RijndaelManaged: IV Generation?

Question

I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?

Answer 1

You can use GenerateIV (overridden in RijndaelManaged) to generate the IV. You can then transmit the IV along with the cyphertext. You can think of an IV as acting a bit like a salt - basically it prevents the same plaintext from being encrypted to the same cyphertext each time. Don't reuse an IV - that makes it pointless. Generate a new one for each message.

Answer 2

1. There is a special function to get a key from a password, I believe it is safer than a Hash. You may want to look up yhe Rfc2898DeriveBytes class. It needs a Salt and a Password.

2. It is an accepted practice to add the IV (and the Salt) unencrypted to the message.

3. If you create an instance of the Rijndaal class, it auto-generates a IV, the sender can just use that.

Answer 3

Jon Skeet is correct about the IV, but you also have a problem with the way you are deriving a key.

Just using a single round of SHA256 on the plaintext password is not secure. It leaves the system open to a simple dictionary attack.

There is a class of functions that are designed to take a plaintext password and create a cipher key from them - these are "key derivation functions". You should use one of these - PBKDF2 is a good choice - to generate your key. The Rfc2898DeriveBytes class implements PBKDF2.

The KDF will require a salt, which is randomly generated each time and included along with the cipher text (just like the IV).