Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

Using encrypted information and its salt as the Key/IV for Rijndael.

Should I be worried about using a hash and its salt as the key/IV for doing Rijndael encryption on a value? The Rijndael-encrypted value will then be accessible by users/third-parties, though the key/IV will be kept secret. I won't be using a user-password hash and salt as the key/IV, but it's almost the same I guess.

Andy
0
AGBrown
Asked:
AGBrown
1 Solution
 
houndoggCommented:
It's all about how secure you actually need it to be.  Imagine one of your competitors put all their efforts into cracking this value.  Even if they had a million machines and could try a million keys per second per machine, I believe the time to brute-force a 256 bit Rijndael encryption would be around 2.2 * 10^59 years.  I might be off by a few decimal places, but really, would you know the difference between 2.2*10^57 years and 2.2*10^61 years?

So the salt isn't strictly necessary.  It'd be more worth it to make sure your keys are secure
0
 
AGBrownAuthor Commented:
Thanks. So as long as the key/IV for Rijndael are kept secret, there's no chance of them becoming known by reverse engineering the encrypted Rijndael value - is that correct?

Its a pretty academic question; I'm really trying to get my head around the different encryption types available for C#, how secure they are, how easy they are and how appropriate they are in certain situations.

Andy
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now