There have been many questions with regard to IV generation, encryption and sharing the IV between the sender and receiver, but I want to make an explicit post regarding the best way to send the IV from the sender to the receiver.
From all the posts that I've seen so far, I'm uncertain as to whether it is safe to send the IV in "plaintext" by prepending it to the cipher text. So the first question is, is it safe to do so?
Second, is there are safer way to share an IV between the sender and receiver when communicating by exchanging messages?
Cheers
Yes, it is safe to send the IV in the clear. Here is the 'proof' of why:
Take CBC mode for example:
You can see that the ciphertext of a block is XORed with the plaintext of the next block. The reason we need an IV is because on the first block, there is no previous ciphertext to use. If there was a security risk with having the IV be secret, then the security risk would be present for every block after, since the ciphertext serves the same role as the IV.
That being said though, you need to make sure you MAC it. Depending on how you do message authentication codes, someone tampering with the IV could tamper with the resulting plaintext on decryption. Encryption alone does not provide integrity of messages.
Also, for IV generation, it depends on your requirements. But most often, your IV needs to be random and non-predictable.
Yes, it is safe. Many protocols such as WEP and WPA will transmit the IV in plain text. This is usually a requirement as it is impossible to decrypt the message without knowing the iv. The most common WEP attack involves capturing thousands of IV's, but this is because RC4 is vulnerable to a Related Key Attack. If you are using a secure symmetric cipher then you do not have to worry.
A known vulnerability that I know of relating to IV's is CWE-329, which requires that the IV be random, and this is why this is an issue. Another potential problem is encrypting 2 messages with the same IV. This is a problem because an attacker maybe able to identify another cipher text message by encrypting many known messages, effectively making guesses as to what a captured cipher text maybe without knowing the key.
Yes, it is safe to do in plain text with the caveat that they should not be repeated.