CTR mode use of Initial Vector(IV)

Question

from what I know, CTR mode doesn\'t use an Initial Vector. It just takes a counter, encrypts it with a given key and then XOR\'s the result with the plaintext in order to get th

Answer 1

CTR works by encrypting successive values of a counter. The first value for that sequence is an IV (IV means "initial value"...). So CTR really uses an IV.

If you use CTR mode, with the same key, and happen to reuse a counter value that you already used for some other encryption (with the same key), then you get the infamous two-times-pad, and security has gone down the drain. In particular, using a fixed IV for all messages is a sure recipe for disaster.

An "easy" way to avoid counter repetition is to always select the IV with a cryptographically secure random number generator (think "java.security.SecureRandom") among the set of possible IV, i.e. all 16-byte sequences. That space is sufficiently large that your risk of reusing a counter value at some point can be neglected.

Just to be complete, a fixed IV is tolerable if you make sure that you use a given key only once. Security problems arise when you reuse the same counter value with the same key. However, having a new key for each message is at least as difficult as having a new IV for each message.