using the key as the IV in RijndaelManaged, any problem?

Discussion in 'ASP .Net Security' started by Bob, May 12, 2004.

  1. Bob

    Bob Guest

    I have two questions hoping someone could give me some insights.

    I'm implementing an encryption solution using the RijndaelManaged class.
    What I found very strange is that if I use a different IV on the decrypte
    end, a binary file (such as a zip file) decrypts without any problem, but if
    it's a text file, it adds some scrumbled characters at the beginning even
    though the rest of the file is decrypted without problem. Why does this
    happen?

    Because of this issue, I need to have the same IV on both ends. I'd like to
    avoid managing another piece of cryptic data (in addition to the key), I'm
    thinking of using the key as the IV. I use a 256-bit key so I increased the
    blocksize on my RijndaelManaged object to 256 and this actually speed up the
    encryption process by about 10% when I tested with a file of 3 MB in size.
    This is good. However, I just don't know if using the same byte array as
    the key and the IV is a security concern, that is, whether it's easier to
    figure out the IV from the encrypted data. Because if so, then my key is
    also exposed.

    Thanks a lot for any suggestions.
    Bob
     
    Bob, May 12, 2004
    #1
    1. Advertising

  2. Bob

    Eugen Feraru Guest

    Bob,
    I am looking at using the Rijndael algorithm, as well. Have you understood
    the need of using the IV? Reading the AES specs - Advance Encryption
    Standard - based on the Rijndael algorithm, I could not find any IV
    references. May be I need to do more reading....

    Thanks,
    Eugen

    " Bob" <> wrote in message
    news:u6tcT%...
    > I have two questions hoping someone could give me some insights.
    >
    > I'm implementing an encryption solution using the RijndaelManaged class.
    > What I found very strange is that if I use a different IV on the decrypte
    > end, a binary file (such as a zip file) decrypts without any problem, but

    if
    > it's a text file, it adds some scrumbled characters at the beginning even
    > though the rest of the file is decrypted without problem. Why does this
    > happen?
    >
    > Because of this issue, I need to have the same IV on both ends. I'd like

    to
    > avoid managing another piece of cryptic data (in addition to the key), I'm
    > thinking of using the key as the IV. I use a 256-bit key so I increased

    the
    > blocksize on my RijndaelManaged object to 256 and this actually speed up

    the
    > encryption process by about 10% when I tested with a file of 3 MB in size.
    > This is good. However, I just don't know if using the same byte array as
    > the key and the IV is a security concern, that is, whether it's easier to
    > figure out the IV from the encrypted data. Because if so, then my key is
    > also exposed.
    >
    > Thanks a lot for any suggestions.
    > Bob
    >
    >
     
    Eugen Feraru, May 12, 2004
    #2
    1. Advertising

  3. Hi Bob,
    you don't need to encrypt IV - just send it in plain text prepended to
    cipher text.
    The point is that you can use different IV with the same encryption session
    key for encrypting multiple packages, thus producing different cipher text
    even if plain text was the same.
    IV is used differently depending on modes of operations. ECB - no effect,
    CBC XORes every previous cipher block with next plain text block before
    encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
    block when generating cipher stream and use previous cipher block for
    generating next keystream block.

    -Valery.
    http://www.harper.no/valery

    " Bob" <> wrote in message
    news:u6tcT%...
    >I have two questions hoping someone could give me some insights.
    >
    > I'm implementing an encryption solution using the RijndaelManaged class.
    > What I found very strange is that if I use a different IV on the decrypte
    > end, a binary file (such as a zip file) decrypts without any problem, but
    > if
    > it's a text file, it adds some scrumbled characters at the beginning even
    > though the rest of the file is decrypted without problem. Why does this
    > happen?
    >
    > Because of this issue, I need to have the same IV on both ends. I'd like
    > to
    > avoid managing another piece of cryptic data (in addition to the key), I'm
    > thinking of using the key as the IV. I use a 256-bit key so I increased
    > the
    > blocksize on my RijndaelManaged object to 256 and this actually speed up
    > the
    > encryption process by about 10% when I tested with a file of 3 MB in size.
    > This is good. However, I just don't know if using the same byte array as
    > the key and the IV is a security concern, that is, whether it's easier to
    > figure out the IV from the encrypted data. Because if so, then my key is
    > also exposed.
    >
    > Thanks a lot for any suggestions.
    > Bob
    >
    >
     
