Not using a random initialization vector with cipher block chaining mode

From OWASP
Revision as of 11:09, 16 May 2006 by Jeff Williams (Talk | contribs)

Jump to: navigation, search



Overview

Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.

Consequences

  • Confidentiality: If the CBC is not properly initialized, data which is encrypted can be compromised and therefore be read.
  • Integrity: If the CBC is not properly initialized, encrypted data could be tampered with in transfer or if it accessible.
  • Accountability: Cryptographic based authentication systems could be defeated.

Exposure period

  • Implementation: Many logic errors can lead to this condition if multiple data streams have a common beginning sequences.

Platform

  • Languages: Any
  • Operating platforms: Any

Required resources

.Any

Severity

High

Likelihood of exploit

Medium

Avoidance and mitigation

  • Integrity: It is important to properly initialize CBC operating block ciphers or there use is lost.

Discussion

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

Examples

In C/C++:

#include <openssl/evp.h>

EVP_CIPHER_CTX ctx;
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];

RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);

In Java:

public class SymmetricCipherTest {
   public static void main()  {
      byte[] text ="Secret".getBytes();
      byte[] iv ={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

      KeyGenerator kg = KeyGenerator.getInstance("DES");
      kg.init(56);
      SecretKey key = kg.generateKey();
     
      Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
      IvParameterSpec ips = new IvParameterSpec(iv);
      cipher.init(Cipher.ENCRYPT_MODE, key, ips);
      return cipher.doFinal(inpBytes);
   }
 }

Related problems

Not available.

Categories