locked
Encryption - question about IV RRS feed

  • Question

  • I have been researching about encryption and i have some questions. I know that for Symmetric encryption it required 2 items, the key and the IV. And I know that the key is like a password must be kept secret.

    What I’m confused is that the IV, can I hard code the IV's value in my program, so that it can be use over and over again?

    Is it safe to hard code that IV or that the way it's? 

    Can the encrypted file be compromised if someone know the IV but don’t have the key (password)?

    Thanks.

    Wednesday, March 14, 2007 11:25 PM

Answers

  • I suggest not to hard code the IV but to generate using two or more un-encrypted values in your dataset.  The same with the password.  Use a seed value form an unencrypted unchangeable fields to generate a password with the user entered password.

    The answer to your last question.  Any thing can be cracked it just a matter of time.   Control how long a person has access is the way to keep it safe.

     

    Example:  Use the logon id and the users birthdate.  Neather will ever be changed, without creating a new record hence a new encryption.  Do the same with password.  User entered password + First two numbers of the userid + day born + date hired  =====  To hash.

    Never send IV or password over the network always use a hash to compair.

     

    Thursday, March 15, 2007 6:43 PM