Menu
What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that?
UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary?
722
An initialization vector (or IV) are used to ensure that the same value encrypted multiple times, even with the same secret key, will not always result in the same encrypted value. This is an added security layer.
The CBC mode is well-defined and well-understood for symmetric ciphers, and is currently required for all other ESP ciphers. This document specifies the use of the AES cipher in CBC mode within ESP. This mode requires an Initialization Vector (IV) that is the same size as the block size.
In Cipher Block Chaining (CBC) mode, an initialization vector (IV) is added to the first block of plaintext before encryption and the resultant ciphertext is added to the next block of plaintext before encryption, and so on. Decryption is the reverse process.
The IV is not a secret, instead it is just used to bring necessary security properties into the mode of operation. However, be aware that encryption with CBC does not prevent people from tampering with the data.
The point of CBC is to randomize input blocks, because a given input block always gets encrypted the same with a given key (AES is deterministic). An input block is randomized by XORing it with the previous output block. The first block having no previous block, it is randomized by XORing it with the IV.
Thus, using a non-random IV means that you do not randomize the first block. If you never use the same key twice, i.e. you use a new key whenever you encrypt a new message, then an all-zero IV is not a problem. Issues with non-randomized input blocks are relevant only when there are two non-randomized input blocks which are encrypted with the same key. If you use a given key for a single message, then only the single first block of that message will be non-randomized, so no problem. But that is a big "if". In particular, if you can generate a new key for every message, then you probably can also generate a new IV for every message. It would take a quite specific scenario to justify using an all-zero IV with CBC.
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
