[xmlsec] Initialize IV for AES-CBC mode

Sood, Sanjeev sanjeev.sood at intel.com
Mon Jul 19 09:37:38 PDT 2004


Thanks for your explanation. I stand corrected on my previous statement.
It was the session secret seed that is exchanged in the handshake and is
used to initialize the IV. IV will be passed in for every encryption


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Friday, July 16, 2004 4:58 PM
To: Sood, Sanjeev; xmlsec at aleksey.com
Subject: Re: [xmlsec] Initialize IV for AES-CBC mode

No, it does not. The purpose of IV vector is to provide "randomness"
for block cipher encryption. New IV should be generated for *every*
encryption operation. DES has a well known attack when >1 message is
encrypted with same IV. AFAIK, it is not the case with AES but by
nature of block ciphers, using same IV vector weaknesses encryption.

Going back to XML Encryption. You should not worry about IVs. The IV
is automatically generated by xmlsec on encryptor side, sent along
with the message (as described in XML Encryption spec) and then
automatically extracted from the message by xmlsec on decryptor side.
The application only needs to exchange AES keys, there are no need to
exchange IVs. Not that sending IV with the message is a part of
XML Encryption spec. Thus not only xmlsec but any other xml encryption
toolkit should be able to extract IV from the message.

IMHO, "security thru obscurity" is not the best way of developing
security applications. And I am not sure why you think that disclosing
the protocol to me is better than doing it to the list :)


Sood, Sanjeev wrote:
> I apologize for writing to you in private. I don't want to disclose
> application protocol in the message list.
> < The protocol description is skipped >

More information about the xmlsec mailing list