I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?
You can use GenerateIV
(overridden in RijndaelManaged
) to generate the IV. You can then transmit the IV along with the cyphertext. You can think of an IV as acting a bit like a salt - basically it prevents the same plaintext from being encrypted to the same cyphertext each time. Don't reuse an IV - that makes it pointless. Generate a new one for each message.
There is a special function to get a key from a password, I believe it is safer than a Hash. You may want to look up yhe Rfc2898DeriveBytes class. It needs a Salt
and a Password.
It is an accepted practice to add the IV (and the Salt) unencrypted to the message.
If you create an instance of the Rijndaal class, it auto-generates a IV, the sender can just use that.
Jon Skeet is correct about the IV, but you also have a problem with the way you are deriving a key.
Just using a single round of SHA256 on the plaintext password is not secure. It leaves the system open to a simple dictionary attack.
There is a class of functions that are designed to take a plaintext password and create a cipher key from them - these are "key derivation functions". You should use one of these - PBKDF2 is a good choice - to generate your key. The Rfc2898DeriveBytes
class implements PBKDF2.
The KDF will require a salt, which is randomly generated each time and included along with the cipher text (just like the IV).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With