Predictable block cipher initialization vector
Initialization vector is generated from a weak random number generator
Description
This defect occurs when you use a weak random number generator for the block cipher initialization vector.
Risk
If you use a weak random number generator for the initiation vector, your data is vulnerable to dictionary attacks.
Block ciphers break your data into blocks of fixed size. Block cipher modes such as CBC (Cipher Block Chaining) protect against dictionary attacks by XOR-ing each block with the encrypted output from the previous block. To protect the first block, these modes use a random initialization vector (IV). If you use a weak random number generator for your IV, your data becomes vulnerable to dictionary attacks.
Fix
Use a strong pseudo-random number generator (PRNG) for the initialization vector. For instance, use:
OS-level PRNG such as
/dev/random
on UNIX® orCryptGenRandom()
on Windows®Application-level PRNG such as Advanced Encryption Standard (AES) in Counter (CTR) mode, HMAC-SHA1, etc.
For a list of random number generators that are cryptographically
weak, see Vulnerable pseudo-random
number generator
.
Examples
Result Information
Group: Cryptography |
Language: C | C++ |
Default: Off |
Command-Line Syntax: CRYPTO_CIPHER_PREDICTABLE_IV |
Impact: Medium |
Version History
Introduced in R2017a
See Also
Topics
- Interpret Bug Finder Results in Polyspace Desktop User Interface
- Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access)
- Address Results in Polyspace User Interface Through Bug Fixes or Justifications
- Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access)