5a15b560fd
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
15 lines
563 B
Plaintext
15 lines
563 B
Plaintext
==== Use unique IVs
|
|
|
|
To ensure high security, initialization vectors must meet two important
|
|
criteria:
|
|
|
|
* IVs must be unique for each encryption operation.
|
|
* For CBC and CFB modes, a secure FIPS-compliant random number generator should be used to generate unpredictable IVs.
|
|
|
|
The IV does not need be secret, so the IV or information sufficient to determine the
|
|
IV may be transmitted along with the ciphertext.
|
|
|
|
In the previous non-compliant example, the problem is not that the IV is
|
|
hard-coded. +
|
|
It is that the same IV is used for multiple encryption attempts.
|