1. 24
    1. 6

      For each key there’s also an “IV” which stands for “initialization vector”. The idea seems to be to use a different initialization vector for every message we encrypt/decrypt, for More Security ™.

      Miniature cryptography lesson: A more accurate way to phrase this is “because the algorithm says so needs it”.

      Understanding that the IV is needed because the algorithm says it’s needed makes it a lot less surprising when you learn that different algorithms have different requirements for how secret and how unique the IV needs to be. Luckily, if you just implement “as secret as the key is” and “random, with no birthday-bound collisions for the entire lifetime of the key” you’ll rarely be wrong in a dangerous way.

      1. 10

        IVs are not secret, otherwise we’d call them…“keys”. The most common constraint is “may never be repeated for a single key”, and the punishment for violating that constraint ranges from “attacker can see you sent the same message twice” to “attacker immediately recovers your key” depending on the algorithm.

    2. 1

      don’t implement your own crypto