1

I'm using CBC mode. I'm thinking of sending the IV encrypted in ECB mode(since it is only a block), instead of sending the "plain" IV. Will i gain some security?

danieltorres
  • 370
  • 2
  • 12
  • 1
    Off topic here, as it does not include programming. Try [crypto](http://crypto.stackexchange.com/questions/2280/why-is-the-iv-passed-in-the-clear-when-it-can-be-easily-encrypted) next time... – Maarten Bodewes Nov 18 '12 at 23:37
  • Related: [Why is the IV passed in the clear when it can be easily encrypted?](http://crypto.stackexchange.com/questions/2280/why-is-the-iv-passed-in-the-clear-when-it-can-be-easily-encrypted) on [crypto.SE](http://crypto.stackexchange.com/) – CodesInChaos Nov 19 '12 at 21:50
  • Hey @CodesInChaos I actually pointed to that one in my previous comment, but I admit I could have made that more clear. Glad we are in agreement :) – Maarten Bodewes Nov 23 '12 at 23:31

1 Answers1

5

You do not need to encrypt the IV in CBC mode. There is no security advantage. See an earlier answer of mine on the 'proof' of why. Sending IV along with cipher text, safe?.

The short answer is, when you look at CBC mode, the previous ciphertext block effectively becomes the IV for the next block. We transmit the ciphertext blocks in the clear (if that makes sense?), and so if there were a risk with the first block, there would be a risk for every block.

Community
  • 1
  • 1
mfanto
  • 14,168
  • 6
  • 51
  • 61
  • but if the attacker knows the IV he might try to change the first block, changing the respective bits of the iv. Isn't that a problem? – danieltorres Nov 19 '12 at 22:10
  • Yes it is, but encrypting the IV isn't how you solve it. Encryption doesn't provide any protection against tampering. Instead, you need to use a Message Authentication Code (http://en.wikipedia.org/wiki/Message_authentication_code). This computes a one-way hash (with a secret key) of the data, and you can use it to validate whether it's been tampered with. The simple rule is, you don't need to encrypt your IV, but you ABSOLUTELY MUST MAC your data, regardless of the mode you use. – mfanto Nov 19 '12 at 23:39
  • No problem, it's definitely not intuitive. The book 'Practical Cryptography' gives some good advice for developers on crypto basics if you're interested. But to explain a bit more, attackers can tamper with any of the encrypted data: the iv, they can re-arrange ciphertext blocks out of order, flip bits in CTR mode, etc. The basic idea is: encryption ensures no one can read the message, MAC's ensure no one tampers with the message, and digital signatures prove who the message is from (that's not strictly true, but good enough for an overview). – mfanto Nov 19 '12 at 23:50