IV pin for CBC chaining mode

Question

IV pin for CBC chaining mode

Is there any safe way to obtain an IV value for use in CBC mode (e.g. 3DES CBC) other than IV randomization?

+2

cryptography encryption

ramown 10 Sep '09 at 3:46

source to share

4 answers

Accipitridae · Answer 1 · 2009-09-11T06:07:16+0000

NIST Special Publication 800-38a discusses methods for generating an IV in Appendix C. One suggested method is to use a counter or nonce, encrypt it, and use the result as an IV. In contrast, for example, in CTR mode, it is necessary that the potential adversary cannot predict the IV.

Attacks exist if predictable IVs are used. See, for example, this document . (I will try to find a more accessible version).

caf · Answer 2 · 2009-09-10T04:48:18+0000

If you want to make them unpredictable (to anyone else) but make sure they don't repeat themselves, you can simply encrypt the one-block counter with a random key (generated once for each message key) to generate the IV. Make sure you keep the meter in permanent storage.

Rasmus faber · Answer 3 · 2009-09-10T08:38:21+0000

Anything that never repeats and has no structure will work (I don't understand why unpredictability should be important - if messages are also authenticated (which they should be)).

If you know you will never send more than one message per second, you can use unixtime (hash and use the first bytes).

If you are running on multiple threads / processes / machines, you may need to enable threadid / processid / machineid.

If you have access to generating the GUID, hashing that and using the first 8 bytes might also be a good option.

vy32 · Answer 4 · 2009-09-13T07:13:52+0000

You might want to look in counter mode rather than CBC. Counter mode allows random access to encrypted data and can be parallelized.

IV pin for CBC chaining mode

More articles: