There are many published reports that on older versions of Android, we need to provide our own SecureRandom-based initialization vector (IV), as the default ones are not random:
- Generating IV for AES in Java
- https://medium.com/@tiensinodev/basic-android-encryption-dos-and-don-ts-7bc2cd3335ff
- https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/
- Android cryptography API not generating safe IV for AES
Conversely, as of API Level 23, if you try to provide your own IV, you also have to call setRandomizedEncryptionRequired(false) on the KeyGenParameterSpec.Builder, as otherwise you get a "Caller-provided IV not permitted when encrypting" exception.
Presumably, somewhere along the line, Android went from "awful" to "good enough" in terms of IV generation.
What is the cutoff, below which we should generate our own IV versus use Android's generated IV?
1 Answers
Answers 1
From a security point of view, you should always provide your own IV, because you have total control of its randomization quality.
Regarding the exception, in the perspective of Android, your provided IV is fixed, i.e. it does not have control of the randomization quality, so the exception "Caller-provided IV not permitted when encrypting" tries to warn developers against using bad IV and encourage them to use the built-in IV.
However, Andoid's built-in IV is just one method to build the IV. As you can see, no one assures its quality as of API Level 23, so the best way to to assure your own IV quality.
0 comments:
Post a Comment