Backslash Vulnerability Database Generation of Weak Initialization Vector (IV)
Generation of Weak Initialization Vector (IV)
CWE-1204
Short description
The product uses a cryptographic primitive that uses an Initialization
Vector (IV), but the product does not generate IVs that are
sufficiently unpredictable or unique according to the expected
cryptographic requirements for that primitive.
Extended description
By design, some cryptographic primitives
(such as block ciphers) require that IVs
must have certain properties for the
uniqueness and/or unpredictability of an
IV. Primitives may vary in how important
these properties are. If these properties
are not maintained, e.g. by a bug in the
code, then the cryptography may be weakened
or broken by attacking the IVs themselves.
Best practices to prevent this CWE
Phase: Implementation
Different cipher modes have different requirements for their IVs. When choosing and implementing a mode, it is important to understand those requirements in order to keep security guarantees intact. Generally, it is safest to generate a random IV, since it will be both unpredictable and have a very low chance of being non-unique. IVs do not have to be kept secret, so if generating duplicate IVs is a concern, a list of already-used IVs can be kept and checked against.
NIST offers recommendations on generation of IVs for modes of which they have approved. These include options for when random IVs are not practical. For CBC, CFB, and OFB, see; for GCM, see.