Talk:Initialization vector

I was just wondering this. What if IV=0, does it threaten the security in general? —Preceding unsigned comment added by 98.230.18.172 (talk) 18:36, 03:30, 3 December 2008 (UTC)[reply]

Interesting Question. I would say no. 0 is a valid IV. IV have to be non repeating. So an adversary gets no additional information. —Preceding unsigned comment added by 87.185.76.112 (talk) 17:50, 4 February 2011 (UTC)[reply]

ECB usually do not use IV. —Preceding unsigned comment added by 87.185.76.112 (talk) 18:01, 4 February 2011 (UTC)[reply]

IV are separate from 'rounds' and 'keys'. IVs work on the stream. Rounds and Keys on a Block. —Preceding unsigned comment added by 87.185.76.112 (talk) 18:08, 4 February 2011 (UTC)[reply]

What does: "distinction between the encrypted message and the message parts" mean? — Preceding unsigned comment added by 71.132.201.193 (talk) 20:10, 21 June 2011 (UTC)[reply]

Nowhere did I imply that the size of the IV must be that of the block cipher's block size. In fact, I clarified in the next sentence that the size of the IV in block cipher modes is generally the block size. However, there is no concept of a block size for stream ciphers (in the sense of that of block ciphers). Yet, there are several stream cipher designs whose IV size is smaller than that of the key they take. Whenever the size of the IV is smaller than the key size time-memory-tradeoff attacks are possible, reducing the expected time to break the cipher compared to a brute-force attack on the key space. This also applies to block cipher modes of operation, e.g., when AES (which has a 128-block size) is used with a 256-bit key (e.g., in CBC or CTR mode). Sure this paragraph needs additional explanation, but this should be carried out in the article body, for which I didn't find time and energy yet. Guys, if you don't understand post on the talk page rather than insisting on an improper inline comment! Nageh (talk) 15:43, 28 September 2011 (UTC)[reply]