Derived IV for AES

1
votes

If a new random AES key is generated every time a transaction takes place between parties. Does it matter if the IV is derived from the key?

For example: Bob sends a AES-CBC encrypted message to Alice. For which Bob created a random 256 bit key. Now say Bob uses the first 128 bits of sha256(key) to get an IV for encryption.

Bob secures the key with RSA encryption using Alice's public key. Now Alice decrypts the key using her RSA private key. Then Alice uses the first 128 bits of sha256(key) to obtain the IV to use to do decryption.

Alice and Bob continue to talk using the same procedure but generate a new random key each time a message is sent.

Now say Eve can read Bob and Alice's cipher texts both the AES and RSA. Also Eve knows that Bob and Alice are deriving the IV from the key and the method used. That still does not help Eve crack the message?

1
encryptionaesrsa
Couldn't you just generate a few more random bytes for the IV and send that as well? If you exchange the AES key for every freakin' message the overhead is already so big that it would hardly matter... (Yes, this is a hidden hint that it's unnecessary to exchange new keys for every message)konqi

1 Answers

5
votes

If your key is different for each message then you don't need an IV (in other words, your IV may consists of all zeros). What you really should not do is encrypt the IV using the same key, or derive the IV from the key.

The IV is used to allow for key reuse. If you don't reuse the key (even in time) then the IV is useless. Because the IV is for key reuse, deriving it from just the key is obviously not the thing to do, and you may easily compromise the key if you would reuse it.