Questions tagged [initialization-vector]
Unique data used by block cipher modes of operation to randomize the output in order to achieve semantic security. Also for other similar constructs in other iterative algorithms.
392
questions
2
votes
1
answer
69
views
Is AES-GCM safe if same key is used for both uplink and downlink, assuming last IV bit tells the direction
I have designed a cryptographical protocol which uses AES-GCM with a single key.
I have gone to great lengths to ensure the same initialization vector is never reused. The first bits of the ...
0
votes
0
answers
44
views
How is the IV/Nonce determined in OFB mode? - SQLite Encryption Extension (SEE)
I am doing some research in different methods of encryption for SQLite databases. One of the databases I have is AES-256 OFB encrypted with SEE (https://sqlite.org/see/doc/release/www/readme.wiki). ...
2
votes
1
answer
63
views
Is AES-CTR mode with predictable IV vulnerable to CPA attacks?
I'm just confused about this topic problem.
I know that the CBC mode will be vulnerable to CPA attacks if the IV is predictable, but what about the CTR mode?
1
vote
1
answer
113
views
Putty PPK Encryption Questions (or AES-CBC)
I am learning about aes-cbc and to simplify things we need two parameters for encryption and randomness (key and IV). IV is random at runtime and will be used to randomize the first cipherblock which ...
2
votes
1
answer
135
views
Using AES-CBC with a random number plus a counter for the IV
I understand that AES-CBC uses the following scheme for encrypting data (diagram from Wikipedia):
And, I understand that we don't want initialization vectors to be predictable or constant, and also ...
0
votes
1
answer
101
views
Do I need to use unique IVs if all encrypted data is unique?
I am designing a service where each user has both a unique 256-bit private and public ID. These IDs should be derivable from one another, but only within the backend of my service (as to not expose ...
0
votes
0
answers
87
views
Exposing the vulnerability of CTR mode of operation
In the CTR mode of operation, the plaintext block is treated as a stream cipher, where each byte of the plaintext gets XOR-ed with each byte of the key (which is generated using a nonce and a counter) ...
3
votes
1
answer
178
views
High volume encryption with AES-GCM: AWS KMS vs CloudHSM
In my current project we will have to encrypt a lot of S3 objects (a few billions) with AWS KMS.
Our security department requires that we use KMS keys backed by CloudHSM. But since CloudHSM incurs ...
0
votes
2
answers
273
views
Rate the security of the following MAC
Ok we know when we add a random IV in our "modified encrypted" MAC became useless and the IV can be forgery, then our encryption scheme becomes vulnerable to chosen plaintext attacks.
...
0
votes
1
answer
106
views
CBC KEY recovery when KEY=IV
We have access to an encryption and decryption server with the following implementation. How can we get the secret key by interacting with this server?
...
0
votes
0
answers
160
views
CBC Predictable IV Help
I have this problem where I need to guess if bob wrote "yes" or "no" It is using AES-128-CBC and it tells me the next IV to be used. it takes input as a hex string and does the ...
0
votes
0
answers
32
views
How IV value shapes the State Matrix of PHOTON AEAD?
In PHOTON-Beetle Authenticated Encryption algorithm, the state consists of 64 4-bit
elements, which is represented as a (8 × 8) matrix. The Initial Value which consists of Key and Nonce from the ...
3
votes
1
answer
74
views
how 0/n split prevent BEAST attack against TLS?
I read that to mitigrate BEAST attack openSSL tried to inject empty TLS record before each real TLS record. and by doing that there is no opportunity to execute an attack but i dont understand way?
...
1
vote
1
answer
92
views
Newbie question about AES-GCM and IV
Imagine a channel where the initial secret for deriving of the actual key is established with ECDH.
First, that shared secret is used to derive a temporary key with some default parameters (salt, ...
2
votes
2
answers
154
views
Recommended way to generate a key and IV for CFB mode?
I need to generate a key and IV that will be used to encrypt multiple things over a period of time with AES in CFB mode. The decision to use AES in CFB mode is not mine to change and the key will only ...