1
$\begingroup$

Every time I encrypt the data, I generate a different IV. Suppose the attacker has access to all files ever encrypted. They don't know the key, but they do know the IV. The problems is: if I save the same data with the same key several times, I generate different encrypted data. Theoretically, this could give the attacker some information about the key or the data, assuming they know that neither have changed. Should I worry about this?

This is mostly a theoretical question. In practice I could simply check if the data or the key have changed. If not, then I don't change the encrypted data.

Improve this question
$\endgroup$
0

2 Answers 2

Reset to default
2
$\begingroup$

Yes, this is fine and you should always use a random IV, irregardless of the plaintext.

The problem is: if I save the same data with the same key several times, I generate different encrypted data.

That's usually a good property to have.

When this property does not hold, it is possible to know when a pair of plaintexts is equal (without knowing the value of plaintexts). That can be a pretty important finding if the set of messages is small (example: something that encrypts "yes" or "no").

Improve this answer
$\endgroup$
2
  • $\begingroup$ I can't see why that would be a problem, since the user and the key are the same. For the attacker, it's like looking at the encrypted data twice. On the other hand, if the encrypted data changes and the attacker knows that the key and the original data are the same, that could theoretically give him additional information. $\endgroup$ Commented Mar 31, 2017 at 13:09
  • 1
    $\begingroup$ suppose your post office has an encrypted API that can tell you whether a package has arrived. You connect to it every minute and it replies "no", "no", "no", "no", "yes". An attacker can then know when the package arrived. Whether you want that property or not depends on the problem. $\endgroup$ Commented Mar 31, 2017 at 13:25
0
$\begingroup$

This can be generalized to a chosen-plaintext attack where the attacker simply chooses the same plaintext multiple times. A cipher is usually considered broken if it is vulnerable to chosen-plaintext attacks. In particular, there are no known chosen-plaintext attacks against AES.

Improve this answer
$\endgroup$

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.