In Safety of a private key when knowing the full content of an encrypted message in case of fixed initialization vector, an answer says
using a fixed IV is bad practice since it allows statistical analysis attacks (read about it here). While K may not be leaked, M might leak from statistical patterns.
In my situation, someone needs to send my web application a short numeric id like 12345 so I can log them in as a user with that id. I'm not sure if I care if an attacker could work out what those id's are, because all it would tell them is that there is a record with id 12345 in the system, and the id itself is meaningless.
Also, in the wiki article, the statistical attack does recover the original image, just aspects of it due to repeated blocks. But there the original image has repeating blocks of similar data. Would this be any issue if the message is just a short identifier like 12345?
In such a situation, can the IV be constant (do I need it at all)?
