using the key as the IV in RijndaelManaged, any problem?

[Bob]

I have two questions hoping someone could give me some insights.

I'm implementing an encryption solution using the RijndaelManaged class.
What I found very strange is that if I use a different IV on the decrypte
end, a binary file (such as a zip file) decrypts without any problem, but if
it's a text file, it adds some scrumbled characters at the beginning even
though the rest of the file is decrypted without problem. Why does this
happen?

Because of this issue, I need to have the same IV on both ends. I'd like to
avoid managing another piece of cryptic data (in addition to the key), I'm
thinking of using the key as the IV. I use a 256-bit key so I increased the
blocksize on my RijndaelManaged object to 256 and this actually speed up the
encryption process by about 10% when I tested with a file of 3 MB in size.
This is good. However, I just don't know if using the same byte array as
the key and the IV is a security concern, that is, whether it's easier to
figure out the IV from the encrypted data. Because if so, then my key is
also exposed.

Thanks a lot for any suggestions.
Bob

[Eugen Feraru]

Bob,
I am looking at using the Rijndael algorithm, as well. Have you understood
the need of using the IV? Reading the AES specs - Advance Encryption
Standard - based on the Rijndael algorithm, I could not find any IV
references. May be I need to do more reading....

Thanks,
Eugen

" Bob" <bobatkpmg@yahoo.com> wrote in message
news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> I have two questions hoping someone could give me some insights.
>
> I'm implementing an encryption solution using the RijndaelManaged class.
> What I found very strange is that if I use a different IV on the decrypte
> end, a binary file (such as a zip file) decrypts without any problem, but

if

> it's a text file, it adds some scrumbled characters at the beginning even
> though the rest of the file is decrypted without problem. Why does this
> happen?
>
> Because of this issue, I need to have the same IV on both ends. I'd like

to

> avoid managing another piece of cryptic data (in addition to the key), I'm
> thinking of using the key as the IV. I use a 256-bit key so I increased

the

> blocksize on my RijndaelManaged object to 256 and this actually speed up

the

> encryption process by about 10% when I tested with a file of 3 MB in size.
> This is good. However, I just don't know if using the same byte array as
> the key and the IV is a security concern, that is, whether it's easier to
> figure out the IV from the encrypted data. Because if so, then my key is
> also exposed.
>
> Thanks a lot for any suggestions.
> Bob
>
>

[Valery Pryamikov]

Hi Bob,
you don't need to encrypt IV - just send it in plain text prepended to
cipher text.
The point is that you can use different IV with the same encryption session
key for encrypting multiple packages, thus producing different cipher text
even if plain text was the same.
IV is used differently depending on modes of operations. ECB - no effect,
CBC XORes every previous cipher block with next plain text block before
encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
block when generating cipher stream and use previous cipher block for
generating next keystream block.

-Valery.
[url]http://www.harper.no/valery[/url]

" Bob" <bobatkpmg@yahoo.com> wrote in message
news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

>I have two questions hoping someone could give me some insights.
>
> I'm implementing an encryption solution using the RijndaelManaged class.
> What I found very strange is that if I use a different IV on the decrypte
> end, a binary file (such as a zip file) decrypts without any problem, but
> if
> it's a text file, it adds some scrumbled characters at the beginning even
> though the rest of the file is decrypted without problem. Why does this
> happen?
>
> Because of this issue, I need to have the same IV on both ends. I'd like
> to
> avoid managing another piece of cryptic data (in addition to the key), I'm
> thinking of using the key as the IV. I use a 256-bit key so I increased
> the
> blocksize on my RijndaelManaged object to 256 and this actually speed up
> the
> encryption process by about 10% when I tested with a file of 3 MB in size.
> This is good. However, I just don't know if using the same byte array as
> the key and the IV is a security concern, that is, whether it's easier to
> figure out the IV from the encrypted data. Because if so, then my key is
> also exposed.
>
> Thanks a lot for any suggestions.
> Bob
>
>

[Alek Davis]

