All geek questions in one place

RijndaelManaged: IV generation?

I want to implement the safest and most reliable form of symmetric cryptography in my application. The user must enter a password for encryption / decryption and that’s all. For RijndaelManaged, you must enter the key and IV. I'm not sure how to handle the situation. Right now, I have an entered password that is hashed by SHA256 and then used as a key for Rijndael. What do I use for IV? Another password?

+4
source share
3 answers

You can use GenerateIV (redefined in RijndaelManaged ) to generate IV. Then you can pass IV along with cyphertext. You may think that IV acts like a salt - basically it prevents the encryption of the same plaintext into the same cyphertext every time. Do not reuse IV - this makes it pointless. Create a new one for each message.

+9
source

  • There is a special function for obtaining a password key; I believe that it is safer than a hash. You can look at the class Rfc2898DeriveBytes. This requires a Salt and password.

  • It is common practice to add IV (and salt), unencrypted in the message.

  • If you create an instance of the Rijndaal class, it automatically generates an IV, the sender can simply use this.

+2
source

Jon Skeet is true about IV, but you also have a problem with how you retrieve the key.

Just using one SHA256 round on an unencrypted password is not secure. This leaves the system open to a simple dictionary attack.

There is a class of functions designed to receive a plaintext password and create an encryption key from them - these are “key derivation functions”. You should use one of them - PBKDF2 - a good choice is to generate your key. The Rfc2898DeriveBytes class implements PBKDF2.

KDF will require a salt that is randomly generated each time and is included along with the encryption text (like IV).

+2
source

Source: https://habr.com/ru/post/1305315/

More articles:


All Articles