AES-256 Encryption Best Practices

William Prothero waprothero at gmail.com
Tue Jul 3 20:39:24 CEST 2018


Brian,
Thank you for your wisdom on this issue. I’m very interested in your recommendations and they are inspiring me to do more Internet research.

Just asking...
You said that the attacker could figure out the next iv. Since I append the iv to the front of the encrypted data, the attacker will always know the iv, correct? As I understand, the iv is used to obfuscate the encrypted data so it is more difficult for the attacker to decrypt the AES encrypted data. A random iv is used so the attacker can’t get the key by entering specific patterns of data and using the results.

Darn, this is complicated! I can see why there are so many opinions. I read that some folks recommend that the iv be secret and others don’t. When I look at the online discussions on stackoverflow, every comment is responded to with a different suggestion, and I have no idea whether the commenter knows what he/she is talking about. There is also out of date information to contend with. I also remember the horrible bug found in ssh encryption. AES was developed and released November, 2001 and a lot of the discussions are older.

I think the basic thing we hope for is that the attacker doesn’t have the key, and we need to do everything possible to keep it from determining the key. The attacker can still decrypt with a brute force method that tries all possible keys, but that’s probably rare in most cases, but possible.

I will modify the php to generate a new iv for the return data and look into the way I set the randomseed using the milliseconds.

Thanks again,
Bill

William Prothero
http://earthlearningsolutions.org

> On Jul 3, 2018, at 9:31 AM, Brian Milby <brian at milby7.com> wrote:
> 
> I just put the PHP on my server and it was able to handle the randombytes IV without issue.
> 
> The demo does not generate a new IV for the returned data which it really should in production.
> 
> From a security perspective, you assume that an attacker has access to the code. From the encrypted message, an attacker could figure out your next IV.
>>> 



More information about the use-livecode mailing list