In the Erlang crypto library, there is no aes_cfb_ivec function. Does it mean that the same IVec should be used for multiple rounds? Or should the encrypted data from the last step be used, as in the example of "DES in CBC mode" at the end of the linked page?
views:
14answers:
1
+1
A:
The IV MUST NOT be reused. Otherwise, two packets beginning with the same n bytes would end up encrypted into streams with the same n bytes too. This is a strong security issue.
Ideally the IV shall be chosen randomly and uniformly (with a cryptographically strong generator). However, with CFB, you can use the last encrypted block from the previous packet as IV. If you look at the diagram in the Wikipedia article, you will notice that reusing the last packet block as IV for the next is equivalent to considering both packets to be two halves of a big message, encrypted in one run (in that respect, this is equivalent to CBC encryption).
(Just to be clear, I am talking about CFB-m where m is the algorithm block size. In CFB-x you call the block cipher once for every x bits of input; CFB-128 for a 128-bit block cipher such as the AES is the most efficient, hence the most commonly used.)
Thomas Pornin
2010-09-24 13:33:39
"Otherwise, two packets beginning with the same n bytes would end up encrypted into streams with the same n bytes too." I am aware of that, but in our case this is acceptable.
Alexey Romanov
2010-09-24 15:47:52