crypto-ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM from Web Cryptography Working Group Issue Tracker on 2013-04-23 (public-webcrypto@w3.org from April 2013)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 23 Apr 2013 20:49:03 +0000
To: public-webcrypto@w3.org
Message-Id: <E1UUk99-0007rS-G2@nelson.w3.org>

crypto-ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM

http://www.w3.org/2012/webcrypto/track/issues/44

Raised by: Richard Barnes
On product: 

For several of the current symmetric encryption modes (CBC, CFB, GCM), the use of randomly-generated IVs is sufficient to meet the requirements of the relevant FIPS specifications.  We should therefore require the API to generate a random IV if one is not specified by the developer.

The same could be done for CTR, but this would not be strictly FIPS-compliant.

Related mailing list thread: <http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0105.html>

Received on Tuesday, 23 April 2013 20:49:04 UTC