Not Using a Random IV with CBC Mode |
Weakness ID: 329 (Weakness Variant) | Status: Draft |
Description Summary
Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
Scope | Effect |
---|---|
Confidentiality | If the CBC is not properly initialized, data that is encrypted can be compromised and therefore be read. |
Integrity | If the CBC is not properly initialized, encrypted data could be tampered with in transfer. |
Accountability | Cryptographic based authentication systems could be defeated. |
Example 1
(Bad Code)
Example Languages: C and C++
#include <openssl/evp.h> EVP_CIPHER_CTX ctx;
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];
RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
(Bad Code)
Example Language: Java
public class SymmetricCipherTest {
public static void main() {
byte[] text ="Secret".getBytes();
byte[] iv ={
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
KeyGenerator kg = KeyGenerator.getInstance("DES");
kg.init(56);
SecretKey key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ips);
return cipher.doFinal(inpBytes);
}
}
Integrity: It is important to properly initialize CBC operating block ciphers or their utility is lost. |
CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 310 | Cryptographic Issues | Development Concepts (primary)699 |
ChildOf | Weakness Class | 330 | Use of Insufficiently Random Values | Research Concepts (primary)1000 |
ChildOf | Weakness Class | 573 | Failure to Follow Specification | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CLASP | Not using a random IV with CBC mode |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
CLASP | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Background Details, Common Consequences, Functional Areas, Relationships, Taxonomy Mappings |