I was reading the OpenVPN security overview which states that an
Explicit IV is used to ensure that two packets with the same plaintext
do not encrypt to the same ciphertext. However, the Overview did not
state the size of the Initialization Vector. I found this page
(http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn/ssl.h)
which states that "           
                              

Ciphertext IV (size is cipher-dependent, if not disabled by
 *       --no-iv).


So, does the IV size depend only on the cipher used or does it also
depend on the key size? For example would AES-128-CBC and AES-256-CBC
use the same IV size?

Also, the Security Overview stated that the Initialization Vector was
created using a pseudo-random number generator, and that each IV is
randomized. If this is the case, what is to prevent IV collisions? Is
anything done to prevent an IV being used twice with the same encryption
key or is the IV of a sufficient size that the likelihood of this
occurring is nominal?



Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to