Solved

Using encrypted information and its salt as the Key/IV for Rijndael.

Posted on 2006-07-03
2
342 Views
Last Modified: 2012-08-14
Should I be worried about using a hash and its salt as the key/IV for doing Rijndael encryption on a value? The Rijndael-encrypted value will then be accessible by users/third-parties, though the key/IV will be kept secret. I won't be using a user-password hash and salt as the key/IV, but it's almost the same I guess.

Andy
0
Comment
Question by:AGBrown
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
houndogg earned 500 total points
ID: 17044991
It's all about how secure you actually need it to be.  Imagine one of your competitors put all their efforts into cracking this value.  Even if they had a million machines and could try a million keys per second per machine, I believe the time to brute-force a 256 bit Rijndael encryption would be around 2.2 * 10^59 years.  I might be off by a few decimal places, but really, would you know the difference between 2.2*10^57 years and 2.2*10^61 years?

So the salt isn't strictly necessary.  It'd be more worth it to make sure your keys are secure
0
 
LVL 12

Author Comment

by:AGBrown
ID: 17052906
Thanks. So as long as the key/IV for Rijndael are kept secret, there's no chance of them becoming known by reverse engineering the encrypted Rijndael value - is that correct?

Its a pretty academic question; I'm really trying to get my head around the different encryption types available for C#, how secure they are, how easy they are and how appropriate they are in certain situations.

Andy
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question