ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM

Require creation of random IVs by default for CBC, CFB, GCM

State:
CLOSED
Product:
Raised by:
Richard Barnes
Opened on:
2013-04-23
Description:
For several of the current symmetric encryption modes (CBC, CFB, GCM), the use of randomly-generated IVs is sufficient to meet the requirements of the relevant FIPS specifications. We should therefore require the API to generate a random IV if one is not specified by the developer.

The same could be done for CTR, but this would not be strictly FIPS-compliant.

Related mailing list thread: <http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0105.html>
Related Actions Items:
Related emails:
  1. W3C Web Crypto WG - take away from 10th of Feb call (from Virginie.GALINDO@gemalto.com on 2014-02-13)
  2. Re: ISSUE-44 and ISSUE-46 (from sleevi@google.com on 2014-02-12)
  3. ISSUE-44 and ISSUE-46 (from rlb@ipv.sx on 2014-02-12)
  4. W3C Web Crypto WG - progressing on ISSUE-44 (and ACTION-128) (from Virginie.GALINDO@gemalto.com on 2014-01-09)
  5. Developers' crypto design choices (from rbarnes@bbn.com on 2013-11-14)
  6. crypto-ISSUE-44: Require creation of random IVs by default for CBC, CFB, GCM (from sysbot+tracker@w3.org on 2013-04-23)

Related notes:

No additional notes.

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 44.html,v 1.1 2017/02/13 16:16:52 ted Exp $