On Thu, 27 Apr 2017 15:00:37 +0300 Yaşar Arabacı <yasar11732@xxxxxxxxx> wrote: > For AES-256 encryption, should IV be random? I am already using a > random salt, so I was wondering if IV should be random too. An IV is part of a cipher mode. AES-256 is just a block cipher. You can't use it on its own. So you need to specify which cipher mode you want to use in order to make sense. You most likely want to use GCM. The requirement for the IV is usually that it's unique. Choosing it at random may or may not be a good idea, depending on how much data you encrypt and how long the IV is for that particular cipher mode. For GCM using random IVs is not exactly recommended, better use a counter if you can keep state. But if you only encrypt small amounts of data per key a random IV is doable. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@xxxxxxxxx GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
