login about faq

Playing with AES encryption and I want to ask what happens if we use the IV like a "Password", but it is chosen less 16 Bytes from the user :-/

From the examples:

//  Set the IV to a known value that will be used on both sides.
    //  (If desired, you could generate a random IV and protect it in the same
    //  way as the key...)
    //  The length of the IV for AES is always 16 bytes, regardless of the key size.

asked Apr 23 at 12:37

RootTag's gravatar image


edited Apr 23 at 12:37

If the encryption needs 16 bytes, then you must give it 16 bytes. You could hash the supplied password using MD5+salt to get a 16-byte IV for any input. The salt is there to help protect against rainbow dictionary attacks. For example, this air-code:

input = "user supplied pass";
md5 = md5hex("random salt" + input);
crypt.SetEncodedIv(md5, "hex");

answered Apr 24 at 10:41

jpbro's gravatar image

jpbro ♦

edited Apr 24 at 10:42

Thanks jpbro. Yes, that is a good solution. If you don't give it the full 16 bytes, or if you give it garbage, such as this: crypt.SetEncodedIV("Password","hex"); -- which is garbage because "Password" is not valid hex, then you're open to undetermined results. When doing any sort of cryptography, always be exact and don't leave anything to chance..


answered Apr 24 at 22:56

chilkat's gravatar image

chilkat ♦♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Apr 23 at 12:37

Seen: 238 times

Last updated: Apr 24 at 22:56

powered by OSQA