Re: Should Initialization Vectors be public ?

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/04/04

Date: Fri, 4 Jun 2004 10:03:25 -0700

In my original reply I implied block cipher encryption algorithm (most
likely Rijndael) and Cipher-Block Chaining (CBC) mode. Since this is the
best (most secure) option (as far as symmetric key encryption goes), there
is no reason to use EBC or other (less secure) feedback modes. When IV is
used in the CBC mode, it is XORed with the first block of plaintext data, as
I described (not added at the beginning). Having said this, I do not see why
IV should be kept a secret (at least for the block ciphers with CBC). Well,
it does not hurt, but it does not have to be a requirement, unless I am
missing something.


"Hernan de Lahitte" <> wrote in message
> "Rob Teixeira [MVP]" <> wrote in message
> news:%2347E%23GcSEHA.2480@TK2MSFTNGP10.phx.gbl...
> >
> > As for the original question, ideally, you should keep the IV as private
> as
> > possible. You should NEVER export the key or IV publicly unless you
> perform
> > a correct Key Exchange, which used Public/Private (assymetric) Key
> > encryption to safely move the key (and any other secret seeding
> > such as IV) from point A through an untrusted space to point B.
> >
> That's really interesting.
> Until now I used to believe that a random generated IV was not a secret as
> well as any salt value. However, unlike the salt value that is mostly
> intended to be used as a countermeasure to mitigate dictionary attacks,
> IV have actually a different usage as was described by Rob and this might
> changes things a bit.
> What do you think guys about this?
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> This posting is provided "AS IS" with no warranties, and confers no