- tags
ยง Cryptography
- Many modes of operation use Initialization Vector (IV) to randomize the encryption process so that encrypting the same data twice produces different ciphertexts. (This helps to avoid a slow re-keying.)
- Initialization Vector has different security requirements than encryption key, and usually does not need to be secret.
- For some modes of operation, it is important to never reuse Initialization Vector under the same key.
- For CBC and CFB, doing so can lead to leaking some information about the first encryption, and about any common prefix shared by two messages.
- For OFB and CTR, reusing an IV completely destroys security.
- For CBC, the IV must be unpredictable at the time of encryption. Otherwise, it can lead to TLS CBC IV attack.