Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > using the key as the IV in RijndaelManaged, any problem?

Reply
Thread Tools

using the key as the IV in RijndaelManaged, any problem?

 
 
Bob
Guest
Posts: n/a
 
      05-12-2004
I have two questions hoping someone could give me some insights.

I'm implementing an encryption solution using the RijndaelManaged class.
What I found very strange is that if I use a different IV on the decrypte
end, a binary file (such as a zip file) decrypts without any problem, but if
it's a text file, it adds some scrumbled characters at the beginning even
though the rest of the file is decrypted without problem. Why does this
happen?

Because of this issue, I need to have the same IV on both ends. I'd like to
avoid managing another piece of cryptic data (in addition to the key), I'm
thinking of using the key as the IV. I use a 256-bit key so I increased the
blocksize on my RijndaelManaged object to 256 and this actually speed up the
encryption process by about 10% when I tested with a file of 3 MB in size.
This is good. However, I just don't know if using the same byte array as
the key and the IV is a security concern, that is, whether it's easier to
figure out the IV from the encrypted data. Because if so, then my key is
also exposed.

Thanks a lot for any suggestions.
Bob


 
Reply With Quote
 
 
 
 
Eugen Feraru
Guest
Posts: n/a
 
      05-12-2004
Bob,
I am looking at using the Rijndael algorithm, as well. Have you understood
the need of using the IV? Reading the AES specs - Advance Encryption
Standard - based on the Rijndael algorithm, I could not find any IV
references. May be I need to do more reading....

Thanks,
Eugen

" Bob" <(E-Mail Removed)> wrote in message
news:u6tcT%(E-Mail Removed)...
> I have two questions hoping someone could give me some insights.
>
> I'm implementing an encryption solution using the RijndaelManaged class.
> What I found very strange is that if I use a different IV on the decrypte
> end, a binary file (such as a zip file) decrypts without any problem, but

if
> it's a text file, it adds some scrumbled characters at the beginning even
> though the rest of the file is decrypted without problem. Why does this
> happen?
>
> Because of this issue, I need to have the same IV on both ends. I'd like

to
> avoid managing another piece of cryptic data (in addition to the key), I'm
> thinking of using the key as the IV. I use a 256-bit key so I increased

the
> blocksize on my RijndaelManaged object to 256 and this actually speed up

the
> encryption process by about 10% when I tested with a file of 3 MB in size.
> This is good. However, I just don't know if using the same byte array as
> the key and the IV is a security concern, that is, whether it's easier to
> figure out the IV from the encrypted data. Because if so, then my key is
> also exposed.
>
> Thanks a lot for any suggestions.
> Bob
>
>



 
Reply With Quote
 
 
 
 
Valery Pryamikov
Guest
Posts: n/a
 
      05-12-2004
Hi Bob,
you don't need to encrypt IV - just send it in plain text prepended to
cipher text.
The point is that you can use different IV with the same encryption session
key for encrypting multiple packages, thus producing different cipher text
even if plain text was the same.
IV is used differently depending on modes of operations. ECB - no effect,
CBC XORes every previous cipher block with next plain text block before
encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
block when generating cipher stream and use previous cipher block for
generating next keystream block.

-Valery.
http://www.harper.no/valery

" Bob" <(E-Mail Removed)> wrote in message
news:u6tcT%(E-Mail Removed)...
>I have two questions hoping someone could give me some insights.
>
> I'm implementing an encryption solution using the RijndaelManaged class.
> What I found very strange is that if I use a different IV on the decrypte
> end, a binary file (such as a zip file) decrypts without any problem, but
> if
> it's a text file, it adds some scrumbled characters at the beginning even
> though the rest of the file is decrypted without problem. Why does this
> happen?
>
> Because of this issue, I need to have the same IV on both ends. I'd like
> to
> avoid managing another piece of cryptic data (in addition to the key), I'm
> thinking of using the key as the IV. I use a 256-bit key so I increased
> the
> blocksize on my RijndaelManaged object to 256 and this actually speed up
> the
> encryption process by about 10% when I tested with a file of 3 MB in size.
> This is good. However, I just don't know if using the same byte array as
> the key and the IV is a security concern, that is, whether it's easier to
> figure out the IV from the encrypted data. Because if so, then my key is
> also exposed.
>
> Thanks a lot for any suggestions.
> Bob
>
>



