Once the attacker has one plaintext message and the matching ciphertext (perhaps she intercepted it somewhere else, like the destination), she will be able to know when any other messages with the same starting sequence are sent. Since she can learn something about the contents of your encrypted messages, this is insecure.
It also allows the attacker to perform frequency analysis. For example, imagine that your plaintext messages are commands to the backend of a stock market platform, so they all start with either "COMMAND=BUY"
or "COMMAND=SELL"
. This means that the encrypted messages start with only two different ciphertext sequences. The attacker can't directly decrypt them - but if she is able to later observe how many SELL orders you placed through observing the market data, she'll be able to go back and work out which is which, and from now on she'll know exactly which orders you are placing as you place them.
Frequency analysis is how simple substitution ciphers are broken, and this is no coincidence - using a fixed IV means that the initial portion of your messages are effectively just using substitution, a block at a time.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…