All geek questions in one place

It was recommended to use the same IV in the implementation of AES

We had to expand our website to provide credentials to the user on the suppliers website (in the query line) using AES with a 256-bit key, however, when decrypting, they use static IV information.

I advised that IV should not be static and that it is not in our standards to do this, but if they change it, we will incur [large] costs so that we agree to accept this as a security risk and use the same IV ( to a large extent for my extreme disappointment).

What did I want to know how much a security risk? I need to be able to effectively communicate this to management so that they know exactly what they agree to.

* UPDATE: * We also use the same KEY throughout.

thank

+3
source share
4 answers

Using static IV is always a bad idea. Using a static key is always a bad idea. I bet your provider has compiled the static key into their binaries.

Unfortunately, I have seen this before. Your provider has a requirement that they perform encryption, and they try to implement encryption in the most transparent way or as a "flag". That is, in fact, they do not use encryption for security, they use it to satisfy the requirements of the flags.

, , , , SSL. . , , . , .

+2

IV , . , : , CFB, , !

+3

( , , / ), , IV. , , , (, usernameA + passwordB) .

, :

  • : , "gobbbledygook" , . , .

  • : + URL. - , ? , , .

0

, ? , , .

A good example of reusing the same nonce is Sony vs. Geohot (using a different algorithm). You can see the results for Sony :) By the time. Using the same IV can have mild or catastrophic problems depending on the AES encryption mode you are using. If you use CTR mode, then everything you encrypted is as good as plaintext. In CBC mode, your first plaintext block will be the same for the same encrypted data.

0
source

Source: https://habr.com/ru/post/1779591/

More articles:


All Articles