 
Reply With Quote
 
Alek Davis
Guest
Posts: n/a
 
      05-12-2004
Eugen,

IV is not Rijndael-specific. It is used by encryption algorithms which
support cipher-block chaining (CBC). When an encryption algorithm, such as
Rijndael, uses CBC, every block of plain text data is XORed with the
previous (encrypted) block before it is encrypted. (This is considered a
good encryption mode - i.e. better than CFB, EBC, etc., which do not need
IV - because using different IV values the same plain text can be encrypted
with the same key producing different cipher text.) Anyway, as you might
have guessed, when the first block of plain text is being encrypted, there
is no previous block to XOR it with, so this is the purpose that IV serves.
IV is XORed with the first plain text block, then the result is encrypted.
The encrypted block is then XORed with the second plain text block and the
result is encrypted, and so on. Obviously, IV will be needed during
decryption, but unlike the encryption key (or pass phrase from which the key
is derived), IV is not considered a sensitive value, so it is normally
stored as plain text. I hope I made a bit it more clear for you.

Alek

"Eugen Feraru" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Bob,
> I am looking at using the Rijndael algorithm, as well. Have you understood
> the need of using the IV? Reading the AES specs - Advance Encryption
> Standard - based on the Rijndael algorithm, I could not find any IV
> references. May be I need to do more reading....
>
> Thanks,
> Eugen
>
> " Bob" <(E-Mail Removed)> wrote in message
> news:u6tcT%(E-Mail Removed)...
> > I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte
> > end, a binary file (such as a zip file) decrypts without any problem,

but
> if
> > it's a text file, it adds some scrumbled characters at the beginning

even
> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like
> to
> > avoid managing another piece of cryptic data (in addition to the key),

I'm
> > thinking of using the key as the IV. I use a 256-bit key so I increased

> the
> > blocksize on my RijndaelManaged object to 256 and this actually speed up

> the
> > encryption process by about 10% when I tested with a file of 3 MB in

size.
> > This is good. However, I just don't know if using the same byte array

as
> > the key and the IV is a security concern, that is, whether it's easier

to
> > figure out the IV from the encrypted data. Because if so, then my key

is
> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>



 
Reply With Quote
 
Bob
Guest
Posts: n/a
 
      05-12-2004
Valery:

Thanks for the reply. I understand IV can be plain text and what it does.
My question is, if I use the key as the IV (so I don't have to send the IV
as an added baggage or store it on both ends), whether this would add
security risks.

I need to keep the key on both ends anyway, so it's convenient to use it as
the IV. but if the convenience brings risks, then I probably shouldn't do
it.

Bob

"Valery Pryamikov" <(E-Mail Removed)> wrote in message
news:e$(E-Mail Removed)...
> Hi Bob,
> you don't need to encrypt IV - just send it in plain text prepended to
> cipher text.
> The point is that you can use different IV with the same encryption

session
> key for encrypting multiple packages, thus producing different cipher text
> even if plain text was the same.
> IV is used differently depending on modes of operations. ECB - no effect,
> CBC XORes every previous cipher block with next plain text block before
> encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
> block when generating cipher stream and use previous cipher block for
> generating next keystream block.
>
> -Valery.
> http://www.harper.no/valery
>
> " Bob" <(E-Mail Removed)> wrote in message
> news:u6tcT%(E-Mail Removed)...
> >I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte
> > end, a binary file (such as a zip file) decrypts without any problem,

but
> > if
> > it's a text file, it adds some scrumbled characters at the beginning

even
> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like
> > to
> > avoid managing another piece of cryptic data (in addition to the key),

I'm
> > thinking of using the key as the IV. I use a 256-bit key so I increased
> > the
> > blocksize on my RijndaelManaged object to 256 and this actually speed up
> > the
> > encryption process by about 10% when I tested with a file of 3 MB in

size.
> > This is good. However, I just don't know if using the same byte array

as
> > the key and the IV is a security concern, that is, whether it's easier

to
> > figure out the IV from the encrypted data. Because if so, then my key

is
> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>



 
Reply With Quote
 
Bob
Guest
Posts: n/a
 
      05-12-2004
IV is needed when the encryption mode is Cipher Block Chaining, which is the
default in the RijndaelManaged class. You can read the thread "Encryption
using System.Security.Cryptography" on this group for more details. It's
basically a "seed" for the encryption process to get started.