    Valery Pryamikov, May 12, 2004
    #3
  4. Bob

    Alek Davis Guest

    Eugen,

    IV is not Rijndael-specific. It is used by encryption algorithms which
    support cipher-block chaining (CBC). When an encryption algorithm, such as
    Rijndael, uses CBC, every block of plain text data is XORed with the
    previous (encrypted) block before it is encrypted. (This is considered a
    good encryption mode - i.e. better than CFB, EBC, etc., which do not need
    IV - because using different IV values the same plain text can be encrypted
    with the same key producing different cipher text.) Anyway, as you might
    have guessed, when the first block of plain text is being encrypted, there
    is no previous block to XOR it with, so this is the purpose that IV serves.
    IV is XORed with the first plain text block, then the result is encrypted.
    The encrypted block is then XORed with the second plain text block and the
    result is encrypted, and so on. Obviously, IV will be needed during
    decryption, but unlike the encryption key (or pass phrase from which the key
    is derived), IV is not considered a sensitive value, so it is normally
    stored as plain text. I hope I made a bit it more clear for you.

    Alek

    "Eugen Feraru" <> wrote in message
    news:...
    > Bob,
    > I am looking at using the Rijndael algorithm, as well. Have you understood
    > the need of using the IV? Reading the AES specs - Advance Encryption
    > Standard - based on the Rijndael algorithm, I could not find any IV
    > references. May be I need to do more reading....
    >
    > Thanks,
    > Eugen
    >
    > " Bob" <> wrote in message
    > news:u6tcT%...
    > > I have two questions hoping someone could give me some insights.
    > >
    > > I'm implementing an encryption solution using the RijndaelManaged class.
    > > What I found very strange is that if I use a different IV on the

    decrypte
    > > end, a binary file (such as a zip file) decrypts without any problem,

    but
    > if
    > > it's a text file, it adds some scrumbled characters at the beginning

    even
    > > though the rest of the file is decrypted without problem. Why does this
    > > happen?
    > >
    > > Because of this issue, I need to have the same IV on both ends. I'd

    like
    > to
    > > avoid managing another piece of cryptic data (in addition to the key),

    I'm
    > > thinking of using the key as the IV. I use a 256-bit key so I increased

    > the
    > > blocksize on my RijndaelManaged object to 256 and this actually speed up

    > the
    > > encryption process by about 10% when I tested with a file of 3 MB in

    size.
    > > This is good. However, I just don't know if using the same byte array

    as
    > > the key and the IV is a security concern, that is, whether it's easier

    to
    > > figure out the IV from the encrypted data. Because if so, then my key

    is
    > > also exposed.
    > >
    > > Thanks a lot for any suggestions.
    > > Bob
    > >
    > >

    >
    >
     
    Alek Davis, May 12, 2004
    #4
  5. Bob

    Bob Guest

    Valery:

    Thanks for the reply. I understand IV can be plain text and what it does.
    My question is, if I use the key as the IV (so I don't have to send the IV
    as an added baggage or store it on both ends), whether this would add
    security risks.

    I need to keep the key on both ends anyway, so it's convenient to use it as
    the IV. but if the convenience brings risks, then I probably shouldn't do
    it.

