Skip to main content
Cryptography

Questions tagged [initialization-vector]

Ask Question

Unique data used by block cipher modes of operation to randomize the output in order to achieve semantic security. Also for other similar constructs in other iterative algorithms.

392 questions
Newest Active Bountied Unanswered
2 votes
1 answer
69 views

Is AES-GCM safe if same key is used for both uplink and downlink, assuming last IV bit tells the direction

I have designed a cryptographical protocol which uses AES-GCM with a single key. I have gone to great lengths to ensure the same initialization vector is never reused. The first bits of the ...
juhist's user avatar
juhist
  • 1,371
0 votes
0 answers
44 views

How is the IV/Nonce determined in OFB mode? - SQLite Encryption Extension (SEE)

I am doing some research in different methods of encryption for SQLite databases. One of the databases I have is AES-256 OFB encrypted with SEE (https://sqlite.org/see/doc/release/www/readme.wiki). ...
ritikix2006's user avatar
ritikix2006
  • 1
2 votes
1 answer
63 views

Is AES-CTR mode with predictable IV vulnerable to CPA attacks?

I'm just confused about this topic problem. I know that the CBC mode will be vulnerable to CPA attacks if the IV is predictable, but what about the CTR mode?
zephyr Victor's user avatar
zephyr Victor
  • 23
1 vote
1 answer
113 views

Putty PPK Encryption Questions (or AES-CBC)

I am learning about aes-cbc and to simplify things we need two parameters for encryption and randomness (key and IV). IV is random at runtime and will be used to randomize the first cipherblock which ...
0xab3d's user avatar
0xab3d
  • 123
2 votes
1 answer
135 views

Using AES-CBC with a random number plus a counter for the IV

I understand that AES-CBC uses the following scheme for encrypting data (diagram from Wikipedia): And, I understand that we don't want initialization vectors to be predictable or constant, and also ...
Jojodmo's user avatar
Jojodmo
  • 123
0 votes
1 answer
101 views

Do I need to use unique IVs if all encrypted data is unique?

I am designing a service where each user has both a unique 256-bit private and public ID. These IDs should be derivable from one another, but only within the backend of my service (as to not expose ...
Ryan Hilbert's user avatar
Ryan Hilbert
  • 103
0 votes
0 answers
87 views

Exposing the vulnerability of CTR mode of operation

In the CTR mode of operation, the plaintext block is treated as a stream cipher, where each byte of the plaintext gets XOR-ed with each byte of the key (which is generated using a nonce and a counter) ...
Abhinav Tahlani's user avatar
Abhinav Tahlani
  • 101
3 votes
1 answer
178 views

High volume encryption with AES-GCM: AWS KMS vs CloudHSM

In my current project we will have to encrypt a lot of S3 objects (a few billions) with AWS KMS. Our security department requires that we use KMS keys backed by CloudHSM. But since CloudHSM incurs ...
Florian's user avatar
Florian
  • 31
0 votes
2 answers
273 views

Rate the security of the following MAC

Ok we know when we add a random IV in our "modified encrypted" MAC became useless and the IV can be forgery, then our encryption scheme becomes vulnerable to chosen plaintext attacks. ...
Poseid0n's user avatar
Poseid0n
  • 3
0 votes
1 answer
106 views

CBC KEY recovery when KEY=IV

We have access to an encryption and decryption server with the following implementation. How can we get the secret key by interacting with this server? ...
Sahar's user avatar
Sahar
  • 3
0 votes
0 answers
160 views

CBC Predictable IV Help

I have this problem where I need to guess if bob wrote "yes" or "no" It is using AES-128-CBC and it tells me the next IV to be used. it takes input as a hex string and does the ...
drift's user avatar
drift
  • 1
0 votes
0 answers
32 views

How IV value shapes the State Matrix of PHOTON AEAD?

In PHOTON-Beetle Authenticated Encryption algorithm, the state consists of 64 4-bit elements, which is represented as a (8 × 8) matrix. The Initial Value which consists of Key and Nonce from the ...
Mohammadsadeq Borjiyan's user avatar
Mohammadsadeq Borjiyan
  • 73
3 votes
1 answer
74 views

how 0/n split prevent BEAST attack against TLS?

I read that to mitigrate BEAST attack openSSL tried to inject empty TLS record before each real TLS record. and by doing that there is no opportunity to execute an attack but i dont understand way? ...
eitan's user avatar
eitan
  • 31
1 vote
1 answer
92 views

Newbie question about AES-GCM and IV

Imagine a channel where the initial secret for deriving of the actual key is established with ECDH. First, that shared secret is used to derive a temporary key with some default parameters (salt, ...
Kote Isaev's user avatar
Kote Isaev
  • 135
2 votes
2 answers
154 views

Recommended way to generate a key and IV for CFB mode?

I need to generate a key and IV that will be used to encrypt multiple things over a period of time with AES in CFB mode. The decision to use AES in CFB mode is not mine to change and the key will only ...
Jonathan Wilson's user avatar
Jonathan Wilson
  • 21

15 30 50 per page
1
2 3 4 5
27