AES128-CBC Question
David Wagner
daw at cs.berkeley.edu
Thu Apr 19 15:46:54 EDT 2007
Adam Perez writes:
>Is there any danger in using AES128-CBC with a fixed IV of all zeros?
Yes. If you encrypt two messages with a common prefix under the same key,
that fact will be readily apparent from the ciphertexts. This may leak
information about the plaintext, depending upon the structure of your
messages. Any decent crypto book will tell you about this weakness and
recommend against use of CBC with a fixed IV. This is elementary stuff;
I think you may need to get someone with more experience in cryptography
advising you on these design questions.
Of course, the fact that someone else uses bad design (if that is
even correct) is not a good excuse for using poor practice yourself.
WEP does all sorts of crazy things, but that doesn't mean you should
copy what WEP does.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list