diff --git a/ChangeLog b/ChangeLog
index 547d3a7c7a..987d277988 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Feb 08 09:19:00 2012  Martin Bosslet  <Martin.Bosslet@googlemail.com>
+
+	* ext/openssl/ossl_cipher.c: Add warning about key as IV.
+
 Tue Feb  7 20:08:12 2012  Ayumu AIZAWA  <ayumu.aizawa@gmail.com>
 
 	* error.c (exc_inspect): Fix typo. patch from Trent Ogren
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 101ea052fa..4e758b6a26 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -686,6 +686,12 @@ Init_ossl_cipher(void)
      *  key = cipher.random_key
      *  iv = cipher.random_iv # also sets the generated IV on the Cipher
      *
+     *  Although the key is generally a random value, too, it is a bad choice
+     *  as an IV. There are elaborate ways how an attacker can take advantage
+     *  of such an IV. As a general rule of thumb, exposing the key directly
+     *  or indirectly should be avoided at all cost and exceptions only be
+     *  made with good reason. 
+     *
      * === Calling Cipher#final
      *
      * ECB (which should not be used) and CBC are both block-based modes.