Bob

"Eugen Feraru" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Bob,
> I am looking at using the Rijndael algorithm, as well. Have you understood
> the need of using the IV? Reading the AES specs - Advance Encryption
> Standard - based on the Rijndael algorithm, I could not find any IV
> references. May be I need to do more reading....
>
> Thanks,
> Eugen
>
> " Bob" <(E-Mail Removed)> wrote in message
> news:u6tcT%(E-Mail Removed)...
> > I have two questions hoping someone could give me some insights.
> >
> > I'm implementing an encryption solution using the RijndaelManaged class.
> > What I found very strange is that if I use a different IV on the

decrypte
> > end, a binary file (such as a zip file) decrypts without any problem,

but
> if
> > it's a text file, it adds some scrumbled characters at the beginning

even
> > though the rest of the file is decrypted without problem. Why does this
> > happen?
> >
> > Because of this issue, I need to have the same IV on both ends. I'd

like
> to
> > avoid managing another piece of cryptic data (in addition to the key),

I'm
> > thinking of using the key as the IV. I use a 256-bit key so I increased

> the
> > blocksize on my RijndaelManaged object to 256 and this actually speed up

> the
> > encryption process by about 10% when I tested with a file of 3 MB in

size.
> > This is good. However, I just don't know if using the same byte array

as
> > the key and the IV is a security concern, that is, whether it's easier

to
> > figure out the IV from the encrypted data. Because if so, then my key

is
> > also exposed.
> >
> > Thanks a lot for any suggestions.
> > Bob
> >
> >

>
>



 
Reply With Quote
 
Valery Pryamikov
Guest
Posts: n/a
 
      05-12-2004
Bob,
AFAIK, using key as IV doesn't increase risk of key being compromised, but
it demeans use of chaining and feedback modes (which is to generate
different cipher from the same text by using different IV). If using fixed
IV-KEY pair is your intention - then you can also consider switchig to ECB
for better performace. Chaining and Feedback modes with fixed IV-KEY pair
will just use more processor cycles, but only insignificantly (if at all)
increase cipher strength.

-Valery.

http://www.harper.no/valery


" Bob" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Valery:
>
> Thanks for the reply. I understand IV can be plain text and what it does.
> My question is, if I use the key as the IV (so I don't have to send the IV
> as an added baggage or store it on both ends), whether this would add
> security risks.
>
> I need to keep the key on both ends anyway, so it's convenient to use it
> as
> the IV. but if the convenience brings risks, then I probably shouldn't do
> it.
>
> Bob
>
> "Valery Pryamikov" <(E-Mail Removed)> wrote in message
> news:e$(E-Mail Removed)...
>> Hi Bob,
>> you don't need to encrypt IV - just send it in plain text prepended to
>> cipher text.
>> The point is that you can use different IV with the same encryption

> session
>> key for encrypting multiple packages, thus producing different cipher
>> text
>> even if plain text was the same.
>> IV is used differently depending on modes of operations. ECB - no effect,
>> CBC XORes every previous cipher block with next plain text block before
>> encrypting it, IV is used as the block 0. CFB and OFB uses IV as starting
>> block when generating cipher stream and use previous cipher block for
>> generating next keystream block.
>>
>> -Valery.
>> http://www.harper.no/valery
>>
>> " Bob" <(E-Mail Removed)> wrote in message
>> news:u6tcT%(E-Mail Removed)...
>> >I have two questions hoping someone could give me some insights.
>> >
>> > I'm implementing an encryption solution using the RijndaelManaged
>> > class.
>> > What I found very strange is that if I use a different IV on the

> decrypte
>> > end, a binary file (such as a zip file) decrypts without any problem,

> but
>> > if
>> > it's a text file, it adds some scrumbled characters at the beginning

> even
>> > though the rest of the file is decrypted without problem. Why does
>> > this
>> > happen?
>> >
>> > Because of this issue, I need to have the same IV on both ends. I'd

> like
>> > to
>> > avoid managing another piece of cryptic data (in addition to the key),

> I'm
>> > thinking of using the key as the IV. I use a 256-bit key so I
>> > increased
>> > the
>> > blocksize on my RijndaelManaged object to 256 and this actually speed
>> > up
>> > the
>> > encryption process by about 10% when I tested with a file of 3 MB in

> size.
>> > This is good. However, I just don't know if using the same byte array

> as
>> > the key and the IV is a security concern, that is, whether it's easier

> to
>> > figure out the IV from the encrypted data. Because if so, then my key

> is
>> > also exposed.
>> >
>> > Thanks a lot for any suggestions.
>> > Bob
>> >
>> >

