📝TLS CBC IV attack

§ Cryptography
  • For CBC, the IV must be unpredictable at encryption time.
  • Using the ciphertext of the previous block as the IV for the next block encryption (as was used in SSL 2.0) is insecure.
  • If an attacker knows the IV (or the previous block of ciphertext) before he specifies the next plaintext, he could test his guess about plaintext of some previous encryption.