    Bob

    "Valery Pryamikov" <> wrote in message
    news:e$...
    > Hi Bob,
    > you don't need to encrypt IV - just send it in plain text prepended to
    > cipher text.
    > The point is that you can use different IV with the same encryption

    session
    > key for encrypting multiple packages, thus producing different cipher text
    > even if plain text was the same.
    > IV is used differently depending on modes of operations. ECB - no effect,
    > CBC XORes every previous cipher block with next plain text block before
    > encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
    > block when generating cipher stream and use previous cipher block for
    > generating next keystream block.
    >
    > -Valery.
    > http://www.harper.no/valery
    >
    > " Bob" <> wrote in message
    > news:u6tcT%...
    > >I have two questions hoping someone could give me some insights.
    > >
    > > I'm implementing an encryption solution using the RijndaelManaged class.
    > > What I found very strange is that if I use a different IV on the

    decrypte
    > > end, a binary file (such as a zip file) decrypts without any problem,

    but
    > > if
    > > it's a text file, it adds some scrumbled characters at the beginning

    even
    > > though the rest of the file is decrypted without problem. Why does this
    > > happen?
    > >
    > > Because of this issue, I need to have the same IV on both ends. I'd

    like
    > > to
    > > avoid managing another piece of cryptic data (in addition to the key),

    I'm
    > > thinking of using the key as the IV. I use a 256-bit key so I increased
    > > the
    > > blocksize on my RijndaelManaged object to 256 and this actually speed up
    > > the
    > > encryption process by about 10% when I tested with a file of 3 MB in

    size.
    > > This is good. However, I just don't know if using the same byte array

    as
    > > the key and the IV is a security concern, that is, whether it's easier

    to
    > > figure out the IV from the encrypted data. Because if so, then my key

    is
    > > also exposed.
    > >
    > > Thanks a lot for any suggestions.
    > > Bob
    > >
    > >

    >
    >
     
    Bob, May 12, 2004
    #5
  6. Bob

    Bob Guest

    IV is needed when the encryption mode is Cipher Block Chaining, which is the
    default in the RijndaelManaged class. You can read the thread "Encryption
    using System.Security.Cryptography" on this group for more details. It's
    basically a "seed" for the encryption process to get started.

    Bob

    "Eugen Feraru" <> wrote in message
    news:...
    > Bob,
    > I am looking at using the Rijndael algorithm, as well. Have you understood
    > the need of using the IV? Reading the AES specs - Advance Encryption
    > Standard - based on the Rijndael algorithm, I could not find any IV
    > references. May be I need to do more reading....
    >
    > Thanks,
    > Eugen
    >
    > " Bob" <> wrote in message
    > news:u6tcT%...
    > > I have two questions hoping someone could give me some insights.
    > >
    > > I'm implementing an encryption solution using the RijndaelManaged class.
    > > What I found very strange is that if I use a different IV on the

    decrypte
    > > end, a binary file (such as a zip file) decrypts without any problem,

    but
    > if
    > > it's a text file, it adds some scrumbled characters at the beginning

    even
    > > though the rest of the file is decrypted without problem. Why does this
    > > happen?
    > >
    > > Because of this issue, I need to have the same IV on both ends. I'd

    like
    > to
    > > avoid managing another piece of cryptic data (in addition to the key),

    I'm
    > > thinking of using the key as the IV. I use a 256-bit key so I increased

    > the
    > > blocksize on my RijndaelManaged object to 256 and this actually speed up

    > the
    > > encryption process by about 10% when I tested with a file of 3 MB in

    size.
    > > This is good. However, I just don't know if using the same byte array

    as
    > > the key and the IV is a security concern, that is, whether it's easier

    to
    > > figure out the IV from the encrypted data. Because if so, then my key

    is
    > > also exposed.
    > >
    > > Thanks a lot for any suggestions.
    > > Bob
    > >
    > >

    >
    >
     
    Bob, May 12, 2004
    #6
  7. Bob,
    AFAIK, using key as IV doesn't increase risk of key being compromised, but
    it demeans use of chaining and feedback modes (which is to generate
    different cipher from the same text by using different IV). If using fixed
    IV-KEY pair is your intention - then you can also consider switchig to ECB
    for better performace. Chaining and Feedback modes with fixed IV-KEY pair
    will just use more processor cycles, but only insignificantly (if at all)
    increase cipher strength.

