm looking for a bijective encryption algorithm. I don't want to store the clear values in the database. Reasonable? – sschmeck Jun 20 '22 at 07:48
  • 1
    Since you don't need decryption, a *cryptographic* hash function like SHA256 with its low [collision probabilities](https://stackoverflow.com/a/4014407/9014097) could possibly be sufficient with regard to bijectivity. – Topaco Jun 20 '22 at 09:02
  • 3
    Sounds to me like you should be using a cryptographic hash function instead. If you're processing a million inputs a second with a 192-bit cryptographic hash function, your chance of finding a collision before the sun turns into a red giant and swallows the earth would be vanishingly small. (It would take about 350 trillion years to have a 1% chance of a collision.) – r3mainer Jun 20 '22 at 09:05

0 Answers0