Playing with AES encryption and I want to ask what happens if we use the IV like a "Password", but it is chosen less 16 Bytes from the user :-/
From the examples:
// Set the IV to a known value that will be used on both sides. // (If desired, you could generate a random IV and protect it in the same // way as the key...) // The length of the IV for AES is always 16 bytes, regardless of the key size. crypt.SetEncodedIV("000102030405060708090A0B0C0D0E0F","hex");
If the encryption needs 16 bytes, then you must give it 16 bytes. You could hash the supplied password using MD5+salt to get a 16-byte IV for any input. The salt is there to help protect against rainbow dictionary attacks. For example, this air-code:
input = "user supplied pass"; md5 = md5hex("random salt" + input); crypt.SetEncodedIv(md5, "hex");
Thanks jpbro. Yes, that is a good solution. If you don't give it the full 16 bytes, or if you give it garbage, such as this: crypt.SetEncodedIV("Password","hex"); -- which is garbage because "Password" is not valid hex, then you're open to undetermined results. When doing any sort of cryptography, always be exact and don't leave anything to chance..