I have large files which are broken into blocks of 512 KB and uploaded to a serv
ID: 648649 • Letter: I
Question
I have large files which are broken into blocks of 512 KB and uploaded to a server. In my DB I store the IV, and the user knows the security key themselves. When downloading, I use the same IV and key.
However, is it insecure running AES-CBC on each different block with the same IV? Won't this give away information -- e.g. 1 512 block encrypted will equal the next 512 block if they are both identical? And if I can't load the entire file into memory at once, is the only safe way to do it storing many IV's? (100 GB file would have 200k IV's...)
Explanation / Answer
It is insecure to reuse the IV with AES-CBC. At the very least, if the files have a common prefix, this will be revealed as a common prefix of the ciphertexts. For AES-CBC, the only way to ensure confidentiality is to use random IVs.
However, if you are not restricted to a particular CBC mode, the nonce-based Counter mode (CTR) might solve your problem. Each block is then encrypted with unique number (nonce) N instead of IV. It does not have to be secret, moreover, it can be predictable (for example, it can be the block index).
Another option is to try modes of operation dedicated to small-block encryption. XTS, which employs key-dependent tweaks instead of IVs and nonces, is a widely used example.