Initialization Vector (IV) is a binary sequence used by block ciphers in most modes of operation. This post serves as a quick overview of how IV is used in one of the most popular Cipher Block Chaining mode.

AES encryption is a web tool to encrypt and decrypt text using AES encryption algorithm. The tool is free, without registration. AES encryption decryption online tool which performs encryption or decryption of an input data based on the given modes (ECB, CBC, CFB or OFB) and key bit sizes (128, 192 or 256 bits) using AES algorithm. The encryption/decryption with a cipher key of 128, 192, or 256 bits is denoted as AES-128, AES-192, AES-256 respectively. The AES algorithm has a 128-bit block size, regardless of whether you key length is 256, 192 or 128 bits. When a symmetric cipher mode requires an IV, the length of the IV must be equal to the block size of the cipher. Hence, you must always use an IV of 128 bits (16 bytes) with AES.

So where does IV come from? To quote Wikipedia:

Aes Key And Iv Generator Tool

Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message.

Probably the most famous example showing what “semantic security” means is the Linux penguin (on the left) encrypted using ECB mode (in the center) and CBC mode (on the right).

So what is the problem with the penguin above? ECB splits all data in block and encrypts each of the using the same key. Thus, the same plaintext results in the same ciphertext. On the image above, the same plain areas are transformed into the same cipher areas which let attacher to see relationships between areas.

Even bigger problem is that if attacker can make the system encrypt an arbitrary plaintext, she can then compare the result with the original ciphertext and guess the original plaintext. While this sounds like a long shot, it is actually a known TLS 1.0 vulnerability called TLS CBC IV or BEAST attack that was first discovered in 2001 and then was demonstrated in 2011 by Juliano Rizzo and Thai Duong. See Duong’s post, Thierry Zoller’s post, and TOR team’s overview for more details.

One of the popular block cipher modes that solves this problem is Cipher Block Chaining (CBC) that uses outputted ciphertext of the previous block to obfuscate plaintext block before encrypting it.

In contrast, each of the other modes describe a process where ciphertext from one block encryption step gets intermixed with the data from the next encryption step. To initiate this process, an additional input value is required to be mixed with the first block, and which is referred to as an initialization vector. For example, the cipher-block chaining (CBC) mode requires a random value of the cipher’s block size as additional input, and adds it to the first plaintext block before subsequent encryption. In turn, the ciphertext produced in the first encryption step is added to the second plaintext block, and so on. The ultimate goal for encryption schemes is to provide semantic security: by this property, it is practically impossible for an attacker to draw any knowledge from observed ciphertext.

In cipher-block chaining mode (CBC mode), the IV must, in addition to being unique, be unpredictable at encryption time. In particular, the (previously) common practice of re-using the last ciphertext block of a message as the IV for the next message is insecure (for example, this method was used by SSL 2.0). If an attacker knows the IV (or the previous block of ciphertext) before he specifies the next plaintext, he can check his guess about plaintext of some block that was encrypted with the same key before. This is known as the TLS CBC IV attack, also called the BEAST attack.[8]

From SO comments:

The key protects the encrypted data, whereas the use of a random IV ensures that information is not leaked by the ciphertext itself. IT does this by preventing identical plaintexts from producing identical ciphertext when encrypted using the same key

References:

• Different symmetric encryption modes (StackOverflow)
• Block cipher modes of operation (Wikipedia)
• Initialization Vector (Wikipedia)
• Salt vs IV when using AES-CBC (StackExchange)
• Explanation on why IV is important in AES (StackExchange)
• Issues with static IV in AES (StackExchange)

Scenario:
1) Multiple clients connect to a WebAPI.
2) Client requests a Diffie-Hellman Exchange Key during their initial hand-shaking and then reuse the 'shared secret key' for the next API call only if this occurs within 20 seconds (Shared Keys expire after 20 seconds on the server).

What's the recommended Encryption method using this 'shared secret key'?
It seems to be AES but then I have the problem of the IV value.

Can the IV be a fixed value for ALL clients?
Can the IV be public just within those set of client calls blocks?Should the IV be relevant somehow to the shared secret key?

Is there a better or similar encryption mechanism that does only need a key (no IV, no other values needed)?

Сценарий:
1) Несколько клиентов подключаются к WebAPI.
2) Клиент запрашивает ключ обмена Diffie-Hellman во время их первоначального дрожания рук, а затем повторно использует «общий секретный ключ» для следующего вызова API, только если это происходит в течение 20 секунд (общие ключи истекают через 20 секунд на сервере) ,

Каков рекомендуемый метод шифрования с использованием этого «общего секретного ключа»?
Кажется, что AES, но тогда у меня есть проблема значения IV.

Может ли IV быть фиксированным значением для ВСЕХ клиентов?
Может ли IV быть публичным только в тех наборах блоков вызовов клиентов? Должно ли IV иметь отношение как-то к секретному секретному ключу?

Есть ли лучший или похожий механизм шифрования, которому нужен только ключ (нет IV, никаких других значений)?

The IV should be different and random for every encryption operation. It need not be secret. – ntoskrnl30 июл. 142014-07-30 21:53:30

Any reason you aren't just using SSL? Given that this is already a web API, it should be trivial to add, and minimal additional development is required by either you or your clients. It will likely also be more secure than any mechanism you would build yourself. – Iridium31 июл. 142014-07-31 06:31:30

Yes the API runs under SSL already. This extra step is to encrypt licensing info sent back and forth between various clients and the server ....so I'm assuming this should be encrypted further anyway, or am I wrong on this? – SF Developer31 июл. 142014-07-31 19:31:00

Your communications are already secure against eavesdropping, man-in-the-middle attacks and tampering by virtue of being transmitted over an SSL protected channel, what threat are you trying to mitigate with additional encryption? – Iridium31 июл. 142014-07-31 20:14:40

Well, maybe is mis-information on my side. I do have SSL but kind of felts to add extra encrypt when sending back and forth the registration and license info. Are we saying that SSL is enough and if I was sending the license info in plain text ...it would still remain super secure? – SF Developer01 авг. 142014-08-01 14:09:52

I think you can rest assured that SSL is more than capable of protecting your license info. Remember, crypto is very hard to get right, so given the choice it's generally much safer and more secure to go with an established, proven system (like SSL) than try to roll your own. – Iridium02 авг. 142014-08-02 09:21:09

Aes Key And Iv Generator Software

Aes Key And Iv Generator Download

I suppose one could argue that SSL relies on the trust of certificate authorities and you'd like to add an extra layer that does not depend upon that trust. But unless you are an expert in this area, you're probably going to spend a lot of effort to little benefit (as owl already pointed out, there are a lot of issues with what you are proposing). I agree with the others: stick with SSL/TLS. – TheGreatContini04 авг. 142014-08-04 05:11:51