Why is using a Non-Random IV with CBC Mode a vulnerability?
Posted
by The Rook
on Stack Overflow
See other posts from Stack Overflow
or by The Rook
Published on 2010-06-09T17:13:30Z
Indexed on
2010/06/09
17:52 UTC
Read the original article
Hit count: 159
I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.)
What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)
© Stack Overflow or respective owner