Eugen,

IV is not Rijndael-specific. It is used by encryption algorithms which
support cipher-block chaining (CBC). When an encryption algorithm, such as
Rijndael, uses CBC, every block of plain text data is XORed with the
previous (encrypted) block before it is encrypted. (This is considered a
good encryption mode - i.e. better than CFB, EBC, etc., which do not need
IV - because using different IV values the same plain text can be encrypted
with the same key producing different cipher text.) Anyway, as you might
have guessed, when the first block of plain text is being encrypted, there
is no previous block to XOR it with, so this is the purpose that IV serves.
IV is XORed with the first plain text block, then the result is encrypted.
The encrypted block is then XORed with the second plain text block and the
result is encrypted, and so on. Obviously, IV will be needed during
decryption, but unlike the encryption key (or pass phrase from which the key
is derived), IV is not considered a sensitive value, so it is normally
stored as plain text. I hope I made a bit it more clear for you.

Alek

"Eugen Feraru" <NoSpam@Spam.com> wrote in message
news:OsiJFPGOEHA.3096@TK2MSFTNGP09.phx.gbl...

> Bob,
> I am looking at using the Rijndael algorithm, as well. Have you understood
> the need of using the IV? Reading the AES specs - Advance Encryption
> Standard - based on the Rijndael algorithm, I could not find any IV
> references. May be I need to do more reading....
>
> Thanks,
> Eugen
>
> " Bob" <bobatkpmg@yahoo.com> wrote in message
> news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> > I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte

> > end, a binary file (such as a zip file) decrypts without any problem,

but

> if

> > it's a text file, it adds some scrumbled characters at the beginning

even

> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like

> to

> > avoid managing another piece of cryptic data (in addition to the key),

I'm

> > thinking of using the key as the IV. I use a 256-bit key so I increased

> the

> > blocksize on my RijndaelManaged object to 256 and this actually speed up

> the

> > encryption process by about 10% when I tested with a file of 3 MB in

size.

> > This is good. However, I just don't know if using the same byte array

as

> > the key and the IV is a security concern, that is, whether it's easier

to

> > figure out the IV from the encrypted data. Because if so, then my key

is

> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>

[Bob]

Valery:

Thanks for the reply. I understand IV can be plain text and what it does.
My question is, if I use the key as the IV (so I don't have to send the IV
as an added baggage or store it on both ends), whether this would add
security risks.

I need to keep the key on both ends anyway, so it's convenient to use it as
the IV. but if the convenience brings risks, then I probably shouldn't do
it.

Bob

"Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...

> Hi Bob,
> you don't need to encrypt IV - just send it in plain text prepended to
> cipher text.
> The point is that you can use different IV with the same encryption

session

> key for encrypting multiple packages, thus producing different cipher text
> even if plain text was the same.
> IV is used differently depending on modes of operations. ECB - no effect,
> CBC XORes every previous cipher block with next plain text block before
> encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
> block when generating cipher stream and use previous cipher block for
> generating next keystream block.
>
> -Valery.
> [url]http://www.harper.no/valery[/url]
>
> " Bob" <bobatkpmg@yahoo.com> wrote in message
> news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> >I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte

> > end, a binary file (such as a zip file) decrypts without any problem,

but

> > if
> > it's a text file, it adds some scrumbled characters at the beginning

even

> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like

> > to
> > avoid managing another piece of cryptic data (in addition to the key),

I'm

> > thinking of using the key as the IV. I use a 256-bit key so I increased
> > the
> > blocksize on my RijndaelManaged object to 256 and this actually speed up
> > the
> > encryption process by about 10% when I tested with a file of 3 MB in

size.

> > This is good. However, I just don't know if using the same byte array

as

> > the key and the IV is a security concern, that is, whether it's easier

to

> > figure out the IV from the encrypted data. Because if so, then my key

is

> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>

[Bob]

IV is needed when the encryption mode is Cipher Block Chaining, which is the
default in the RijndaelManaged class. You can read the thread "Encryption
using System.Security.Cryptography" on this group for more details. It's
basically a "seed" for the encryption process to get started.

