Assuming that I'm using fixed IV's for CBC mode and CTR mode. I know that in CBC, the blocks depend on the previous ones and on CTR they are all independent. Yet with the same key and fixed IV, the system wouldn't be secure in CTR and with fixed IV same plaintext would be converted to same ciphertext which causes another security issue. Even though I know these, I cannot decide which would be more secure when I use fixed IV's. Any help is appreciated.
Asked
Active
Viewed 835 times
1 Answers
2
If you reuse key&IV(nonce) in CTR mode you have almost no security. You get a two time pad. Xoring to messages, will eliminate the key stream and give you the XOR of the plain texts which usually gives you plenty of information. With multiple such cipher text it gets even easier.
If you reuse IV and key in CBC mode, it isn't good, but it isn't anywhere near as bad. You can't trivially decrypt messages, even if you know parts of the message or you know a lot about the distribution of messages (e.g they are English language). Having a predictable IV let alone a fixed one, allows you to mount a chosen plain text attack, which can verify guesses about any cipher text block. See: Why is CBC with predictable IV considered insecure against chosen-plaintext attack?
Meir Maor
- 12,053
- 1
- 24
- 55