Solved

Using encrypted information and its salt as the Key/IV for Rijndael.

Posted on 2006-07-03
2
341 Views
Last Modified: 2012-08-14
Should I be worried about using a hash and its salt as the key/IV for doing Rijndael encryption on a value? The Rijndael-encrypted value will then be accessible by users/third-parties, though the key/IV will be kept secret. I won't be using a user-password hash and salt as the key/IV, but it's almost the same I guess.

Andy
0
Comment
Question by:AGBrown
2 Comments
 
LVL 2

Accepted Solution

by:
houndogg earned 500 total points
ID: 17044991
It's all about how secure you actually need it to be.  Imagine one of your competitors put all their efforts into cracking this value.  Even if they had a million machines and could try a million keys per second per machine, I believe the time to brute-force a 256 bit Rijndael encryption would be around 2.2 * 10^59 years.  I might be off by a few decimal places, but really, would you know the difference between 2.2*10^57 years and 2.2*10^61 years?

So the salt isn't strictly necessary.  It'd be more worth it to make sure your keys are secure
0
 
LVL 12

Author Comment

by:AGBrown
ID: 17052906
Thanks. So as long as the key/IV for Rijndael are kept secret, there's no chance of them becoming known by reverse engineering the encrypted Rijndael value - is that correct?

Its a pretty academic question; I'm really trying to get my head around the different encryption types available for C#, how secure they are, how easy they are and how appropriate they are in certain situations.

Andy
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is "public object" in C#? 3 65
C# bracket error 3 36
Need to start a web service from Visual Studio 2015 Pro 2 35
C# MVC Insert Multiple Row into DB 2 32
Article by: Najam
Having new technologies does not mean they will completely replace old components.  Recently I had to create WCF that will be called by VB6 component.  Here I will describe what steps one should follow while doing so, please feel free to post any qu…
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question