Solved

Using encrypted information and its salt as the Key/IV for Rijndael.

Posted on 2006-07-03
2
343 Views
Last Modified: 2012-08-14
Should I be worried about using a hash and its salt as the key/IV for doing Rijndael encryption on a value? The Rijndael-encrypted value will then be accessible by users/third-parties, though the key/IV will be kept secret. I won't be using a user-password hash and salt as the key/IV, but it's almost the same I guess.

Andy
0
Comment
Question by:AGBrown
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
houndogg earned 500 total points
ID: 17044991
It's all about how secure you actually need it to be.  Imagine one of your competitors put all their efforts into cracking this value.  Even if they had a million machines and could try a million keys per second per machine, I believe the time to brute-force a 256 bit Rijndael encryption would be around 2.2 * 10^59 years.  I might be off by a few decimal places, but really, would you know the difference between 2.2*10^57 years and 2.2*10^61 years?

So the salt isn't strictly necessary.  It'd be more worth it to make sure your keys are secure
0
 
LVL 12

Author Comment

by:AGBrown
ID: 17052906
Thanks. So as long as the key/IV for Rijndael are kept secret, there's no chance of them becoming known by reverse engineering the encrypted Rijndael value - is that correct?

Its a pretty academic question; I'm really trying to get my head around the different encryption types available for C#, how secure they are, how easy they are and how appropriate they are in certain situations.

Andy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question