Bob

"Eugen Feraru" <NoSpam@Spam.com> wrote in message
news:OsiJFPGOEHA.3096@TK2MSFTNGP09.phx.gbl...

> Bob,
> I am looking at using the Rijndael algorithm, as well. Have you understood
> the need of using the IV? Reading the AES specs - Advance Encryption
> Standard - based on the Rijndael algorithm, I could not find any IV
> references. May be I need to do more reading....
>
> Thanks,
> Eugen
>
> " Bob" <bobatkpmg@yahoo.com> wrote in message
> news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> > I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte

> > end, a binary file (such as a zip file) decrypts without any problem,

but

> if

> > it's a text file, it adds some scrumbled characters at the beginning

even

> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like

> to

> > avoid managing another piece of cryptic data (in addition to the key),

I'm

> > thinking of using the key as the IV. I use a 256-bit key so I increased

> the

> > blocksize on my RijndaelManaged object to 256 and this actually speed up

> the

> > encryption process by about 10% when I tested with a file of 3 MB in

size.

> > This is good. However, I just don't know if using the same byte array

as

> > the key and the IV is a security concern, that is, whether it's easier

to

> > figure out the IV from the encrypted data. Because if so, then my key

is

> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>

[Valery Pryamikov]

Bob,
AFAIK, using key as IV doesn't increase risk of key being compromised, but
it demeans use of chaining and feedback modes (which is to generate
different cipher from the same text by using different IV). If using fixed
IV-KEY pair is your intention - then you can also consider switchig to ECB
for better performace. Chaining and Feedback modes with fixed IV-KEY pair
will just use more processor cycles, but only insignificantly (if at all)
increase cipher strength.

-Valery.

[url]http://www.harper.no/valery[/url]


" Bob" <bobatkpmg@yahoo.com> wrote in message
news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...

> Valery:
>
> Thanks for the reply. I understand IV can be plain text and what it does.
> My question is, if I use the key as the IV (so I don't have to send the IV
> as an added baggage or store it on both ends), whether this would add
> security risks.
>
> I need to keep the key on both ends anyway, so it's convenient to use it
> as
> the IV. but if the convenience brings risks, then I probably shouldn't do
> it.
>
> Bob
>
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...

>> Hi Bob,
>> you don't need to encrypt IV - just send it in plain text prepended to
>> cipher text.
>> The point is that you can use different IV with the same encryption

> session

>> key for encrypting multiple packages, thus producing different cipher
>> text
>> even if plain text was the same.
>> IV is used differently depending on modes of operations. ECB - no effect,
>> CBC XORes every previous cipher block with next plain text block before
>> encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
>> block when generating cipher stream and use previous cipher block for
>> generating next keystream block.
>>
>> -Valery.
>> [url]http://www.harper.no/valery[/url]
>>
>> " Bob" <bobatkpmg@yahoo.com> wrote in message
>> news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

>> >I have two questions hoping someone could give me some insights.
>> >
>> > I'm implementing an encryption solution using the RijndaelManaged
>> > class.
>> > What I found very strange is that if I use a different IV on the

> decrypte

>> > end, a binary file (such as a zip file) decrypts without any problem,

> but

>> > if
>> > it's a text file, it adds some scrumbled characters at the beginning

> even

>> > though the rest of the file is decrypted without problem. Why does
>> > this
>> > happen?
>> >
>> > Because of this issue, I need to have the same IV on both ends. I'd

> like

>> > to
>> > avoid managing another piece of cryptic data (in addition to the key),

> I'm

>> > thinking of using the key as the IV. I use a 256-bit key so I
>> > increased
>> > the
>> > blocksize on my RijndaelManaged object to 256 and this actually speed
>> > up
>> > the
>> > encryption process by about 10% when I tested with a file of 3 MB in

> size.

>> > This is good. However, I just don't know if using the same byte array

> as

>> > the key and the IV is a security concern, that is, whether it's easier

> to

>> > figure out the IV from the encrypted data. Because if so, then my key

> is

>> > also exposed.
>> >
>> > Thanks a lot for any suggestions.
>> > Bob
>> >
>> >

>>
>>

>
>

[Eugen Feraru]

Thanks Alek for the detailed response!
Eugen

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:emIl$kGOEHA.3596@tk2msftngp13.phx.gbl...

> Eugen,
>
> IV is not Rijndael-specific. It is used by encryption algorithms which
> support cipher-block chaining (CBC). When an encryption algorithm, such as
> Rijndael, uses CBC, every block of plain text data is XORed with the
> previous (encrypted) block before it is encrypted. (This is considered a
> good encryption mode - i.e. better than CFB, EBC, etc., which do not need
> IV - because using different IV values the same plain text can be

encrypted

> with the same key producing different cipher text.) Anyway, as you might
> have guessed, when the first block of plain text is being encrypted, there
> is no previous block to XOR it with, so this is the purpose that IV

serves.

> IV is XORed with the first plain text block, then the result is encrypted.
> The encrypted block is then XORed with the second plain text block and the
> result is encrypted, and so on. Obviously, IV will be needed during
> decryption, but unlike the encryption key (or pass phrase from which the

key

> is derived), IV is not considered a sensitive value, so it is normally
> stored as plain text. I hope I made a bit it more clear for you.
>
> Alek
>
> "Eugen Feraru" <NoSpam@Spam.com> wrote in message
> news:OsiJFPGOEHA.3096@TK2MSFTNGP09.phx.gbl...

> > Bob,
> > I am looking at using the Rijndael algorithm, as well. Have you

understood

> > the need of using the IV? Reading the AES specs - Advance Encryption
> > Standard - based on the Rijndael algorithm, I could not find any IV
> > references. May be I need to do more reading....
> >
> > Thanks,
> > Eugen
> >
> > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> > > I have two questions hoping someone could give me some insights.
> > >
> > > I'm implementing an encryption solution using the RijndaelManaged

class.

> > > What I found very strange is that if I use a different IV on the

> decrypte

> > > end, a binary file (such as a zip file) decrypts without any problem,

> but

> > if

> > > it's a text file, it adds some scrumbled characters at the beginning

> even

> > > though the rest of the file is decrypted without problem. Why does

this

> > > happen?
> > >
> > > Because of this issue, I need to have the same IV on both ends. I'd

> like

> > to

> > > avoid managing another piece of cryptic data (in addition to the key),

> I'm

> > > thinking of using the key as the IV. I use a 256-bit key so I

increased

> > the

> > > blocksize on my RijndaelManaged object to 256 and this actually speed

up

> > the

> > > encryption process by about 10% when I tested with a file of 3 MB in

> size.

> > > This is good. However, I just don't know if using the same byte array

> as

> > > the key and the IV is a security concern, that is, whether it's easier

> to

> > > figure out the IV from the encrypted data. Because if so, then my key

> is

> > > also exposed.
> > >
> > > Thanks a lot for any suggestions.
> > > Bob
> > >
> > >

> >
> >

>
>

[Hernan de Lahitte]

Bob,

It's not a good idea tu resuse the same key / IV combo. An instresting
approach might be to derive a password with the "PasswordDeriveBytes" class
and generate a random salt. If you want some further details about password
generation check out this article:
[url]http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx[/url].

--
Hernan de Lahitte
Lagash Systems S.A.
[url]http://weblogs.asp.net/hernandl[/url]


This posting is provided "AS IS" with no warranties, and confers no rights.

" Bob" <bobatkpmg@yahoo.com> wrote in message
news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...

> Valery:
>
> Thanks for the reply. I understand IV can be plain text and what it does.
> My question is, if I use the key as the IV (so I don't have to send the IV
> as an added baggage or store it on both ends), whether this would add
> security risks.
>
> I need to keep the key on both ends anyway, so it's convenient to use it

as

> the IV. but if the convenience brings risks, then I probably shouldn't do
> it.
>
> Bob
>
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...

> > Hi Bob,
> > you don't need to encrypt IV - just send it in plain text prepended to
> > cipher text.
> > The point is that you can use different IV with the same encryption

> session

> > key for encrypting multiple packages, thus producing different cipher

text

> > even if plain text was the same.
> > IV is used differently depending on modes of operations. ECB - no

effect,

> > CBC XORes every previous cipher block with next plain text block before
> > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

starting

> > block when generating cipher stream and use previous cipher block for
> > generating next keystream block.
> >
> > -Valery.
> > [url]http://www.harper.no/valery[/url]
> >
> > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...

> > >I have two questions hoping someone could give me some insights.
> > >
> > > I'm implementing an encryption solution using the RijndaelManaged

class.

> > > What I found very strange is that if I use a different IV on the

> decrypte

> > > end, a binary file (such as a zip file) decrypts without any problem,

> but

> > > if
> > > it's a text file, it adds some scrumbled characters at the beginning

> even

> > > though the rest of the file is decrypted without problem. Why does

this

> > > happen?
> > >
> > > Because of this issue, I need to have the same IV on both ends. I'd

> like

> > > to
> > > avoid managing another piece of cryptic data (in addition to the key),

> I'm

> > > thinking of using the key as the IV. I use a 256-bit key so I

increased

> > > the
> > > blocksize on my RijndaelManaged object to 256 and this actually speed

up

> > > the
> > > encryption process by about 10% when I tested with a file of 3 MB in

> size.

> > > This is good. However, I just don't know if using the same byte array

> as

> > > the key and the IV is a security concern, that is, whether it's easier

> to

> > > figure out the IV from the encrypted data. Because if so, then my key

> is

> > > also exposed.
> > >
> > > Thanks a lot for any suggestions.
> > > Bob
> > >
> > >

> >
> >

>
>

[Alek Davis]

Or you can use an approach like this:
[url]http://www.obviex.com/samples/EncryptionWithSalt.aspx[/url].

Alek

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:ubpjqtdOEHA.3348@TK2MSFTNGP09.phx.gbl...

> Bob,
>
> It's not a good idea tu resuse the same key / IV combo. An instresting
> approach might be to derive a password with the "PasswordDeriveBytes"

class

> and generate a random salt. If you want some further details about

password

> generation check out this article:
> [url]http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx[/url].
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> [url]http://weblogs.asp.net/hernandl[/url]
>
>
> This posting is provided "AS IS" with no warranties, and confers no

rights.

>
> " Bob" <bobatkpmg@yahoo.com> wrote in message
> news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...

> > Valery:
> >
> > Thanks for the reply. I understand IV can be plain text and what it

does.

> > My question is, if I use the key as the IV (so I don't have to send the

IV

> > as an added baggage or store it on both ends), whether this would add
> > security risks.
> >
> > I need to keep the key on both ends anyway, so it's convenient to use it

> as

> > the IV. but if the convenience brings risks, then I probably shouldn't

do

> > it.
> >
> > Bob
> >
> > "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> > news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...

> > > Hi Bob,
> > > you don't need to encrypt IV - just send it in plain text prepended to
> > > cipher text.
> > > The point is that you can use different IV with the same encryption

> > session

> > > key for encrypting multiple packages, thus producing different cipher

> text

> > > even if plain text was the same.
> > > IV is used differently depending on modes of operations. ECB - no

> effect,

> > > CBC XORes every previous cipher block with next plain text block

before

> > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

> starting

> > > block when generating cipher stream and use previous cipher block for
> > > generating next keystream block.
> > >
> > > -Valery.
> > > [url]http://www.harper.no/valery[/url]
> > >
> > > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...
> > > >I have two questions hoping someone could give me some insights.
> > > >
> > > > I'm implementing an encryption solution using the RijndaelManaged

> class.

> > > > What I found very strange is that if I use a different IV on the

> > decrypte

> > > > end, a binary file (such as a zip file) decrypts without any

problem,

> > but

> > > > if
> > > > it's a text file, it adds some scrumbled characters at the beginning

> > even

> > > > though the rest of the file is decrypted without problem. Why does

> this

> > > > happen?
> > > >
> > > > Because of this issue, I need to have the same IV on both ends. I'd

> > like

> > > > to
> > > > avoid managing another piece of cryptic data (in addition to the

key),

> > I'm

> > > > thinking of using the key as the IV. I use a 256-bit key so I

> increased

> > > > the
> > > > blocksize on my RijndaelManaged object to 256 and this actually

speed

> up

> > > > the
> > > > encryption process by about 10% when I tested with a file of 3 MB in

> > size.

> > > > This is good. However, I just don't know if using the same byte

array

> > as

> > > > the key and the IV is a security concern, that is, whether it's

easier

> > to

> > > > figure out the IV from the encrypted data. Because if so, then my

key

> > is

> > > > also exposed.
> > > >
> > > > Thanks a lot for any suggestions.
> > > > Bob
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[Bob]

Thanks a lot Hernan.

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:ubpjqtdOEHA.3348@TK2MSFTNGP09.phx.gbl...

> Bob,
>
> It's not a good idea tu resuse the same key / IV combo. An instresting
> approach might be to derive a password with the "PasswordDeriveBytes"

class

> and generate a random salt. If you want some further details about

password

> generation check out this article:
> [url]http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx[/url].
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> [url]http://weblogs.asp.net/hernandl[/url]
>
>
> This posting is provided "AS IS" with no warranties, and confers no

rights.

>
> " Bob" <bobatkpmg@yahoo.com> wrote in message
> news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...

> > Valery:
> >
> > Thanks for the reply. I understand IV can be plain text and what it

does.

> > My question is, if I use the key as the IV (so I don't have to send the

IV

> > as an added baggage or store it on both ends), whether this would add
> > security risks.
> >
> > I need to keep the key on both ends anyway, so it's convenient to use it

> as

> > the IV. but if the convenience brings risks, then I probably shouldn't

do

> > it.
> >
> > Bob
> >
> > "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> > news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...

> > > Hi Bob,
> > > you don't need to encrypt IV - just send it in plain text prepended to
> > > cipher text.
> > > The point is that you can use different IV with the same encryption

> > session

> > > key for encrypting multiple packages, thus producing different cipher

> text

> > > even if plain text was the same.
> > > IV is used differently depending on modes of operations. ECB - no

> effect,

> > > CBC XORes every previous cipher block with next plain text block

before

> > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

> starting

> > > block when generating cipher stream and use previous cipher block for
> > > generating next keystream block.
> > >
> > > -Valery.
> > > [url]http://www.harper.no/valery[/url]
> > >
> > > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...
> > > >I have two questions hoping someone could give me some insights.
> > > >
> > > > I'm implementing an encryption solution using the RijndaelManaged

> class.

> > > > What I found very strange is that if I use a different IV on the

> > decrypte

> > > > end, a binary file (such as a zip file) decrypts without any

problem,

> > but

> > > > if
> > > > it's a text file, it adds some scrumbled characters at the beginning

> > even

> > > > though the rest of the file is decrypted without problem. Why does

> this

> > > > happen?
> > > >
> > > > Because of this issue, I need to have the same IV on both ends. I'd

> > like

> > > > to
> > > > avoid managing another piece of cryptic data (in addition to the

key),

> > I'm

> > > > thinking of using the key as the IV. I use a 256-bit key so I

> increased

> > > > the
> > > > blocksize on my RijndaelManaged object to 256 and this actually

speed

> up

> > > > the
> > > > encryption process by about 10% when I tested with a file of 3 MB in

> > size.

> > > > This is good. However, I just don't know if using the same byte

array

> > as

> > > > the key and the IV is a security concern, that is, whether it's

easier

> > to

> > > > figure out the IV from the encrypted data. Because if so, then my

key

> > is

> > > > also exposed.
> > > >
> > > > Thanks a lot for any suggestions.
> > > > Bob
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[Michel Gallant]

See also sample code here, showing contatenation of items into AES_encrypted file,
as well as how to manage this with cascaded streams b64 included:
[url]http://www.jensign.com/JavaScience/dotnet/SimCryptNET[/url]

- Mitch Gallant
[url]www.jensign.com[/url]

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:eXiB8EeOEHA.3124@TK2MSFTNGP12.phx.gbl...