>>
>>

>
>



 
Reply With Quote
 
Eugen Feraru
Guest
Posts: n/a
 
      05-12-2004
Thanks Alek for the detailed response!
Eugen

"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:emIl$(E-Mail Removed)...
> Eugen,
>
> IV is not Rijndael-specific. It is used by encryption algorithms which
> support cipher-block chaining (CBC). When an encryption algorithm, such as
> Rijndael, uses CBC, every block of plain text data is XORed with the
> previous (encrypted) block before it is encrypted. (This is considered a
> good encryption mode - i.e. better than CFB, EBC, etc., which do not need
> IV - because using different IV values the same plain text can be

encrypted
> with the same key producing different cipher text.) Anyway, as you might
> have guessed, when the first block of plain text is being encrypted, there
> is no previous block to XOR it with, so this is the purpose that IV

serves.
> IV is XORed with the first plain text block, then the result is encrypted.
> The encrypted block is then XORed with the second plain text block and the
> result is encrypted, and so on. Obviously, IV will be needed during
> decryption, but unlike the encryption key (or pass phrase from which the

key
> is derived), IV is not considered a sensitive value, so it is normally
> stored as plain text. I hope I made a bit it more clear for you.
>
> Alek
>
> "Eugen Feraru" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Bob,
> > I am looking at using the Rijndael algorithm, as well. Have you

understood
> > the need of using the IV? Reading the AES specs - Advance Encryption
> > Standard - based on the Rijndael algorithm, I could not find any IV
> > references. May be I need to do more reading....
> >
> > Thanks,
> > Eugen
> >
> > " Bob" <(E-Mail Removed)> wrote in message
> > news:u6tcT%(E-Mail Removed)...
> > > I have two questions hoping someone could give me some insights.
> > >
> > > I'm implementing an encryption solution using the RijndaelManaged

class.
> > > What I found very strange is that if I use a different IV on the

> decrypte
> > > end, a binary file (such as a zip file) decrypts without any problem,

> but
> > if
> > > it's a text file, it adds some scrumbled characters at the beginning

> even
> > > though the rest of the file is decrypted without problem. Why does

this
> > > happen?
> > >
> > > Because of this issue, I need to have the same IV on both ends. I'd

> like
> > to
> > > avoid managing another piece of cryptic data (in addition to the key),

> I'm
> > > thinking of using the key as the IV. I use a 256-bit key so I

increased
> > the
> > > blocksize on my RijndaelManaged object to 256 and this actually speed

up
> > the
> > > encryption process by about 10% when I tested with a file of 3 MB in

> size.
> > > This is good. However, I just don't know if using the same byte array

> as
> > > the key and the IV is a security concern, that is, whether it's easier

> to
> > > figure out the IV from the encrypted data. Because if so, then my key

> is
> > > also exposed.
> > >
> > > Thanks a lot for any suggestions.
> > > Bob
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
Hernan de Lahitte
Guest
Posts: n/a
 
      05-14-2004
Bob,

It's not a good idea tu resuse the same key / IV combo. An instresting
approach might be to derive a password with the "PasswordDeriveBytes" class
and generate a random salt. If you want some further details about password
generation check out this article:
http://blogs.msdn.com/shawnfa/archiv...14/113514.aspx.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

" Bob" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Valery:
>
> Thanks for the reply. I understand IV can be plain text and what it does.
> My question is, if I use the key as the IV (so I don't have to send the IV
> as an added baggage or store it on both ends), whether this would add
> security risks.
>
> I need to keep the key on both ends anyway, so it's convenient to use it

as
> the IV. but if the convenience brings risks, then I probably shouldn't do
> it.
>
> Bob
>
> "Valery Pryamikov" <(E-Mail Removed)> wrote in message
> news:e$(E-Mail Removed)...
> > Hi Bob,
> > you don't need to encrypt IV - just send it in plain text prepended to
> > cipher text.
> > The point is that you can use different IV with the same encryption

> session
> > key for encrypting multiple packages, thus producing different cipher

text
> > even if plain text was the same.
> > IV is used differently depending on modes of operations. ECB - no

effect,
> > CBC XORes every previous cipher block with next plain text block before
> > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

starting
> > block when generating cipher stream and use previous cipher block for
> > generating next keystream block.
> >
> > -Valery.
> > http://www.harper.no/valery
> >
> > " Bob" <(E-Mail Removed)> wrote in message
> > news:u6tcT%(E-Mail Removed)...
> > >I have two questions hoping someone could give me some insights.
> > >
> > > I'm implementing an encryption solution using the RijndaelManaged

class.
> > > What I found very strange is that if I use a different IV on the

> decrypte
> > > end, a binary file (such as a zip file) decrypts without any problem,

> but
> > > if
> > > it's a text file, it adds some scrumbled characters at the beginning

> even
> > > though the rest of the file is decrypted without problem. Why does

this
> > > happen?
> > >
> > > Because of this issue, I need to have the same IV on both ends. I'd

> like
> > > to
> > > avoid managing another piece of cryptic data (in addition to the key),

