IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [initialisation-vector]

50 questions
29
votes
2 answers

Should AES always give the same output?

I'm having trouble understanding AES and would like to know if encrypting the same text with the same key two times in a row should give the same output. Is there any salt or something that would change the ouput? If it doesn't give the same thing,…
user31008
  • 291
  • 1
  • 3
  • 3
25
votes
4 answers

Encrypting using AES-256, can I use 256 bits IV?

I want to encrypt data using AES in java, and I want to intialize the cipher with Initialisation Vector. Can I use 256-bits IV ? Or I must use only 128-bits IV ?
Hakim
  • 619
  • 3
  • 9
  • 14
23
votes
6 answers

Why does IV not need to be secret in AES CBC encryption?

According to Wikipedia, the initialization vector (IV) does not have to be secret, when using the CBC mode of operation. Here is the schema of CBC encryption (also from Wikipedia): What if I encrypt a plaintext file, where the first block has a…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
12
votes
3 answers

How do poor-quality initialization vectors affect the security of CBC mode?

(If the consensus is that this question belongs on crypto, rather than here, please feel free to [tell me to] migrate it.) From what I have read (looking specifically at AES in Cipher Block Chaining mode), initialization vectors should be…
Brent.Longborough
  • 231
  • 1
  • 7
11
votes
2 answers

Why would you need a salt for AES-CBS when IV is already randomly generated and stored with the encrypted data?

I was looking at this code and came across these comments which says encrypting without a salt is insecure. Why would it be insecure when you are already using a random IV for each value? I think the comment might be incorrect, but it is a popular…
Chloe
  • 1,668
  • 3
  • 15
  • 30
11
votes
1 answer

OpenSSL EVP aes_256_cbc Initialization Vector Size

I'm looking at the crypto library examples (programmed in c) provided for OpenSSL EVP on OpenSSL Wiki. Their example for a 128 bit Initialization Vector is as follows: /* A 128 bit IV */ unsigned char *iv = (unsigned char…
peevishprogrammer
  • 146
  • 5
9
votes
2 answers

What's the point of the nonce in CTR mode?

Does having a nonce in CTR mode actually improve security (vs. just using 1, 2, 3, etc. - basically a constant nonce of 0)? As far as I can tell, the best-case scenario security-wise is that the nonce could act as a sort of second key, which would…
Neil Fitzgerald
  • 374
  • 1
  • 2
  • 10
8
votes
2 answers

Can the IV + Salt be the same?

During my encryption app i've got the password creation bit: PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, keyLength); and later on the actual encryption part: cipher.init(Cipher.ENCRYPT_MODE, secret, ivSpec); The…
Crizly
  • 2,597
  • 4
  • 18
  • 29
8
votes
2 answers

Is Salt, IV and Key necessary when encrypting password in a database using AES? If so, how should they be used?

Imagine I have a website with user accounts. I want to authenticate users, so I need to know if the password they provide matches the one stored in my database. To protect the passwords from prying eyes, I want to obfuscate them, I decide to use AES…
Didier A.
  • 182
  • 1
  • 1
  • 9
6
votes
2 answers

Incrementing Initialization vector by 1

Suppose that we do not generate initialization vectors randomly (using AES in CBC mode). Instead it is initially all zeroes and we increment it by 1 each time a message is encrypted. How can this cause a problem? Could explain with an example?
Cemre
  • 315
  • 1
  • 5
  • 9
6
votes
4 answers

Initialization vector with cipher block

Is the initialization vector used to encrypt a block of data always static or dynamic? If it is dynamic then I should send the IV along with the key to the recipient right? This normally doesn't happen.
user1184
  • 537
  • 1
  • 5
  • 8
6
votes
1 answer

Using AES with same salt / IV - required for pattern matching algorithm

I need to securely encrypt data we are storing, but for each client I need the same plaintext to encrypt into the same cypher text. The reason for this is the data is still required for a pattern matching algorithm we apply to it, and so it wouldn't…
moatak787
  • 61
  • 1
5
votes
1 answer

Do IVs need to be unpredictable?

I am encrypting a sequence of messages with AES/CTR. For each sequence, I generate a random initial IV, say IV(0). Define IV(i) = MD5(IV(i - 1)) for i = 1, ..., n. Then for each message m(i), I transmit IV(i) . e(key, IV(i), m(i)) over the…
Oxy
  • 151
  • 2
5
votes
2 answers

Two ways of generating the IV

I'm looking at some code, and in a particular scenario, the code would need to generate two IVs. The second IV-generating code simply uses the C# Rijndael GenerateIV() The first IV-generating code though takes part of the MAC address and part of the…
Zuiq Pazu
  • 155
  • 5
4
votes
2 answers

Using AesCryptoServiceProvider in C#, should using an incorrect IV mangle just the first block?

This question was also asked on StackOverflow, but with no answers, and I thought this may be a better exchange, since I have the same question.…
BrightLight
  • 43
  • 1
  • 1
  • 4
1
2 3 4