- § Cryptography
- Many modes of operation use Initialization Vector (IV) to randomize the encryption process so that encrypting the same data twice produces different ciphertexts. (This helps to avoid a slow re-keying.)
- Initialization Vector has different security requirements than encryption key, and usually does not need to be secret.
For some modes of operation, it is important to never reuse Initialization Vector under the same key.
- For CBC and CFB, doing so can lead to leaking some information about the first encryption, and about any common prefix shared by two messages.
- For OFB and CTR, reusing an IV completely destroys security.
- For CBC, the IV must be unpredictable at the time of encryption. Otherwise, it can lead to TLS CBC IV attack.