Solved

Using encrypted information and its salt as the Key/IV for Rijndael.

Posted on 2006-07-03
2
340 Views
Last Modified: 2012-08-14
Should I be worried about using a hash and its salt as the key/IV for doing Rijndael encryption on a value? The Rijndael-encrypted value will then be accessible by users/third-parties, though the key/IV will be kept secret. I won't be using a user-password hash and salt as the key/IV, but it's almost the same I guess.

Andy
0
Comment
Question by:AGBrown
2 Comments
 
LVL 2

Accepted Solution

by:
houndogg earned 500 total points
ID: 17044991
It's all about how secure you actually need it to be.  Imagine one of your competitors put all their efforts into cracking this value.  Even if they had a million machines and could try a million keys per second per machine, I believe the time to brute-force a 256 bit Rijndael encryption would be around 2.2 * 10^59 years.  I might be off by a few decimal places, but really, would you know the difference between 2.2*10^57 years and 2.2*10^61 years?

So the salt isn't strictly necessary.  It'd be more worth it to make sure your keys are secure
0
 
LVL 12

Author Comment

by:AGBrown
ID: 17052906
Thanks. So as long as the key/IV for Rijndael are kept secret, there's no chance of them becoming known by reverse engineering the encrypted Rijndael value - is that correct?

Its a pretty academic question; I'm really trying to get my head around the different encryption types available for C#, how secure they are, how easy they are and how appropriate they are in certain situations.

Andy
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New to SOAP and need some direction 10 82
SQL Login 17 50
converto datetime always changes format 9 37
Winforms -- Capture CTRL+SHIFT+D at the form not working? 3 22
Article by: Ivo
C# And Nullable Types Since 2.0 C# has Nullable(T) Generic Structure. The idea behind is to allow value type objects to have null values just like reference types have. This concerns scenarios where not all data sources have values (like a databa…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question