I was reading about Encrypt-then-MAC and everywhere I go it seems people include the IV with the ciphertext generated for each message then MAC that and send all the information concatenated.
Why do I need to send the IV more than once?
Asked
Active
Viewed 943 times
1 Answers
1
I assume your protocol is message oriented. You needn't repeat the IV, but need to supply a new one for every message.
This can be either:
- a random string from a CSPRNG,
- a concatenation of a random string (sent once per session, if you're traffic-savvy) and a message counter (can be omitted from the packet, too), or
- a member of any other unique sequence of 'reasonably random' block-sized blobs.
For CBC mode, the IVs should be sufficiently random, e.g. output from (2) may be hashed.
NekojiruSou
- 131
- 4