January 29, 2012

3.4.8 IV Attack

IV attack

An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session.

Initialization vectors are used to prevent a sequence of text that is identical to a previous sequence from producing the same exact ciphertext when encrypted. The IV prevents the appearance of corresponding duplicate character sequences in the ciphertext.

The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher.

The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and IVs are reused with the same key. By examining the repeating result, it is easy for miscreants to crack the WEP secret key, known as using an IV attack.

An IV attack is usually associated with the WEP wireless protocol.

References:
  • http://en.wikipedia.org/wiki/Initialization_vector
  • http://whatis.techtarget.com/definition/initialization-vector.html
  • http://www.pcmag.com/encyclopedia_term/0,2542,t=initialization+vector&i=44997,00.asp
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment