Handling transfer of iv (initialization vectors)

About

Asked 27/6, 2016 at 17:22 Answered 27/6, 2016 at 17:29

Solved encryption cryptography initialization-vector

I have a site A and site B where site A needs to send sensitive encrypted data to site B for site B to decrypt. I know that its best to encrypt using a randomized cryptographic initialization vector (iv) which is unique to each secret string, but my question is:

Given the transfer is made using https, is it safe to send the iv along with the cipher text? Are there best practices to follow for transfer of the iv?

My understanding is that the iv is part of the beginning of the cipher text so I'm inclined to believe there's no real security threat in having the iv in plain sight.

Thanks!

Covington answered 27/6, 2016 at 17:22 Comment(6)

So you want an assurance that sending it is ok? Why do you think that this would not be ok? What have you read that you have doubt about its security? – Guidepost 27/6, 2016 at 17:31

I'm voting to close this question as off-topic because this is not about programming, but Cryptography. – Guidepost 27/6, 2016 at 17:31

It was discussed at length here. Be sure to follow the duplicate link. – Guidepost 27/6, 2016 at 17:32

@ArtjomB. I was just looking at exactly that Q. Yes, that's a much more complete answer (and the correct site for the question). – Cedilla 27/6, 2016 at 17:34

Never knew about that site 'till now. Thanks! – Covington 27/6, 2016 at 17:36

By convention the iv is prepended to the encrypted data, it is not a secret. – Onwards 27/6, 2016 at 17:52

A random IV is not a secret. It is no more sensitive than the ciphertext itself. You can transmit it along with the ciphertext without concern.

The only secret in a properly designed crypto system is the key (and obviously the plaintext). Everything else (IVs, salts, algorithms, padding, everything) is assumed be be known by attackers.

Cedilla answered 27/6, 2016 at 17:29 Comment(2)

That is not correct. For some mods of encryption it is more sensible than ciphertext. Sending it in plaintext opens some attack vectors. For example, if the attacker gets single encoded message together with it's plaintext, they may use the unencrypted IV to forge the encrypted message, without knowing the key. See #59060664 – Panelist 5/4, 2022 at 20:2

@Panelist You're describing authentication, which is a separate issue. The solution is not to try to hide the IV (which is hopeless, because you still need a way to exchange the IV, which just recurses your problem). The solution is to use an authenticated mode (GCM) or format (CBC+HMAC). The IV should not be secret. If it must be, your crypto-system is broken. As this answer notes, the IV is no more sensitive than the ciphertext itself. Without authentication, the attack you link to is possible against any ciphertext, not just a prepended IV. – Cedilla 5/4, 2022 at 20:29

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags