Is my method of generating Initialisation Vector for Cipher Block Chaining secure?

0
votes

In my message I have header containing unique message ID and timestamp (along with some other data) and payload. I sign whole message using HMAC with first key and MD5 or SHA-256 as hash algorythm. Then i use first 16 bytes of signature as IV for encrypting payload with CBC AES with second key. I attach signature to the message.

Is My IV unpredictable enough? Is signing a plain payload making my security vulnerable?

1
securityencryptionaeshmac
I'm voting to close this question as off-topic because it is a crypto rather than a programming question. - President James K. Polk
@JamesKPolk I disagree, the question is about implementation, creating the IV and signing. - zaph
Consider accepting answers that are helpful. By accepting a answer you are indicating to future readers that it is a correct answer. To accept an answer click on the hollow checkmark next to the answer that is best, doing so will increase your reputation and allow more capabilities, See reputation faq See this page for more detail. - zaph
I am afraid James is right. Moving my question to Crypto - kiciek

1 Answers

2
votes

Just create the IV with a cryptographic random (CPRNG) function, use it and pre-pend it to the encrypted data for use in decryption.

The signing is unclear, the entire message except the MAC value should be signed, that is any pre-amble, IV, MAC seed and encrypted message, IOW encrypt and then MAC.