I was reading the OpenVPN security overview which states that an Explicit IV is used to ensure that two packets with the same plaintext do not encrypt to the same ciphertext. However, the Overview did not state the size of the Initialization Vector. I found this page (http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn/ssl.h) which states that "
Ciphertext IV (size is cipher-dependent, if not disabled by * --no-iv). So, does the IV size depend only on the cipher used or does it also depend on the key size? For example would AES-128-CBC and AES-256-CBC use the same IV size? Also, the Security Overview stated that the Initialization Vector was created using a pseudo-random number generator, and that each IV is randomized. If this is the case, what is to prevent IV collisions? Is anything done to prevent an IV being used twice with the same encryption key or is the IV of a sufficient size that the likelihood of this occurring is nominal?
signature.asc
Description: OpenPGP digital signature
