[openssl-users] AES-256 Do I need random IV?

Hanno Böck hanno at hboeck.de
Thu Apr 27 12:20:51 UTC 2017

On Thu, 27 Apr 2017 15:00:37 +0300
Yaşar Arabacı <yasar11732 at gmail.com> wrote:

> For AES-256 encryption, should IV be random? I am already using a
> random salt, so I was wondering if IV should be random too.

An IV is part of a cipher mode. AES-256 is just a block cipher. You
can't use it on its own. So you need to specify which cipher mode you
want to use in order to make sense. You most likely want to use GCM.

The requirement for the IV is usually that it's unique. Choosing it
at random may or may not be a good idea, depending on how much data
you encrypt and how long the IV is for that particular cipher mode. For
GCM using random IVs is not exactly recommended, better use a counter
if you can keep state. But if you only encrypt small amounts of data
per key a random IV is doable.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

More information about the openssl-users mailing list