How should I derive the key and initialization vector for my AES encrypted database entries?

Error processing SSI file

Answers

  1. Kannon

    • 2018/10/8

    The salt should be a randomly generated value. Its purpose is to make dictionary/brute force attacks more difficult to execute. Wikipedia has a nice article on cryptographic salts: http://en.wikipedia.org/wiki/Salt_(cryptography)

    For the shared secret ideally it would not be a value that was stored unencrypted with the data that it was encrypting (such as your ids). It's generally a best practice that the key be chosen somehow by the end-user or admin so that they could rotate it periodically or if some sort of security breach occurred. This password key could be owned by each user of the CMS or perhaps by an admin account. If you have very serious security requirements you could pursue a third-party Key Management Server.

    If the main goal here is more of obfuscation and the CMS will not be subject to some form of security audit then something along the lines of your initial idea would do. It would prevent the casual access of the data but would probably not pass an audit against formal standards that would require a random salt, a way to rotate the keys, and a way for the "owner" of the system to change the password such that you yourself could not access the data.

  2. Brooks

    • 2018/1/7

    So I'm using the AESManaged class to symmetrically encrypt this sort of data prior to it going into our application db. All is fine, but now, prior to release, 

  3. Oscar

    • 2021/10/17

    My original idea was to make a (dynamic) shared secret by combining the (GUID-based) ID of the Form containing the encrypted field with the (again, GUID-based) id of the Question the field is the answer to: FormId:QuestionId My Salt is currently generated the same way, only with the order of Guids reversed ie. QuestionID:FormID.

  4. Dawson

    • 2017/7/8

    . This number, also called a nonce, is employed only one time in any session.

  5. Reginald

    • 2018/2/17

    As replacement for the Hardware-ID based Key I'd suggest either storing the key (plain - not recommended) on the USB-Stick, or only use a password (+ scrypt) or store the key encrypted (AES-GCM+scrypt) on a stick. You might want to consider generating a key for each file you encrypt and storing this key (+IV) as a "header" for the encrypted file.

  6. Jamari

    • 2016/11/2

    , even with the same secret key, will not always result in the same encrypted value. This is an added security layer.

  7. River

    • 2018/4/18

    The only way that using AES for encrypting passwords makes sense is if the key is derived from the password (via appropriate key stretching). I.e. a (hopefully) different key for each user. – symcbean

  8. Tony

    • 2021/6/30

    Salt value along with it. Then, when you need to decrypt the value, lookup the key/iv pair using the id and the salt stored with the data. You'd want to make sure you have a good security model around the key storage.

  9. Bentlee

    • 2019/2/24

    Initialization Vector (IV) in AES (CBC) Posted on. May 27, 2016 by Nikolai Samteladze. Initialization Vector (IV) is a binary sequence used by block ciphers in most modes of operation. This post serves as a quick overview of how IV is used in one of the most popular Cipher Block Chaining mode. So where does IV come from?

  10. Sutton

    • 2016/10/14

    fixed key, the encryption function is a bijection; than the block size are encrypted, very important properties and that random IV's are used.

  11. Hunter

    • 2015/5/4

    A blockcipher like AES is a keyed permutation. In the case of AES it takes a key and then turns a 16 byte block into another 16 byte block deterministically. To encrypt something with a block-cipher you need to use a mode of operation. Typically those modes take an IV (similar to a salt) which should be different for each message you encrypt.

  12. Walker

    • 2018/7/6

    vector (IV) and encrypts the data using JCE's AES-256 implementation. key material used to derive the data encryption key are saved in the database.

  13. Ismael

    • 2019/11/17

    A key, in the context of symmetric cryptography, is something you keep secret. Anyone who knows your key (or can guess it) can decrypt any 

  14. Kian

    • 2019/5/21

    AES Password-based encryption – (The secret key will derive from a AES-GCM inputs - 12 bytes IV, need the same IV and secret keys for 

  15. Lambert

    • 2020/4/29

    Round keys are derived from the user-supplied encryption key.] third row by two bytes to the left; and (iv) circularly shifting.

  16. Phillips

    • 2021/7/15

    The IV size depends on the cryptographic primitive used; for block ciphers it is generally the cipher's block-size. In encryption schemes, the unpredictable 

Comments are closed.

More Posts