W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

crypto-ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 23 Apr 2013 20:49:03 +0000
Message-Id: <E1UUk99-0007rS-G2@nelson.w3.org>
To: public-webcrypto@w3.org
crypto-ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM

http://www.w3.org/2012/webcrypto/track/issues/44

Raised by: Richard Barnes
On product: 

For several of the current symmetric encryption modes (CBC, CFB, GCM), the use of randomly-generated IVs is sufficient to meet the requirements of the relevant FIPS specifications.  We should therefore require the API to generate a random IV if one is not specified by the developer.

The same could be done for CTR, but this would not be strictly FIPS-compliant.

Related mailing list thread: <http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0105.html>
Received on Tuesday, 23 April 2013 20:49:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC