using the key as the IV in RijndaelManaged, any problem?

B

Bob

I have two questions hoping someone could give me some insights.

I'm implementing an encryption solution using the RijndaelManaged class.
What I found very strange is that if I use a different IV on the decrypte
end, a binary file (such as a zip file) decrypts without any problem, but if
it's a text file, it adds some scrumbled characters at the beginning even
though the rest of the file is decrypted without problem. Why does this
happen?

Because of this issue, I need to have the same IV on both ends. I'd like to
avoid managing another piece of cryptic data (in addition to the key), I'm
thinking of using the key as the IV. I use a 256-bit key so I increased the
blocksize on my RijndaelManaged object to 256 and this actually speed up the
encryption process by about 10% when I tested with a file of 3 MB in size.
This is good. However, I just don't know if using the same byte array as
the key and the IV is a security concern, that is, whether it's easier to
figure out the IV from the encrypted data. Because if so, then my key is
also exposed.

Thanks a lot for any suggestions.
Bob
 
E

Eugen Feraru

Bob,
I am looking at using the Rijndael algorithm, as well. Have you understood
the need of using the IV? Reading the AES specs - Advance Encryption
Standard - based on the Rijndael algorithm, I could not find any IV
references. May be I need to do more reading....

Thanks,
Eugen
 
V

Valery Pryamikov

Hi Bob,
you don't need to encrypt IV - just send it in plain text prepended to
cipher text.
The point is that you can use different IV with the same encryption session
key for encrypting multiple packages, thus producing different cipher text
even if plain text was the same.
IV is used differently depending on modes of operations. ECB - no effect,
CBC XORes every previous cipher block with next plain text block before
encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
block when generating cipher stream and use previous cipher block for
generating next keystream block.

-Valery.
http://www.harper.no/valery
 
A

Alek Davis

Eugen,

IV is not Rijndael-specific. It is used by encryption algorithms which
support cipher-block chaining (CBC). When an encryption algorithm, such as
Rijndael, uses CBC, every block of plain text data is XORed with the
previous (encrypted) block before it is encrypted. (This is considered a
good encryption mode - i.e. better than CFB, EBC, etc., which do not need
IV - because using different IV values the same plain text can be encrypted
with the same key producing different cipher text.) Anyway, as you might
have guessed, when the first block of plain text is being encrypted, there
is no previous block to XOR it with, so this is the purpose that IV serves.
IV is XORed with the first plain text block, then the result is encrypted.
The encrypted block is then XORed with the second plain text block and the
result is encrypted, and so on. Obviously, IV will be needed during
decryption, but unlike the encryption key (or pass phrase from which the key
is derived), IV is not considered a sensitive value, so it is normally
stored as plain text. I hope I made a bit it more clear for you.

Alek
 
B

Bob

Valery:

Thanks for the reply. I understand IV can be plain text and what it does.
My question is, if I use the key as the IV (so I don't have to send the IV
as an added baggage or store it on both ends), whether this would add
security risks.

I need to keep the key on both ends anyway, so it's convenient to use it as
the IV. but if the convenience brings risks, then I probably shouldn't do
it.

Bob
 
B

Bob

IV is needed when the encryption mode is Cipher Block Chaining, which is the
default in the RijndaelManaged class. You can read the thread "Encryption
using System.Security.Cryptography" on this group for more details. It's
basically a "seed" for the encryption process to get started.

Bob
 
V

Valery Pryamikov

Bob,
AFAIK, using key as IV doesn't increase risk of key being compromised, but
it demeans use of chaining and feedback modes (which is to generate
different cipher from the same text by using different IV). If using fixed
IV-KEY pair is your intention - then you can also consider switchig to ECB
for better performace. Chaining and Feedback modes with fixed IV-KEY pair
will just use more processor cycles, but only insignificantly (if at all)
increase cipher strength.

-Valery.

http://www.harper.no/valery
 
E

Eugen Feraru

Thanks Alek for the detailed response!
Eugen

Alek Davis said:
Eugen,

IV is not Rijndael-specific. It is used by encryption algorithms which
support cipher-block chaining (CBC). When an encryption algorithm, such as
Rijndael, uses CBC, every block of plain text data is XORed with the
previous (encrypted) block before it is encrypted. (This is considered a
good encryption mode - i.e. better than CFB, EBC, etc., which do not need
IV - because using different IV values the same plain text can be encrypted
with the same key producing different cipher text.) Anyway, as you might
have guessed, when the first block of plain text is being encrypted, there
is no previous block to XOR it with, so this is the purpose that IV serves.
IV is XORed with the first plain text block, then the result is encrypted.
The encrypted block is then XORed with the second plain text block and the
result is encrypted, and so on. Obviously, IV will be needed during
decryption, but unlike the encryption key (or pass phrase from which the key
is derived), IV is not considered a sensitive value, so it is normally
stored as plain text. I hope I made a bit it more clear for you.

Alek
 
H

Hernan de Lahitte

Bob,

It's not a good idea tu resuse the same key / IV combo. An instresting
approach might be to derive a password with the "PasswordDeriveBytes" class
and generate a random salt. If you want some further details about password
generation check out this article:
http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.
 
B

Bob

Thanks a lot Hernan.

Hernan de Lahitte said:
Bob,

It's not a good idea tu resuse the same key / IV combo. An instresting
approach might be to derive a password with the "PasswordDeriveBytes" class
and generate a random salt. If you want some further details about password
generation check out this article:
http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

speed
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top