Manipulating the Initialization Vector does not (really) prevent me from decrypting AES ciphertexts

Question

I created the following class, based from the examples on MSDN: https://gist.github.com/anonymous/19d9e5f6747dfe75d553

Whenever I use it like this, it seems like it encrypts fine:

var key = Crypto.GenerateKey();
var vector = Crypto.GenerateVector(key);

var cypherText = Crypto.EncryptBase64("abcdefghijklmnopqrstuvwxyz1234567890", key, vector);
vector = Crypto.GenerateVector(key);
var plainText = Crypto.Decrypt(cypherText, key, vector);

Then plainText contains the following:

�\aU��(���P\u0003�b\u001dxqrstuvwxyz1234567890

So it seems changing the IV, doesn't really do anything (especially on longer documents). Why do we even need an IV?

Answer 1

The default mode of operation for SymmetricAlgorithm is CipherMode.CBC.

Given the way how the CBC mode works the change of IV of encrypted data will impact only the first decrypted block of data.

Citing the linked article:

Decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct. This is because a plaintext block can be recovered from two adjacent blocks of ciphertext. As a consequence, decryption can be parallelized. Note that a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext, but the rest of the blocks remain intact.

This is one of the reasons why encryption without authentication (e.g. here) is not a good idea.

On the other hand changing the IV during the encryption results in a completely different ciphertext as the change in the first block is propagated to all the subsequent blocks.

Desclaimer: I am no crypto expert, so please do validate my thoughts.