Hi,
i hope that CSecurityManager will provide a getter for random generated Initial Vector. Because for some reasons, sometimes IV is used for client-side.
As for my case, my authenication plan is:
[list=1]
[*]when user first request a page, random IV and random token are generated
[*]upon login as a user, combination of IV + username will be encrypted with password + token
[*]then send to server-side for decryption
[*]when credentials are verified, login is then successful
[/list]
main concern to prevent man-middle attack. This is just one of the example case I have to reason out for the request of a getIV().
thanks.