In the Fernet spec, when describing the IV, it says the following: "When generating new Fernet tokens, the IV must be chosen uniquely for every token. With a high-quality source of entropy, random selection will do this with high probability."
In reality, with CBC encryption their 'uniqueness' property is neither necessary nor sufficient. Instead, they really do need the IV to be chosen by 'random selection' in order for CBC to be safe.
The implementations of Fernet token uses os.urandom(16), which is the correct way to generate an IV for CBC mode.
This means that the document must be corrected as "When generating new Fernet tokens, the IV must be chosen by 'random selection' in order for CBC to be safe."
In the Fernet spec, when describing the IV, it says the following: "When generating new Fernet tokens, the IV must be chosen uniquely for every token. With a high-quality source of entropy, random selection will do this with high probability."
In reality, with CBC encryption their 'uniqueness' property is neither necessary nor sufficient. Instead, they really do need the IV to be chosen by 'random selection' in order for CBC to be safe.
The implementations of Fernet token uses os.urandom(16), which is the correct way to generate an IV for CBC mode.
This means that the document must be corrected as "When generating new Fernet tokens, the IV must be chosen by 'random selection' in order for CBC to be safe."
Thank you,