    -Valery.

    http://www.harper.no/valery


    " Bob" <> wrote in message
    news:...
    > Valery:
    >
    > Thanks for the reply. I understand IV can be plain text and what it does.
    > My question is, if I use the key as the IV (so I don't have to send the IV
    > as an added baggage or store it on both ends), whether this would add
    > security risks.
    >
    > I need to keep the key on both ends anyway, so it's convenient to use it
    > as
    > the IV. but if the convenience brings risks, then I probably shouldn't do
    > it.
    >
    > Bob
    >
    > "Valery Pryamikov" <> wrote in message
    > news:e$...
    >> Hi Bob,
    >> you don't need to encrypt IV - just send it in plain text prepended to
    >> cipher text.
    >> The point is that you can use different IV with the same encryption

    > session
    >> key for encrypting multiple packages, thus producing different cipher
    >> text
    >> even if plain text was the same.
    >> IV is used differently depending on modes of operations. ECB - no effect,
    >> CBC XORes every previous cipher block with next plain text block before
    >> encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
    >> block when generating cipher stream and use previous cipher block for
    >> generating next keystream block.
    >>
    >> -Valery.
    >> http://www.harper.no/valery
    >>
    >> " Bob" <> wrote in message
    >> news:u6tcT%...
    >> >I have two questions hoping someone could give me some insights.
    >> >
    >> > I'm implementing an encryption solution using the RijndaelManaged
    >> > class.
    >> > What I found very strange is that if I use a different IV on the

    > decrypte
    >> > end, a binary file (such as a zip file) decrypts without any problem,

    > but
    >> > if
    >> > it's a text file, it adds some scrumbled characters at the beginning

    > even
    >> > though the rest of the file is decrypted without problem. Why does
    >> > this
    >> > happen?
    >> >
    >> > Because of this issue, I need to have the same IV on both ends. I'd

    > like
    >> > to
    >> > avoid managing another piece of cryptic data (in addition to the key),

    > I'm
    >> > thinking of using the key as the IV. I use a 256-bit key so I
    >> > increased
    >> > the
    >> > blocksize on my RijndaelManaged object to 256 and this actually speed
    >> > up
    >> > the
    >> > encryption process by about 10% when I tested with a file of 3 MB in

    > size.
    >> > This is good. However, I just don't know if using the same byte array

    > as
    >> > the key and the IV is a security concern, that is, whether it's easier

    > to
    >> > figure out the IV from the encrypted data. Because if so, then my key

    > is
    >> > also exposed.
    >> >
    >> > Thanks a lot for any suggestions.
    >> > Bob
    >> >
    >> >

    >>
    >>

    >
    >
     
    Valery Pryamikov, May 12, 2004
    #7
  8. Bob

    Eugen Feraru Guest

    Thanks Alek for the detailed response!
    Eugen

    "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
    news:emIl$...
    > Eugen,
    >
    > IV is not Rijndael-specific. It is used by encryption algorithms which
    > support cipher-block chaining (CBC). When an encryption algorithm, such as
    > Rijndael, uses CBC, every block of plain text data is XORed with the
    > previous (encrypted) block before it is encrypted. (This is considered a
    > good encryption mode - i.e. better than CFB, EBC, etc., which do not need
    > IV - because using different IV values the same plain text can be

    encrypted
    > with the same key producing different cipher text.) Anyway, as you might
    > have guessed, when the first block of plain text is being encrypted, there
    > is no previous block to XOR it with, so this is the purpose that IV

    serves.
    > IV is XORed with the first plain text block, then the result is encrypted.
    > The encrypted block is then XORed with the second plain text block and the
    > result is encrypted, and so on. Obviously, IV will be needed during
    > decryption, but unlike the encryption key (or pass phrase from which the

    key
    > is derived), IV is not considered a sensitive value, so it is normally
    > stored as plain text. I hope I made a bit it more clear for you.
    >
    > Alek
    >
    > "Eugen Feraru" <> wrote in message
    > news:...
    > > Bob,
    > > I am looking at using the Rijndael algorithm, as well. Have you

    understood
    > > the need of using the IV? Reading the AES specs - Advance Encryption
    > > Standard - based on the Rijndael algorithm, I could not find any IV
    > > references. May be I need to do more reading....
    > >
    > > Thanks,
    > > Eugen
    > >
    > > " Bob" <> wrote in message
    > > news:u6tcT%...
    > > > I have two questions hoping someone could give me some insights.
    > > >
    > > > I'm implementing an encryption solution using the RijndaelManaged

    class.
    > > > What I found very strange is that if I use a different IV on the

