Skip to main content
Cryptography

Questions tagged [initialization-vector]

Ask Question

Unique data used by block cipher modes of operation to randomize the output in order to achieve semantic security. Also for other similar constructs in other iterative algorithms.

403 questions
Newest Active Bountied Unanswered
3 votes
3 answers
372 views

Using the AES algorithm in CBC mode, my goal is to transfer some encrypted JSON data with known keys (that means that roughly 40% to 60% of the plaintext data might be known by the attacker including ...
reza0310's user avatar
  • 33
3 votes
0 answers
118 views

I'm looking at using AES-256-GCM to encrypt data at rest (in a database) with logged-in user id's (among possibly other things) as the authenticated data. I'd like the application to (eventually) ...
ManRow's user avatar
  • 373
0 votes
1 answer
148 views

I'm making an online Client-Server game where upon a client's connection a sessionKey is generated by the server and exchanged securely under TLS during authentication, so that the client can also ...
desynchedneo's user avatar
  • 3
5 votes
2 answers
627 views

This answer to a similar question on AES-GCM says that using a the hash of the combination of message and key as a nonce (left half bits of counter, as I understand it, for AES-CTR) would be OK, but ...
Harald's user avatar
  • 165
0 votes
1 answer
114 views

I'm learning about block cipher operation modes and have a small question. I am listening to a lecture recording that casually mentions that when using Galois Counter Mode with AES over the internet (...
Joshua Schroijen's user avatar
  • 133
3 votes
2 answers
232 views

I have been reading about AES-CTR mode, and the risk of overlapping IVs. For example, one message uses random IV a, and another message uses a different random IV ...
Jesse's user avatar
  • 133
2 votes
1 answer
161 views

$$\text{HMAC}(K, m) = \text{H}((K' \oplus \mathbb{opad}) || \text{H}((K' \oplus \mathbb{ipad}) || m))\\K' = \begin{cases} \text{H}(K) & \text{if } K \text{ is larger than block size} \\ K & \...
eternalstudent's user avatar
  • 21
2 votes
3 answers
836 views

AES-CTR and authenticated variants tend to have a 'problem' with lacking bit real-estate for nonce & counter. Why hasn't an AES-512 variant been standardized at some point? It would allow moving ...
Angelica's user avatar
  • 21
0 votes
1 answer
456 views

I have read multiple times that data encrypted with the AES-GCM scheme fails catastrophically if you reuse the IV in different instances, leaking the XOR table (to my understanding this means no key ...
Reaper's user avatar
  • 103
0 votes
0 answers
76 views

I have AES CBC 128 bit code in hex (each 2 character is one byte in hexadecimal representation). ...
Krzysiek's user avatar
  • 1
0 votes
1 answer
209 views

I'm making documentation for an ethernet gateway that using Lantronix xPortEDGE module. It can encrypt/decrypt in AES 128, 192 and 256 bits. I'm struggling to get more information from the ...
corso66's user avatar
  • 3
1 vote
1 answer
277 views

I have a black box system that is doing some encryption that I need to reverse engineer so I can replicate it in new software. I know the input, the output, and the key. An example: Plain text: ...
Jordan's user avatar
  • 141
0 votes
0 answers
91 views

I'm implementing a mobile VPN product based on AES-GCM that should be resistant against fingerprinting the movements of mobile nodes. A difficulty is that the mobile nodes may not have the best ...
juhist's user avatar
  • 1,643
2 votes
1 answer
131 views

I have designed a cryptographical protocol which uses AES-GCM with a single key. I have gone to great lengths to ensure the same initialization vector is never reused. The first bits of the ...
juhist's user avatar
  • 1,643
2 votes
1 answer
196 views

I'm just confused about this topic problem. I know that the CBC mode will be vulnerable to CPA attacks if the IV is predictable, but what about the CTR mode?
zephyr Victor's user avatar
  • 23

15 30 50 per page
1
2 3 4 5
27