Rijndael管理:四代? [英] RijndaelManaged: IV Generation?
问题描述
我想在我的应用程序中实现最安全,最可靠的对称密钥加密技术。用户应该输入密码加密/解密,这就是所有。对于RijndaelManaged,必须输入密钥和IV。我不知道如何解决这种情况。现在,我输入的密码被SHA256散列,然后被用作Rijndael的密钥。我使用什么IV?另一个密码?
I want to implement the most secure, and most reliable form of symmetric key cryptography in my application. The user should input a password to encrypt/decrypt, and that's all. For RijndaelManaged, one must enter a key and an IV. I'm not sure how to address the situation. Right now, I have the entered password being hashed by SHA256 and then being used as the key for the Rijndael. What do I use for the IV? Another password?
推荐答案
您可以使用 GenerateIV (覆盖 RijndaelManaged )生成IV。然后,您可以将IV与密码文本一起传输。你可以认为一个IV的行为有点像一个盐 - 基本上它防止相同的明文被加密到相同的密文每次。不要重复使用IV - 这使它毫无意义。为每封邮件生成一个新邮件。
You can use GenerateIV (overridden in RijndaelManaged) to generate the IV. You can then transmit the IV along with the cyphertext. You can think of an IV as acting a bit like a salt - basically it prevents the same plaintext from being encrypted to the same cyphertext each time. Don't reuse an IV - that makes it pointless. Generate a new one for each message.
这篇关于Rijndael管理:四代?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
