I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?
+2
A:
You can use GenerateIV (overridden in RijndaelManaged) to generate the IV. You can then transmit the IV along with the cyphertext. You can think of an IV as acting a bit like a salt - basically it prevents the same plaintext from being encrypted to the same cyphertext each time. Don't reuse an IV - that makes it pointless. Generate a new one for each message.
Jon Skeet
2010-03-27 19:32:25
Is there a specific standard on where how to append the IV to a cypher text?
cam
2010-03-27 19:39:13
Put it before the cipher. That way you can have decrypt in streaming mode.
GregS
2010-03-27 21:52:36
Is it safe to prepend the IV to the cypher text? The attacker would know that the first, say 128 bits, of the message is the IV, and this shouldn't be a problem?
Mystic
2010-08-04 04:48:10
+1
A:
Jon Skeet is correct about the IV, but you also have a problem with the way you are deriving a key.
Just using a single round of SHA256 on the plaintext password is not secure. It leaves the system open to a simple dictionary attack.
There is a class of functions that are designed to take a plaintext password and create a cipher key from them - these are "key derivation functions". You should use one of these - PBKDF2 is a good choice - to generate your key. The Rfc2898DeriveBytes class implements PBKDF2.
The KDF will require a salt, which is randomly generated each time and included along with the cipher text (just like the IV).
caf
2010-04-02 06:11:42