Encryption: Using a static IV

350300 pts.
Tags:
Encryption
A part of our team has had to extend our website to try to communicate user credentials for a suppliers website. We're using a 256-bit key but they're using a static IV for decrypting the information.

We've advised them not to use static because it's an a security risk. But we want to know how big of a security risk is it? Does anyone have any information? Thanks!

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    How do you mean they're using a static IV to decrypt? Specific system details on each end of this equation would be helpful.

    I'm curious, why do you say it's a security risk?

    What/who are you ultimately trying to these credentials from?
    17,375 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following