Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A random or unique non-secret value fed into a cipher so identical plaintexts encrypt differently, preventing pattern leakage (e.g., AES-CBC).
Initialization Vector (IV) Definition: A random or unique non-secret value fed into a cipher so identical plaintexts encrypt differently, preventing pattern leakage (e.g., AES-CBC).
An Initialization Vector (IV) is a non-secret value fed into a symmetric encryption algorithm alongside the key so that encrypting identical plaintexts produces different ciphertexts. By introducing fresh randomness into each encryption operation, an IV prevents attackers from spotting patterns across encrypted data and is essential to the security of block cipher modes of operation.
The IV is combined with the first block of plaintext (or counter input) before or during encryption, and its effect chains through subsequent blocks depending on the mode. In Cipher Block Chaining (CBC), the IV is XORed with the first plaintext block; in Counter (CTR) and GCM modes, it seeds the counter or nonce. An IV need not be secret and is typically stored or transmitted alongside the ciphertext, but its uniqueness and unpredictability requirements vary by mode. IV usage is specified in NIST SP 800-38A.
IVs matter because reusing or mishandling them breaks confidentiality even when the cipher and key are strong. In CBC mode, a predictable IV enabled real attacks such as BEAST against TLS, so the IV must be unpredictable (randomly generated). In CTR and GCM modes, reusing an IV with the same key is catastrophic, leaking plaintext relationships and, for GCM, destroying authentication guarantees. Correct IV management, unique per operation and properly random where required, is therefore as important as key management.
For example, a system encrypting database records with AES in CBC mode generates a fresh, cryptographically random IV for every record, prepends it to the ciphertext, and uses it during decryption to recover the plaintext. Because each record uses a distinct IV, two rows containing the same value (such as identical salary figures) produce completely different ciphertext, denying an attacker who reads the database any ability to infer which records match.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →