There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.
From all the posts that I’ve seen so far, I’m uncertain as to whether it is safe to send the IV in “plaintext” by prepending it to the cipher text. So the first question is, is it safe to do so?
Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?
Cheers
Yes, it is safe to send the IV in the clear. Here is the ‘proof’ of why:
Take CBC mode for example:
You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.
That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.
Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.