Re: AES-256 Do I need random IV?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Classic requirement is that IV is unique per key. 

As theoretical crypto evolved, and attacks like Chosen Ciphertext Attack (you can make the victim to encrypt any plaintext of your choice (aka CPA), *and* *decrypt* any ciphertext of your choice) were developed, CBC could not hold against such an attack. Here the recommendation to use not only unique but unpredictable (aka random) IV. 

So it boils down to your user case and that model: e.g., if it may be possible for an attacker to feed you ciphertext and learn the results of your decryption - your IV may need to be random.

Regards,
Uri

Sent from my iPhone

On Apr 27, 2017, at 08:34, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote:

>> For AES-256 encryption, should IV be random? I am already using a random
>> salt, so I was wondering if IV should be random too.
> 
> It should be non-repeating.  It can just be a counter.
> 
> (Yes, I know OP didn't ask about AESGCM.  But if they're coming here for advice ... )
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux