RijndaelManaged: IV Generation?

只谈情不闲聊 提交于 2020-01-13 10:33:18

问题


I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?


回答1:


You can use GenerateIV (overridden in RijndaelManaged) to generate the IV. You can then transmit the IV along with the cyphertext. You can think of an IV as acting a bit like a salt - basically it prevents the same plaintext from being encrypted to the same cyphertext each time. Don't reuse an IV - that makes it pointless. Generate a new one for each message.




回答2:


  1. There is a special function to get a key from a password, I believe it is safer than a Hash. You may want to look up yhe Rfc2898DeriveBytes class. It needs a Salt and a Password.

  2. It is an accepted practice to add the IV (and the Salt) unencrypted to the message.

  3. If you create an instance of the Rijndaal class, it auto-generates a IV, the sender can just use that.




回答3:


Jon Skeet is correct about the IV, but you also have a problem with the way you are deriving a key.

Just using a single round of SHA256 on the plaintext password is not secure. It leaves the system open to a simple dictionary attack.

There is a class of functions that are designed to take a plaintext password and create a cipher key from them - these are "key derivation functions". You should use one of these - PBKDF2 is a good choice - to generate your key. The Rfc2898DeriveBytes class implements PBKDF2.

The KDF will require a salt, which is randomly generated each time and included along with the cipher text (just like the IV).



来源:https://stackoverflow.com/questions/2530621/rijndaelmanaged-iv-generation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!