==== Use unique IVs To ensure high security, initialization vectors must meet two important criteria: * IVs must be unique for each encryption operation. * For CBC and CFB modes, a secure FIPS-compliant random number generator should be used to generate unpredictable IVs. The IV does not need be secret, so the IV or information sufficient to determine the IV may be transmitted along with the ciphertext. In the previous non-compliant example, the problem is not that the IV is hard-coded. + It is that the same IV is used for multiple encryption attempts.