Don’t use non-random IVs

The initialization vector (IV) used in CBC mode of a symmetric encryption should be random. A random IV gives you security against chosen-plaintext attacks. A non-random IV doesn't. But many security professionals that I've talked to tell me that they have a hard time convincing people that they really need to use a random IV.

The same people also tell me that when they refer the people who don't want to use a random IV to MITRE's Common Weakness Enumeration database and point out that using a non-random IV is weakness CWE-329, then the reluctant programmers always seem to grudgingly agree that they need to do it.

So if you're having trouble in convincing people to use random IVs, maybe referring people to the CWE database will help you.

Leave a Reply

Your email address will not be published. Required fields are marked *