The counter must return the same on decryption as it did on encryption, as you intuit, so, one (NOT SECURE AT ALL) way to do it is: >>> secret = os.urandom(16) >>> crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret) >>> encrypted = crypto.encrypt(“aaaaaaaaaaaaaaaa”) >>> print crypto.decrypt(encrypted) aaaaaaaaaaaaaaaa CTR is a block cipher, so the “16-at-a-time” constraint … Read more
For posterity I’m placing the fully completed solution here. C# Encryption Class public static class Encryption { public static string Encrypt(string prm_text_to_encrypt, string prm_key, string prm_iv) { var sToEncrypt = prm_text_to_encrypt; var rj = new RijndaelManaged() { Padding = PaddingMode.PKCS7, Mode = CipherMode.CBC, KeySize = 256, BlockSize = 256, }; var key = Convert.FromBase64String(prm_key); var … Read more
AES is a United States federal standard, FIPS 197, which is a subset of Rijndael: AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 … Read more
Please use an existing secure PHP encryption library It’s generally a bad idea to write your own cryptography unless you have experience breaking other peoples’ cryptography implementations. None of the examples here authenticate the ciphertext, which leaves them vulnerable to bit-rewriting attacks. If you can install PECL extensions, libsodium is even better <?php // PECL … Read more
Foreword Starting with your table definition: – UserID – Fname – Lname – Email – Password – IV Here are the changes: The fields Fname, Lname and Email will be encrypted using a symmetric cipher, provided by OpenSSL, The IV field will store the initialisation vector used for encryption. The storage requirements depend on the … Read more
Important: Unless you have a very particular use-case, do not encrypt passwords, use a password hashing algorithm instead. When someone says they encrypt their passwords in a server-side application, they’re either uninformed or they’re describing a dangerous system design. Safely storing passwords is a totally separate problem from encryption. Be informed. Design safe systems. Portable … Read more
Before you do anything further, seek to understand the difference between encryption and authentication, and why you probably want authenticated encryption rather than just encryption. To implement authenticated encryption, you want to Encrypt then MAC. The order of encryption and authentication is very important! One of the existing answers to this question made this mistake; … Read more