Jump to content

Initialization vector: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
WEP IV
No edit summary
Line 1: Line 1:
In [[cryptography]], an '''initialization vector''' ('''IV''') is a block of bits that is required to allow a [[stream cipher]] or a [[block cipher]] to be executed in any of several [[block cipher modes of operation|streaming modes of operation]] to produce a unique stream independent from other streams produced by the same [[encryption]] key, without having to go through a (usually lengthy) re-keying process.
In [[cryptography]], an '''initialization vector''' ('''IV''') is a block of bits that is required to allow a [[stream cipher]] or a [[block cipher]] to be executed in any of several [[block cipher modes of operation|streaming modes of operation]] to produce a unique stream independent from other streams produced by the same [[encryption]] key, without having to go through a (usually lengthy) re-keying process.


The size of the IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block size of the cipher or as large as the encryption key. The IV must be known to the recipient of the encrypted information to be able to decrypt it. There are a number of ways to ensure that: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as [[RSA SecurID]], [[VASCO]] [[Digipass]], etc.), [[Digital_identity|IDs]] such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc. A number of variables can be combined or [[Cryptographic hash function|hashed]] together, depending on the protocol. If the IV is chosen at [[random]], the cryptographer must take into consideration the probability of collisions, and if an incremental IV is used as a [[cryptographic nonce|nonce]], the algorithm's resistance to related-IV attacks must also be considered.
The size of the IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block size of the cipher or as large as the encryption key. The IV must be known to the recipient of the encrypted information to be able to decrypt it. This can be ensured in a number of ways: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as [[RSA SecurID]], [[VASCO]] [[Digipass]], etc.), [[Digital_identity|IDs]] such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc. A number of variables can be combined or [[Cryptographic hash function|hashed]] together, depending on the protocol. If the IV is chosen at [[random]], the cryptographer must take into consideration the probability of collisions, and if an incremental IV is used as a [[cryptographic nonce|nonce]], the algorithm's resistance to related-IV attacks must also be considered.


IVs are implemented differently in block ciphers and in stream ciphers. In straight-forward operation of block ciphers or so-called Electronic Code Book (ECB) mode, encryption of the same plain text with the same key results in the same ciphertext, which is a considerable threat to security. Use of an initialization vector linearly added to ([[XOR|XORed]] with) the first block of plaintext or included in front of the plaintext prior to encryption in one of the streaming modes of operation solves this problem.
IVs are implemented differently in block ciphers and in stream ciphers. In straight-forward operation of block ciphers or so-called Electronic Code Book (ECB) mode, encryption of the same plain text with the same key results in the same ciphertext, which is a considerable threat to security. Use of an initialization vector linearly added to ([[XOR|XORed]] with) the first block of plaintext or included in front of the plaintext prior to encryption in one of the streaming modes of operation solves this problem.

Revision as of 23:30, 5 May 2008

In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher to be executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to go through a (usually lengthy) re-keying process.

The size of the IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block size of the cipher or as large as the encryption key. The IV must be known to the recipient of the encrypted information to be able to decrypt it. This can be ensured in a number of ways: by transmitting the IV along with the packet, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as RSA SecurID, VASCO Digipass, etc.), IDs such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc. A number of variables can be combined or hashed together, depending on the protocol. If the IV is chosen at random, the cryptographer must take into consideration the probability of collisions, and if an incremental IV is used as a nonce, the algorithm's resistance to related-IV attacks must also be considered.

IVs are implemented differently in block ciphers and in stream ciphers. In straight-forward operation of block ciphers or so-called Electronic Code Book (ECB) mode, encryption of the same plain text with the same key results in the same ciphertext, which is a considerable threat to security. Use of an initialization vector linearly added to (XORed with) the first block of plaintext or included in front of the plaintext prior to encryption in one of the streaming modes of operation solves this problem.

In stream ciphers, IVs are loaded into the keyed internal secret state of the cipher, after which a number of cipher rounds is executed prior to releasing the first bit of output. For performance reasons, designers of stream ciphers try to keep that number of rounds as small as possible, but because determining the minimal secure number of rounds for stream ciphers is not a trivial task, and considering other issues such as entropy loss, unique to each cipher construction, related-IVs and other IV-related attacks are a known security issue for stream ciphers, which makes IV loading in stream ciphers a serious concern and a subject of ongoing research.

WEP IV

The 802.11 encryption algorithm called WEP (short for Wired Equivalent Privacy) used a "weak IV" that was led to it being easily cracked.[1] Packet injection allowed for WEP to be cracked in times as short as 15 minutes or less. This ultimately led to the deprecation of WEP.

See also

References

  1. ^ Nikita Borisov, Ian Goldberg, David Wagner. "Intercepting Mobile Communications: The Insecurity of 802.11" (PDF). Retrieved 2006-09-12. {{cite journal}}: Cite journal requires |journal= (help)CS1 maint: multiple names: authors list (link)
  • B. Schneier, 'Applied Cryptography', Wiley 1996
  • N. Ferguson and B. Schneier, 'Practical Cryptography', Wiley 2003