    > decrypte
    > > > end, a binary file (such as a zip file) decrypts without any problem,

    > but
    > > if
    > > > it's a text file, it adds some scrumbled characters at the beginning

    > even
    > > > though the rest of the file is decrypted without problem. Why does

    this
    > > > happen?
    > > >
    > > > Because of this issue, I need to have the same IV on both ends. I'd

    > like
    > > to
    > > > avoid managing another piece of cryptic data (in addition to the key),

    > I'm
    > > > thinking of using the key as the IV. I use a 256-bit key so I

    increased
    > > the
    > > > blocksize on my RijndaelManaged object to 256 and this actually speed

    up
    > > the
    > > > encryption process by about 10% when I tested with a file of 3 MB in

    > size.
    > > > This is good. However, I just don't know if using the same byte array

    > as
    > > > the key and the IV is a security concern, that is, whether it's easier

    > to
    > > > figure out the IV from the encrypted data. Because if so, then my key

    > is
    > > > also exposed.
    > > >
    > > > Thanks a lot for any suggestions.
    > > > Bob
    > > >
    > > >

    > >
    > >

    >
    >
     
    Eugen Feraru, May 13, 2004
    #8
  9. Bob,

    It's not a good idea tu resuse the same key / IV combo. An instresting
    approach might be to derive a password with the "PasswordDeriveBytes" class
    and generate a random salt. If you want some further details about password
    generation check out this article:
    http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.

    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://weblogs.asp.net/hernandl


    This posting is provided "AS IS" with no warranties, and confers no rights.

    " Bob" <> wrote in message
    news:...
    > Valery:
    >
    > Thanks for the reply. I understand IV can be plain text and what it does.
    > My question is, if I use the key as the IV (so I don't have to send the IV
    > as an added baggage or store it on both ends), whether this would add
    > security risks.
    >
    > I need to keep the key on both ends anyway, so it's convenient to use it

    as
    > the IV. but if the convenience brings risks, then I probably shouldn't do
    > it.
    >
    > Bob
    >
    > "Valery Pryamikov" <> wrote in message
    > news:e$...
    > > Hi Bob,
    > > you don't need to encrypt IV - just send it in plain text prepended to
    > > cipher text.
    > > The point is that you can use different IV with the same encryption

    > session
    > > key for encrypting multiple packages, thus producing different cipher

    text
    > > even if plain text was the same.
    > > IV is used differently depending on modes of operations. ECB - no

    effect,
    > > CBC XORes every previous cipher block with next plain text block before
    > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

    starting
    > > block when generating cipher stream and use previous cipher block for
    > > generating next keystream block.
    > >
    > > -Valery.
    > > http://www.harper.no/valery
    > >
    > > " Bob" <> wrote in message
    > > news:u6tcT%...
    > > >I have two questions hoping someone could give me some insights.
    > > >
    > > > I'm implementing an encryption solution using the RijndaelManaged

    class.
    > > > What I found very strange is that if I use a different IV on the

    > decrypte
    > > > end, a binary file (such as a zip file) decrypts without any problem,

    > but
    > > > if
    > > > it's a text file, it adds some scrumbled characters at the beginning

    > even
    > > > though the rest of the file is decrypted without problem. Why does

    this
    > > > happen?
    > > >
    > > > Because of this issue, I need to have the same IV on both ends. I'd

    > like
    > > > to
    > > > avoid managing another piece of cryptic data (in addition to the key),