> Or you can use an approach like this:
> [url]http://www.obviex.com/samples/EncryptionWithSalt.aspx[/url].
>
> Alek
>
> "Hernan de Lahitte" <hernan@lagash.com> wrote in message
> news:ubpjqtdOEHA.3348@TK2MSFTNGP09.phx.gbl...

> > Bob,
> >
> > It's not a good idea tu resuse the same key / IV combo. An instresting
> > approach might be to derive a password with the "PasswordDeriveBytes"

> class

> > and generate a random salt. If you want some further details about

> password

> > generation check out this article:
> > [url]http://blogs.msdn.com/shawnfa/archive/2004/04/14/113514.aspx[/url].
> >
> > --
> > Hernan de Lahitte
> > Lagash Systems S.A.
> > [url]http://weblogs.asp.net/hernandl[/url]
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no

> rights.

> >
> > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > news:ufSu8lGOEHA.1104@TK2MSFTNGP10.phx.gbl...

> > > Valery:
> > >
> > > Thanks for the reply. I understand IV can be plain text and what it

> does.

> > > My question is, if I use the key as the IV (so I don't have to send the

> IV

> > > as an added baggage or store it on both ends), whether this would add
> > > security risks.
> > >
> > > I need to keep the key on both ends anyway, so it's convenient to use it

> > as

> > > the IV. but if the convenience brings risks, then I probably shouldn't

> do

> > > it.
> > >
> > > Bob
> > >
> > > "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> > > news:e$pFNVGOEHA.3596@tk2msftngp13.phx.gbl...
> > > > Hi Bob,
> > > > you don't need to encrypt IV - just send it in plain text prepended to
> > > > cipher text.
> > > > The point is that you can use different IV with the same encryption
> > > session
> > > > key for encrypting multiple packages, thus producing different cipher

> > text

> > > > even if plain text was the same.
> > > > IV is used differently depending on modes of operations. ECB - no

> > effect,

> > > > CBC XORes every previous cipher block with next plain text block

> before

> > > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

> > starting

> > > > block when generating cipher stream and use previous cipher block for
> > > > generating next keystream block.
> > > >
> > > > -Valery.
> > > > [url]http://www.harper.no/valery[/url]
> > > >
> > > > " Bob" <bobatkpmg@yahoo.com> wrote in message
> > > > news:u6tcT%23EOEHA.3884@TK2MSFTNGP12.phx.gbl...
> > > > >I have two questions hoping someone could give me some insights.
> > > > >
> > > > > I'm implementing an encryption solution using the RijndaelManaged

> > class.

> > > > > What I found very strange is that if I use a different IV on the
> > > decrypte
> > > > > end, a binary file (such as a zip file) decrypts without any

> problem,

> > > but
> > > > > if
> > > > > it's a text file, it adds some scrumbled characters at the beginning
> > > even
> > > > > though the rest of the file is decrypted without problem. Why does

> > this

> > > > > happen?
> > > > >
> > > > > Because of this issue, I need to have the same IV on both ends. I'd
> > > like
> > > > > to
> > > > > avoid managing another piece of cryptic data (in addition to the

> key),

> > > I'm
> > > > > thinking of using the key as the IV. I use a 256-bit key so I

> > increased

> > > > > the
> > > > > blocksize on my RijndaelManaged object to 256 and this actually

> speed

> > up

> > > > > the
> > > > > encryption process by about 10% when I tested with a file of 3 MB in
> > > size.
> > > > > This is good. However, I just don't know if using the same byte

> array

> > > as
> > > > > the key and the IV is a security concern, that is, whether it's

> easier

> > > to
> > > > > figure out the IV from the encrypted data. Because if so, then my

> key

> > > is
> > > > > also exposed.
> > > > >
> > > > > Thanks a lot for any suggestions.
> > > > > Bob
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >

> >
> >

>
>