-
Notifications
You must be signed in to change notification settings - Fork 9
Description
Problem
When Bob and Alice exchange messages using symmetric encryption, a random ivspec
is generated by either party and sent along with the encrypted message such that it can be decrypted by the other part.
ivspec
should never be duplicated for a given key pair, currently a random sequence of 16 bytes is generated, but a sequence number incrementing with each message would be preferable to further reduce the risk of reuse of ivspec
.
Solution
Instead of using a single symmetric key, Bob and Alice use two.
One is used when Alice communicates to Bob, the other is used when Bob communicates to Alice.
Both Bob and Alice can independently manage an ivspec
sequence without risk of overlap.
Alternatives
There are no clear alternatives to ensuring Alice and Bob never reuse the same ivspec
for a given key without falling back to random numbers which aren't really improving matters on the current implementation.
Additional Context
If key rotation is implemented and reasonably frequent, the risk of duplicate random ivspec
is further reduced.