    > I'm
    > > > thinking of using the key as the IV. I use a 256-bit key so I

    increased
    > > > the
    > > > blocksize on my RijndaelManaged object to 256 and this actually speed

    up
    > > > the
    > > > encryption process by about 10% when I tested with a file of 3 MB in

    > size.
    > > > This is good. However, I just don't know if using the same byte array

    > as
    > > > the key and the IV is a security concern, that is, whether it's easier

    > to
    > > > figure out the IV from the encrypted data. Because if so, then my key

    > is
    > > > also exposed.
    > > >
    > > > Thanks a lot for any suggestions.
    > > > Bob
    > > >
    > > >

    > >
    > >

    >
    >
     
    Hernan de Lahitte, May 14, 2004
    #9
  10. Bob

    Alek Davis Guest

    Or you can use an approach like this:
    http://www.obviex.com/samples/EncryptionWithSalt.aspx.

    Alek

    "Hernan de Lahitte" <> wrote in message
    news:...
    > Bob,
    >
    > It's not a good idea tu resuse the same key / IV combo. An instresting
    > approach might be to derive a password with the "PasswordDeriveBytes"

    class
    > and generate a random salt. If you want some further details about

    password
    > generation check out this article:
    > http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.
    >
    > --
    > Hernan de Lahitte
    > Lagash Systems S.A.
    > http://weblogs.asp.net/hernandl
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    >
    > " Bob" <> wrote in message
    > news:...
    > > Valery:
    > >
    > > Thanks for the reply. I understand IV can be plain text and what it

    does.
    > > My question is, if I use the key as the IV (so I don't have to send the

    IV
    > > as an added baggage or store it on both ends), whether this would add
    > > security risks.
    > >
    > > I need to keep the key on both ends anyway, so it's convenient to use it

    > as
    > > the IV. but if the convenience brings risks, then I probably shouldn't

    do
    > > it.
    > >
    > > Bob
    > >
    > > "Valery Pryamikov" <> wrote in message
    > > news:e$...
    > > > Hi Bob,
    > > > you don't need to encrypt IV - just send it in plain text prepended to
    > > > cipher text.
    > > > The point is that you can use different IV with the same encryption

    > > session
    > > > key for encrypting multiple packages, thus producing different cipher

    > text
    > > > even if plain text was the same.
    > > > IV is used differently depending on modes of operations. ECB - no

    > effect,
    > > > CBC XORes every previous cipher block with next plain text block

    before
    > > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

    > starting
    > > > block when generating cipher stream and use previous cipher block for
    > > > generating next keystream block.
    > > >
    > > > -Valery.
    > > > http://www.harper.no/valery
    > > >
    > > > " Bob" <> wrote in message
    > > > news:u6tcT%...
    > > > >I have two questions hoping someone could give me some insights.
    > > > >
    > > > > I'm implementing an encryption solution using the RijndaelManaged

    > class.
    > > > > What I found very strange is that if I use a different IV on the

    > > decrypte
    > > > > end, a binary file (such as a zip file) decrypts without any

    problem,
    > > but
    > > > > if
    > > > > it's a text file, it adds some scrumbled characters at the beginning

    > > even
    > > > > though the rest of the file is decrypted without problem. Why does

    > this
    > > > > happen?
    > > > >
    > > > > Because of this issue, I need to have the same IV on both ends. I'd

    > > like
    > > > > to
    > > > > avoid managing another piece of cryptic data (in addition to the

    key),
    > > I'm
    > > > > thinking of using the key as the IV. I use a 256-bit key so I

    > increased
    > > > > the
    > > > > blocksize on my RijndaelManaged object to 256 and this actually

    speed
    > up
    > > > > the
    > > > > encryption process by about 10% when I tested with a file of 3 MB in

    > > size.
    > > > > This is good. However, I just don't know if using the same byte

    array
    > > as
    > > > > the key and the IV is a security concern, that is, whether it's

    easier
    > > to
    > > > > figure out the IV from the encrypted data. Because if so, then my

    key
    > > is
    > > > > also exposed.
    > > > >
    > > > > Thanks a lot for any suggestions.
    > > > > Bob
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Alek Davis, May 14, 2004
    #10
  11. Bob

    Bob Guest

    Thanks a lot Hernan.

