serpro
commented
9 years ago Ideally IV should change for each encryption. But this implementation doesn't use it to it's whole potential. I'm happy to review any Merge Request that improves it. Thanks for your message.
As far as I know (which is very little), the IV is used as a sort of nuance to generate different outputs despite having same content and same password. Of course I know the password needs to be the same when encrypting/decrypting, but can't the IV be different? Doesn't the fact that both parties need to know the password AND iv make the IV concept redundant making it a sort of second password? Why not use the very same password for example?