AES-256 Encryption Best Practices

Brian Milby brian at milby7.com
Wed Jul 4 04:02:15 CEST 2018


 The problem is that with a known IV and the code, the next IV can be
predicted if using the random function. If the generator was reseeded every
time an IV was generated, that would remove the advance prediction issue. I
didn't mean that the first IV could be guessed.  Exploitation would be
difficult and I believe even requires the attacker to be able to inject
plain text to be encrypted.

On Jul 3, 2018, 1:24 PM -0400, Rick Harrison via use-livecode <
use-livecode at lists.runrev.com>, wrote:

Hi Brian,

I think it would be pretty hard to do based on the time.
One would have to do the calculation in advance and
hope that the program caught the server at exactly
the correct millisecond. As you also pointed out the
hacker would also have to have access to the code.

If you generate your own random seed with a counter
it should not count by 1’s. The step count ideally should
be random as well.

Good discussion!

Thanks,

Rick


More information about the use-livecode mailing list