How should I generate an initialization vector?

Question

I\'m sure there\'s not one answer to this question, but just trying to find out a general approach.

Using Java 1.4.2, I need to generate a key and IV for use in a sy

Answer 1

It depends on the mode in which you are using your cipher. If you are using CBC, bytes from a SecureRandom are the easiest, and probably the most secure…as long as your RNG is good.

Most Java providers will generate the required parameters automatically, but in order for you to figure out what was chosen, you need to understand the cipher and mode. For example, if you are using a mode that requires an IV, you'd do something like this:

cipher.init(Cipher.ENCRYPT_MODE, secret);
IvParameterSpec spec = 
   cipher.getParameters().getParameterSpec(IvParameterSpec.class);
byte[] iv = spec.getIV();

This allows the provider to choose a suitable method for generating the IV itself. But if you were to use the same method on cipher using ECB mode, it would fail.

Using a counter mode obviously requires great care to avoid re-use of the counter.

Answer 2

As the other answers implied, use a secure random number generator to create the IV.

Just as an aside though, you don't need to send the IV through a secure channel - it's usual to just prepend it to the message. Remember that it's far more important that you use a fresh IV for each message, than that you keep the IVs secret. Pre-sharing the IVs at the same time as the key implies either than you're re-using IVs (bad), or have a limit on the number of messages you can send.

Answer 3

For some implementations, the SecureRandom class will help you out by producing true random numbers:

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

It has two methods, getProvider() and getAlgorithm() which should give you some information about which implementation is used. From this page it seems that the pseudo random generator SHA1PRNG (which is seeded with true random data) is one of them or even the only one currently available.

Answer 4

If you are using GUI or you have access to system calls to user data input hardware (mouse preferred) you can create a vector of pairs of mouse pointer coordinates as user moves it. Add them to some string. Than use your favorite hash function on the string to create completely random IV with high entropy.