1

Every time I encrypt the data, I generate a different IV. Suppose the attacker has access to all files ever encrypted. They don't know the key, but they do know the IV. The problems is: if I save the same data with the same key several times, I generate different encrypted data. Theoretically, this could give the attacker some information about the key or the data, assuming they know that neither have changed. Should I worry about this?

This is mostly a theoretical question. In practice I could simply check if the data or the key have changed. If not, then I don't change the encrypted data.

Wood
  • 111
  • 3

2 Answers2

2

Yes, this is fine and you should always use a random IV, irregardless of the plaintext.

The problem is: if I save the same data with the same key several times, I generate different encrypted data.

That's usually a good property to have.

When this property does not hold, it is possible to know when a pair of plaintexts is equal (without knowing the value of plaintexts). That can be a pretty important finding if the set of messages is small (example: something that encrypts "yes" or "no").

Étienne Millon
  • 123
  • 3
0

This can be generalized to a chosen-plaintext attack where the attacker simply chooses the same plaintext multiple times. A cipher is usually considered broken if it is vulnerable to chosen-plaintext attacks. In particular, there are no known chosen-plaintext attacks against AES.

knbk
  • 865
  • 6
  • 12