I have an implementation that natively uses the same IV (12 bytes of 0) for all encryption. The key is always a 32 byte SHA-512 hash. I know via this post that I can
deduce the bit-wise XOR of the two plaintexts.
deduce the internal authentication value, and thus modify the ciphertexts without being detected.
How can I achieve either of these?
