03 June, 2024

Generating AES IV from Rfc2898DeriveBytes

           No comments   

I am using Rfc2898DeriveBytes to generate an AES key and iv. However, I heard that the iv should not be dependent on the password. Here's how I'm doing it right now:
byte[] salt = GenerateRandomBytes(32); // Generates 32 random bytes
using (Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(plainStrPassword, salt)) {
byte[] aesKey = rfc.GetBytes(32);
byte[] iv = rfc.GetBytes(16); // Should I do this or generate it randomly?
}



My question: Is it OK (secure) to generate the iv from Rfc2898DeriveBytes? Or should I generate it randomly using RNGCryptoServiceProvider?

0 comments:

Post a Comment

Thanks

Meta

Popular Posts

  • Crawl and Index Your Website with Laravel Site Search
      Laravel Site Search   is a package by Spatie to create a full-text search index by crawling your site. You can think of it as a private Go...
  • JqueryUI - Show
    JqueryUI - Show, JqueryUI,  This chapter will discuss the show() method, which is one of the methods used to manage jQueryUI visual effe...
  • Tailwindcss best practices for responsive design
    Tailwind CSS provides powerful utilities for responsive design out of the box. To use it effectively and maintain clean, scalable code, here...
  • WordPress Table
    WordPress Table WordPress table is an easy way to show the data in the table format. In the past, we had used the HTML code or table plugin ...
  • Multipart file is not present in SB3
    Since the update on Spring Boot 3, my multipart endpoint has stopped working. I tried every post on the stackOverflow but it was not helping...

Categories

Social Media Links

Blog Archive

Laravel News

Loading...