I have to send data from a C# application to a JAVA application. JAVA developers say they have implemented TripleDES (3DES) encryption using CBC mode to decrypt the message coming from other apps. They have provided following information to encrypt a message before sending them.
Encryption: TripleDES (3DES) (Symmetric) Mode: CBC Padding: PKCS5 IV (salt): No IV/salt is used
Please guide me, is there a way to implement CBC mode without an IV/salt? The TripleDES provider in C# generates a random IV (if no IV is set manually) and decryption fails without using an IV.
An IV is crucial to the implementation of CBC - you can't use CBC without an IV, because then it isn't CBC anymore, it is something else.
It is likely that the other development team has used an implementation of CBC that allows implementors to omit the IV, even though under the hood it is randomly generating one or using a zero value for the IV.
To clarify - MindSwipe is correct and the Java developers are incorrect - they just don't realize it because the library they are using is abstracting the requirement away from them.
I suggest explaining the above to the Java developers and asking them to confirm if the IV used is just a zero value e.g. 64 0 bits.