    "Hernan de Lahitte" <> wrote in message
    news:...
    > Bob,
    >
    > It's not a good idea tu resuse the same key / IV combo. An instresting
    > approach might be to derive a password with the "PasswordDeriveBytes"

    class
    > and generate a random salt. If you want some further details about

    password
    > generation check out this article:
    > http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.
    >
    > --
    > Hernan de Lahitte
    > Lagash Systems S.A.
    > http://weblogs.asp.net/hernandl
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    >
    > " Bob" <> wrote in message
    > news:...
    > > Valery:
    > >
    > > Thanks for the reply. I understand IV can be plain text and what it

    does.
    > > My question is, if I use the key as the IV (so I don't have to send the

    IV
    > > as an added baggage or store it on both ends), whether this would add
    > > security risks.
    > >
    > > I need to keep the key on both ends anyway, so it's convenient to use it

    > as
    > > the IV. but if the convenience brings risks, then I probably shouldn't

    do
    > > it.
    > >
    > > Bob
    > >
    > > "Valery Pryamikov" <> wrote in message
    > > news:e$...
    > > > Hi Bob,
    > > > you don't need to encrypt IV - just send it in plain text prepended to
    > > > cipher text.
    > > > The point is that you can use different IV with the same encryption

    > > session
    > > > key for encrypting multiple packages, thus producing different cipher

    > text
    > > > even if plain text was the same.
    > > > IV is used differently depending on modes of operations. ECB - no

    > effect,
    > > > CBC XORes every previous cipher block with next plain text block

    before
    > > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

    > starting
    > > > block when generating cipher stream and use previous cipher block for
    > > > generating next keystream block.
    > > >
    > > > -Valery.
    > > > http://www.harper.no/valery
    > > >
    > > > " Bob" <> wrote in message
    > > > news:u6tcT%...
    > > > >I have two questions hoping someone could give me some insights.
    > > > >
    > > > > I'm implementing an encryption solution using the RijndaelManaged

    > class.
    > > > > What I found very strange is that if I use a different IV on the

    > > decrypte
    > > > > end, a binary file (such as a zip file) decrypts without any

    problem,
    > > but
    > > > > if
    > > > > it's a text file, it adds some scrumbled characters at the beginning

    > > even
    > > > > though the rest of the file is decrypted without problem. Why does

    > this
    > > > > happen?
    > > > >
    > > > > Because of this issue, I need to have the same IV on both ends. I'd

    > > like
    > > > > to
    > > > > avoid managing another piece of cryptic data (in addition to the

    key),
    > > I'm
    > > > > thinking of using the key as the IV. I use a 256-bit key so I

    > increased
    > > > > the
    > > > > blocksize on my RijndaelManaged object to 256 and this actually

    speed
    > up
    > > > > the
    > > > > encryption process by about 10% when I tested with a file of 3 MB in

    > > size.
    > > > > This is good. However, I just don't know if using the same byte

    array
    > > as
    > > > > the key and the IV is a security concern, that is, whether it's

    easier
    > > to
    > > > > figure out the IV from the encrypted data. Because if so, then my

    key
    > > is
    > > > > also exposed.
    > > > >
    > > > > Thanks a lot for any suggestions.
    > > > > Bob
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Bob, May 14, 2004
    #11
  12. See also sample code here, showing contatenation of items into AES_encrypted file,
    as well as how to manage this with cascaded streams b64 included:
    http://www.jensign.com/JavaScience/dotnet/SimCryptNET

    - Mitch Gallant
    www.jensign.com

    "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
    news:...
    > Or you can use an approach like this:
    > http://www.obviex.com/samples/EncryptionWithSalt.aspx.
    >
    > Alek
    >
    > "Hernan de Lahitte" <> wrote in message
    > news:...
    > > Bob,
    > >
    > > It's not a good idea tu resuse the same key / IV combo. An instresting
    > > approach might be to derive a password with the "PasswordDeriveBytes"

