Re: Should Initialization Vectors be public ?

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/04/04

Date: Fri, 4 Jun 2004 10:03:25 -0700

In my original reply I implied block cipher encryption algorithm (most
likely Rijndael) and Cipher-Block Chaining (CBC) mode. Since this is the
best (most secure) option (as far as symmetric key encryption goes), there
is no reason to use EBC or other (less secure) feedback modes. When IV is
used in the CBC mode, it is XORed with the first block of plaintext data, as
I described (not added at the beginning). Having said this, I do not see why
IV should be kept a secret (at least for the block ciphers with CBC). Well,
it does not hurt, but it does not have to be a requirement, unless I am
missing something.


"Hernan de Lahitte" <> wrote in message
> "Rob Teixeira [MVP]" <> wrote in message
> news:%2347E%23GcSEHA.2480@TK2MSFTNGP10.phx.gbl...
> >
> > As for the original question, ideally, you should keep the IV as private
> as
> > possible. You should NEVER export the key or IV publicly unless you
> perform
> > a correct Key Exchange, which used Public/Private (assymetric) Key
> > encryption to safely move the key (and any other secret seeding
> > such as IV) from point A through an untrusted space to point B.
> >
> That's really interesting.
> Until now I used to believe that a random generated IV was not a secret as
> well as any salt value. However, unlike the salt value that is mostly
> intended to be used as a countermeasure to mitigate dictionary attacks,
> IV have actually a different usage as was described by Rob and this might
> changes things a bit.
> What do you think guys about this?
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> This posting is provided "AS IS" with no warranties, and confers no

Relevant Pages

  • Re: Padding removal went wrong
    ... [problem padding and unpadding plain text block] ... implement CBC, I was trying to use the block cipher as-is. ... anything beyond PERFECTLY UNDERSTOOD instructions, ...
  • Re: Block cipher and CBC based MAC using the same key / stream cipher based MAC
    ... is known to be secure with shared keys; ... Would this be valid in my scheme? ... depends on your choice of block cipher; ... known to be pretty weak against related-key attacks. ...
  • Re: why we have to do first Encryption and then Authentication in PKCS
    ... secure if E_k1 is an XOR-based stream cipher (including block cipher in ... CTR mode) and H_k2 is a keyed hash that only needs to satisfy some weak ... CBC is "less fragile" in the sense that screwing up the authentication ... distaster, while if you mess up with CTR, security can evaporate. ...
  • Re: Running White-Box AES backwards
    ... >>obfuscation to make a public key cipher out of a private key PRP. ... If we assume AES is secure, then the attacker ... private-key block cipher. ...
  • Re: how secure is SSL?
    ... seen a few sizes, but the strength? ... SSL is a block cipher. ... feistel ciphers) and not provable secure ciphers. ...