Proper Use of Initialization Vector (IV)
Summary
Symmetric encryption should use a random IV (Initialization Vector) which should have the same length of the encryption key.
Description
The requirement emphasizes that the IV should be random. A random IV adds unpredictability to the encryption process, becoming more resistant to certain types of cryptographic attacks, especially those based on analyzing patterns or repetitions in the encrypted data also known as statistical attacks. The introduction of a random IV ensures that even identical plaintexts can produce different ciphertexts as an output.
References
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan