[Cryptography] Improving MITRE's description for "CWE-329: Not Using a Random IV with CBC Mode"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat May 23 01:08:44 EDT 2020


Ángel <angel at crypto.16bits.net> writes:

>You *could* make a dictionary attack if there was no IV, or only a fixed one,
>much like you could create one for a hash function with no salt.

It also depends on the encryption mode.  With an industrial-strength mode like
CBC you can pretty much abuse the IV any way you want and all you'll get is
either the ability to identify repeated encrypted data or, pathological worst-
case and you zero the IV on each block, a degradation to ECB.

OTOH if you get it wrong with an incredibly brittle mode like GCM or CTR you
get a catastrophic failure of security.

So you need to take the mode used into account as well as what happens if you
mess up the IV.

Peter.


More information about the cryptography mailing list