What are Initialization Vectors (IVs) for anyway?
When it comes to encrypting data, there are many different types of encoding. Some are more effective than others, and some are more complicated than others .
There are even different ways of encrypting blocks of information, and we call those unlike methods modes of mathematical process .
Some approaches involve using something called an Initialization Vector ( aka IV ). The IV is combined with the privy key in rate to encrypt data that ’ s about to be transmitted.
just before encoding occurs, we add the low-level formatting vector, or IV, and it adds extra randomization to the final examination ciphertext. then, on the moment obstruct of data, we use the resulting ciphertext as the IV for the following block, and therefore on .
This is important because it ensures that even if we’re using the exact same plaintext and secret key more than once, the resulting encryption will look different every time. This besides makes it much more unmanageable for an attacker to reverse mastermind a network ’ second encoding, even if they were able to gain access to plaintext information .
What are IV attacks?
There can be some situations where an IV attack can overcome the auspices that we fair talked about, and end up allowing an attacker to figure out the secret key being used. More mod radio receiver protocols like WPA2 and WPA3 prevent this from happening, but WEP was vulnerable to this attack.
Read more: A Few Thoughts on Cryptographic Engineering
Because WEP uses 24-bit IVs, which is quite minor, IVs ended up being re-used with the same key. Because IV keys are transferred with the data in plaintext so that the receiving party is able to decrypt the communication, an attacker can capture these IVs .
By capturing adequate recur IVs, an attacker can easily crack the WEP confidential key, because they ’ re able to make smell of the encrypted datum, and they ’ ra able to decrypt the secret key .
This is one of the many reasons that WEP was deprecated and replaced with much more plug radio protocols.
Read more: A Few Thoughts on Cryptographic Engineering
Defenses against IV attacks
Defending against IV attacks comes down to using more secure radio protocols such as WPA2 or WPA3. WEP was deprecated a while ago, and WPA is considered less guarantee than WPA2, so both should be avoided .
WPA2 and 3 use 48-bit IVs alternatively of 24-bit IVs, which may not sound like much, but it adds a massive phone number of newfangled electric potential IV combinations as compared to WEP, which makes it far less probably to repeat .
That ’ s not the lone reason that WPA2 and 3 are stronger than WEP, but it surely does help. We ’ ll review some of the early reasons in a future blog post and in our CompTIA Security+ preparation course .