Re: using the key as the IV in RijndaelManaged, any problem?

From: Michel Gallant (neutron_at_istar.ca)
Date: 05/14/04


Date: Fri, 14 May 2004 14:32:22 -0400

See also sample code here, showing contatenation of items into AES_encrypted file,
as well as how to manage this with cascaded streams b64 included:
   http://www.jensign.com/JavaScience/dotnet/SimCryptNET

- Mitch Gallant
   www.jensign.com

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:eXiB8EeOEHA.3124@TK2MSFTNGP12.phx.gbl...
> Or you can use an approach like this:
> http://www.obviex.com/samples/EncryptionWithSalt.aspx.
>
> Alek
>
> "Hernan de Lahitte" <hernan@lagash.com> wrote in message
> news:ubpjqtdOEHA.3348@TK2MSFTNGP09.phx.gbl...
> > Bob,
> >
> > It's not a good idea tu resuse the same key / IV combo. An instresting
> > approach might be to derive a password with the "PasswordDeriveBytes"
> class
> > and generate a random salt. If you want some further details about
> password
> > generation check out this article:
> > http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.
> >
> > --
> > Hernan de Lahitte
> > Lagash Systems S.A.
> > http://weblogs.asp.net/hernandl
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...
> > > Valery:
> > >
> > > Thanks for the reply. I understand IV can be plain text and what it
> does.
> > > My question is, if I use the key as the IV (so I don't have to send the
> IV
> > > as an added baggage or store it on both ends), whether this would add
> > > security risks.
> > >
> > > I need to keep the key on both ends anyway, so it's convenient to use it
> > as
> > > the IV. but if the convenience brings risks, then I probably shouldn't
> do
> > > it.
> > >
> > > Bob
> > >
> > > "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> > > news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...
> > > > Hi Bob,
> > > > you don't need to encrypt IV - just send it in plain text prepended to
> > > > cipher text.
> > > > The point is that you can use different IV with the same encryption
> > > session
> > > > key for encrypting multiple packages, thus producing different cipher
> > text
> > > > even if plain text was the same.
> > > > IV is used differently depending on modes of operations. ECB - no
> > effect,
> > > > CBC XORes every previous cipher block with next plain text block
> before
> > > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as
> > starting
> > > > block when generating cipher stream and use previous cipher block for
> > > > generating next keystream block.
> > > >
> > > > -Valery.
> > > > http://www.harper.no/valery
> > > >
> > > > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > > > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...
> > > > >I have two questions hoping someone could give me some insights.
> > > > >
> > > > > I'm implementing an encryption solution using the RijndaelManaged
> > class.
> > > > > What I found very strange is that if I use a different IV on the
> > > decrypte
> > > > > end, a binary file (such as a zip file) decrypts without any
> problem,
> > > but
> > > > > if
> > > > > it's a text file, it adds some scrumbled characters at the beginning
> > > even
> > > > > though the rest of the file is decrypted without problem. Why does
> > this
> > > > > happen?
> > > > >
> > > > > Because of this issue, I need to have the same IV on both ends. I'd
> > > like
> > > > > to
> > > > > avoid managing another piece of cryptic data (in addition to the
> key),
> > > I'm
> > > > > thinking of using the key as the IV. I use a 256-bit key so I
> > increased
> > > > > the
> > > > > blocksize on my RijndaelManaged object to 256 and this actually
> speed
> > up
> > > > > the
> > > > > encryption process by about 10% when I tested with a file of 3 MB in
> > > size.
> > > > > This is good. However, I just don't know if using the same byte
> array
> > > as
> > > > > the key and the IV is a security concern, that is, whether it's
> easier
> > > to
> > > > > figure out the IV from the encrypted data. Because if so, then my
> key
> > > is
> > > > > also exposed.
> > > > >
> > > > > Thanks a lot for any suggestions.
> > > > > Bob
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>