login about faq

Playing with AES encryption and I want to ask what happens if we use the IV like a "Password", but it is chosen less 16 Bytes from the user :-/

From the examples:

//  Set the IV to a known value that will be used on both sides.
    //  (If desired, you could generate a random IV and protect it in the same
    //  way as the key...)
    //  The length of the IV for AES is always 16 bytes, regardless of the key size.
    crypt.SetEncodedIV("000102030405060708090A0B0C0D0E0F","hex");

asked Apr 23 at 12:37

RootTag's gravatar image

RootTag
35121623

edited Apr 23 at 12:37


If the encryption needs 16 bytes, then you must give it 16 bytes. You could hash the supplied password using MD5+salt to get a 16-byte IV for any input. The salt is there to help protect against rainbow dictionary attacks. For example, this air-code:

input = "user supplied pass";
md5 = md5hex("random salt" + input);
crypt.SetEncodedIv(md5, "hex");
link

answered Apr 24 at 10:41

jpbro's gravatar image

jpbro ♦
1.1k2618

edited Apr 24 at 10:42

Thanks jpbro. Yes, that is a good solution. If you don't give it the full 16 bytes, or if you give it garbage, such as this: crypt.SetEncodedIV("Password","hex"); -- which is garbage because "Password" is not valid hex, then you're open to undetermined results. When doing any sort of cryptography, always be exact and don't leave anything to chance..

link

answered Apr 24 at 22:56

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×33

Asked: Apr 23 at 12:37

Seen: 275 times

Last updated: Apr 24 at 22:56

powered by OSQA