    > class
    > > and generate a random salt. If you want some further details about

    > password
    > > generation check out this article:
    > > http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.
    > >
    > > --
    > > Hernan de Lahitte
    > > Lagash Systems S.A.
    > > http://weblogs.asp.net/hernandl
    > >
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no

    > rights.
    > >
    > > " Bob" <> wrote in message
    > > news:...
    > > > Valery:
    > > >
    > > > Thanks for the reply. I understand IV can be plain text and what it

    > does.
    > > > My question is, if I use the key as the IV (so I don't have to send the

    > IV
    > > > as an added baggage or store it on both ends), whether this would add
    > > > security risks.
    > > >
    > > > I need to keep the key on both ends anyway, so it's convenient to use it

    > > as
    > > > the IV. but if the convenience brings risks, then I probably shouldn't

    > do
    > > > it.
    > > >
    > > > Bob
    > > >
    > > > "Valery Pryamikov" <> wrote in message
    > > > news:e$...
    > > > > Hi Bob,
    > > > > you don't need to encrypt IV - just send it in plain text prepended to
    > > > > cipher text.
    > > > > The point is that you can use different IV with the same encryption
    > > > session
    > > > > key for encrypting multiple packages, thus producing different cipher

    > > text
    > > > > even if plain text was the same.
    > > > > IV is used differently depending on modes of operations. ECB - no

    > > effect,
    > > > > CBC XORes every previous cipher block with next plain text block

    > before
    > > > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

    > > starting
    > > > > block when generating cipher stream and use previous cipher block for
    > > > > generating next keystream block.
    > > > >
    > > > > -Valery.
    > > > > http://www.harper.no/valery
    > > > >
    > > > > " Bob" <> wrote in message
    > > > > news:u6tcT%...
    > > > > >I have two questions hoping someone could give me some insights.
    > > > > >
    > > > > > I'm implementing an encryption solution using the RijndaelManaged

    > > class.
    > > > > > What I found very strange is that if I use a different IV on the
    > > > decrypte
    > > > > > end, a binary file (such as a zip file) decrypts without any

    > problem,
    > > > but
    > > > > > if
    > > > > > it's a text file, it adds some scrumbled characters at the beginning
    > > > even
    > > > > > though the rest of the file is decrypted without problem. Why does

    > > this
    > > > > > happen?
    > > > > >
    > > > > > Because of this issue, I need to have the same IV on both ends. I'd
    > > > like
    > > > > > to
    > > > > > avoid managing another piece of cryptic data (in addition to the

    > key),
    > > > I'm
    > > > > > thinking of using the key as the IV. I use a 256-bit key so I

    > > increased
    > > > > > the
    > > > > > blocksize on my RijndaelManaged object to 256 and this actually

    > speed
    > > up
    > > > > > the
    > > > > > encryption process by about 10% when I tested with a file of 3 MB in
    > > > size.
    > > > > > This is good. However, I just don't know if using the same byte

    > array
    > > > as
    > > > > > the key and the IV is a security concern, that is, whether it's

    > easier
    > > > to
    > > > > > figure out the IV from the encrypted data. Because if so, then my

    > key
    > > > is
    > > > > > also exposed.
    > > > > >
    > > > > > Thanks a lot for any suggestions.
    > > > > > Bob
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Michel Gallant, May 14, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian Bongiorno

    custom key and hasmap using a ranged key

    Christian Bongiorno, Jun 15, 2004, in forum: Java
    Replies:
    1
    Views:
    468
    Roedy Green
    Jun 15, 2004
  2. Patrick Guio
    Replies:
    6
    Views:
    3,247
    chris
    Oct 20, 2004
  3. shyam
    Replies:
    8
    Views:
    447
    Priscilla Walmsley
    Jun 21, 2006
  4. M P
    Replies:
    1
    Views:
    521
  5. Victor Hooi
    Replies:
    1
    Views:
    123
    Victor Hooi
    Oct 29, 2013
Loading...

Share This Page