IV/Nonce Reuse

Description

Reusing IVs/nonces with AES‑GCM/CTR or ChaCha20‑Poly1305 undermines confidentiality and, in some cases, integrity. Predictable or static IVs enable plaintext recovery and key stream reuse attacks.

Examples

Identify Static IVs

rg -n "IvParameterSpec\(new byte\[|GCMParameterSpec\(, *new byte\[" out src

Detect Reuse Empirically

Capture multiple encrypted messages for the same context and compare IV fields. If IVs repeat, the scheme is broken.

Remediation

Unique, random IVs
- Generate cryptographically secure random IVs per message; never hardcode.
AEAD best practices
- Use platform crypto APIs with AEAD modes; include associated data; verify tags.
Version and migrate
- Include version fields to migrate away from flawed formats without breaking clients.

Haxoris Wiki

IV/Nonce Reuse

Description

Examples

Identify Static IVs

Detect Reuse Empirically

Remediation