4

I wish to be more efficient in generating a random key and a random IV for the encryption. But is it workable and safe to use the random key as the IV?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Chong Lip Phang
  • 8,755
  • 5
  • 65
  • 100
  • 1
    I'm voting to close this question as off-topic because this is not about programming. It's also a cross-site duplicate of [Problems with using AES Key as IV in CBC-Mode](http://crypto.stackexchange.com/questions/16161/problems-with-using-aes-key-as-iv-in-cbc-mode). – Artjom B. Jun 05 '16 at 07:08

2 Answers2

2

You could but it would not be secure.

The usual practice is to use a cryptographically secure random byte sequence for the iv and to prepend the iv to the encrypted data. This allows the decryption function to have the same iv.

By using a random iv if the same message is encrypted with the same key the cipher text will be different, usia the key will allow the same cipher text. Having the same cipher text may give away crucial information.

Trading efficiency for security is not a good idea and if it is not proven that the extra efficiency is needed by benchmark testing it is premature optimization.

Donald Knuth:

The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming.

zaph
  • 111,848
  • 21
  • 189
  • 228
0

You are doubling your security problem. An ordinary IV can be sent as-is with the cyphertext message, usually prepended to it. If your IV is the same as the key, then you have to keep the IV as secure as the key, which means you can't do the usual prepending. You will have to add an 'IV exchange' process to your 'key exchange' process.

All that is extra work. Easier to use a standard CSPRNG to produce your IV and prepend it.

rossum
  • 15,344
  • 1
  • 24
  • 38
  • True, but it misses the point of an IV, which allows the use of a single key for many different messages. With key=IV you need to change to a new key every message for security. An IV is only good for one message; a key can be used for many messages, s long as they are not too large. – rossum Jun 05 '16 at 18:23
  • Yes and that is not the message of the answer. The answer is about keeping something extra secret when in fact there is nothing extra. – zaph Jun 05 '16 at 19:14