> I'm
> > > thinking of using the key as the IV. I use a 256-bit key so I

increased
> > > the
> > > blocksize on my RijndaelManaged object to 256 and this actually speed

up
> > > the
> > > encryption process by about 10% when I tested with a file of 3 MB in

> size.
> > > This is good. However, I just don't know if using the same byte array

> as
> > > the key and the IV is a security concern, that is, whether it's easier

> to
> > > figure out the IV from the encrypted data. Because if so, then my key

> is
> > > also exposed.
> > >
> > > Thanks a lot for any suggestions.
> > > Bob
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
Alek Davis
Guest
Posts: n/a
 
      05-14-2004
Or you can use an approach like this:
http://www.obviex.com/samples/EncryptionWithSalt.aspx.

Alek

"Hernan de Lahitte" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Bob,
>
> It's not a good idea tu resuse the same key / IV combo. An instresting
> approach might be to derive a password with the "PasswordDeriveBytes"

class
> and generate a random salt. If you want some further details about

password
> generation check out this article:
> http://blogs.msdn.com/shawnfa/archiv...14/113514.aspx.
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> http://weblogs.asp.net/hernandl
>
>
> This posting is provided "AS IS" with no warranties, and confers no

rights.
>
> " Bob" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Valery:
> >
> > Thanks for the reply. I understand IV can be plain text and what it

does.
> > My question is, if I use the key as the IV (so I don't have to send the

IV
> > as an added baggage or store it on both ends), whether this would add
> > security risks.
> >
> > I need to keep the key on both ends anyway, so it's convenient to use it

> as
> > the IV. but if the convenience brings risks, then I probably shouldn't

do
> > it.
> >
> > Bob
> >
> > "Valery Pryamikov" <(E-Mail Removed)> wrote in message
> > news:e$(E-Mail Removed)...
> > > Hi Bob,
> > > you don't need to encrypt IV - just send it in plain text prepended to
> > > cipher text.
> > > The point is that you can use different IV with the same encryption

> > session
> > > key for encrypting multiple packages, thus producing different cipher

> text
> > > even if plain text was the same.
> > > IV is used differently depending on modes of operations. ECB - no

> effect,
> > > CBC XORes every previous cipher block with next plain text block

before
> > > encrypting it, IV is used as the block 0. CFB and OFB uses IV as

> starting
> > > block when generating cipher stream and use previous cipher block for
> > > generating next keystream block.
> > >
> > > -Valery.
> > > http://www.harper.no/valery
> > >
> > > " Bob" <(E-Mail Removed)> wrote in message
> > > news:u6tcT%(E-Mail Removed)...
> > > >I have two questions hoping someone could give me some insights.
> > > >
> > > > I'm implementing an encryption solution using the RijndaelManaged

> class.
> > > > What I found very strange is that if I use a different IV on the

> > decrypte
> > > > end, a binary file (such as a zip file) decrypts without any

problem,
> > but
> > > > if
> > > > it's a text file, it adds some scrumbled characters at the beginning

> > even
> > > > though the rest of the file is decrypted without problem. Why does

> this
> > > > happen?
> > > >
> > > > Because of this issue, I need to have the same IV on both ends. I'd

> > like
> > > > to
> > > > avoid managing another piece of cryptic data (in addition to the

key),
> > I'm
> > > > thinking of using the key as the IV. I use a 256-bit key so I

> increased
> > > > the
> > > > blocksize on my RijndaelManaged object to 256 and this actually

speed
> up
> > > > the
> > > > encryption process by about 10% when I tested with a file of 3 MB in

> > size.
> > > > This is good. However, I just don't know if using the same byte

array
> > as
> > > > the key and the IV is a security concern, that is, whether it's

easier
> > to
> > > > figure out the IV from the encrypted data. Because if so, then my

key
> > is
> > > > also exposed.
> > > >
> > > > Thanks a lot for any suggestions.
> > > > Bob
> > > >
> > > >
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
501 PIX "deny any any" "allow any any" Any Anybody? Networking Student Cisco 4 11-16-2006 10:40 PM
WEP/WPA Key / Network Key...Cant connect ! =?Utf-8?B?SGVsbG8sV2lyZWxlc3MgaXMgQW5ub3lpbmc=?= Wireless Networking 1 09-20-2005 08:30 PM
Replace Tab Key to Return Key (Enter Key) from Web Forms? M P ASP General 1 08-06-2004 08:32 AM
custom key and hasmap using a ranged key Christian Bongiorno Java 1 06-15-2004 10:03 PM



Advertisments