Skip to content

Use non-random initialization vector (IV)

Use non-random initialization vector (IV)

Description

Use of a non-random initialization vector makes the application vulnerable to dictionary attacks.

The following example demonstrates improper settings of hardcoded static IV:

public; class InsecureExample {
    @Override
    public void; run() throws; Exception;{
        byte;[]; IV = "0123456789abcdef".getBytes();
        String; clearText = "Jan van Eyck was here 1434";
        String; key = "ThisIs128bitSize";
        SecretKeySpec; skeySpec = new SecretKeySpec(key.getBytes(), "AES");
        Cipher; cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher;.init(Cipher.ENCRYPT_MODE;, skeySpec;, new; IvParameterSpec(IV))
        byte;[]; encryptedMessage = cipher.doFinal(clearText.getBytes());
        Log;.i(TAG, String.format("Message: %s";, Base64;.encodeToString(encryptedMessage, Base64.DEFAULT;)))
    }
}

Recommendation

  • Random numbers play a key role in ensuring unguessable Initialization Vectors generation
  • In Android applications, SecureRandom class generates random numbers secure enough for use in encryption
  • There exists multiple providers, which are the internal SecureRandom class implementations, and their role is to provide a hash function
  • A Default provider will be selected if not specified
  • Crypto Provider was deprecated in Android 7.0 (API level 24) and removed in Android 9.0 (API level 28) due to it's unsafe SHA1PRNG algorithm
  • It is recommended not to use Crypto Provider
  • If Crypto Provider is specified and SecureRandom is used, NoSuchProviderException will always occur in devices running Android 9.0 and higher, and NoSuchProviderException will occur even in devices running Android 7.0 and higher if targetSdkVersion> =24
  • For this reason, generally, the use of SecureRandom without specifying the provider is recommended
import java.security.SecureRandom;
[...]
    SecureRandom random = new SecureRandom();
    byte [] IV = new byte [128];
    random.nextBytes(IV);
    IvParameterSpec ivParams = new IvParameterSpec(iv)
[...]

Standards

  • OWASP_MASVS_L1:
    • MSTG_CRYPTO_2
    • MSTG_CRYPTO_3
    • MSTG_CRYPTO_4
  • OWASP_MASVS_L2:
    • MSTG_CRYPTO_2
    • MSTG_CRYPTO_3
    • MSTG_CRYPTO_4
  • PCI_STANDARDS:
    • REQ_2_2
    • REQ_3_6
    • REQ_3_7
    • REQ_4_2
    • REQ_6_2