2

We have a legacy part of our Classic ASP application that use some code which is supposed to encrypt/decrypt strings with Rijndael (AES). This code was found on the Internet here (Rijndael AES Block Cipher (VB Version)). I already found a question on SO that references this exact library and which ask almost the same thing as me, but I suspect at least one thing that goes wrong (other than adding the length of the data to encrypt at the beginning of the bytes array). The vbScript implementation does not look like to add an IV at all to the data to encrypt. So, I am not able to match the same encryption with RijndaelManaged since it :

  1. automatically generates a different IV every time
  2. absolutely requires an IV

Does someone knows if it is possible to AES encrypt something in .Net without specifiying an IV (empty) ?

Community
  • 1
  • 1
MaxiWheat
  • 6,133
  • 6
  • 47
  • 76
  • I don't understand the question 100%. Why do you need to match the encryption? (it usually only matters that the decryption works, not that the same data encrypted multiple times looks the same when encrypted). – Steve Campbell Apr 24 '12 at 23:56
  • Actually, the Classic ASP application is encrypting and decrypting AES strings, but mostly decrypting strings coming from the .Net application. So I need to encrypt with AES in .Net, and be able to decrypt that string in Classic ASP with the vbScript implementation of AES provided (which seems to not support IV) since vbScript does not support AES natively. – MaxiWheat Apr 25 '12 at 00:29

3 Answers3

6

Both the code you are using and the solution to your problem are completely insecure. First, *YOU SHOULD NOT UNDER ANY CIRCUMSTANCES USE A CRYPTO LIBRARY SOME RANDOM GUY WROTE * Period, end of story. Both windows and .net have trusted, vetted, encryption libraries. They don't have things like timing attack issues, out right backdoors, or just moronic things that would be attempted by no one who knew anything about crypto.

Case in point, the library you mention, appears to only support ECB mode. This is completely insecure and no one who knew what they were doing would do it. Although there are a bunch of reasons for it, the best demonstration fo why not to do it is this :

enter image description here

This is an ecb encrypted picture of the linux penguine. Not very secure is it?

imichaelmiers
  • 3,449
  • 2
  • 19
  • 25
  • 1
    There are applications where ECB is secure and appropriate. – erickson Apr 25 '12 at 17:52
  • Very very few and very specific things that are not likely what a simple web service does, but yes they exist. However, writing a crypto library that only supports that is pretty much amateur hour. – imichaelmiers Apr 25 '12 at 17:55
  • 1
    Writing a crypto library yourself is pretty much amateur hour. – erickson Apr 25 '12 at 18:01
  • Crypto library I use in classic asp is (if I trust comments written in the source) a vbscript adaptation of a C implementation of AES – MaxiWheat Apr 25 '12 at 21:23
  • Even if you did trust those comments, which you shoudln't, where did the C code come from? Who wrote a library (in c or vb) that only supports ECB mode. Anyone who really knew what they were doing would probably support other modes. Which leaves two possibilities, you have an incomplete port of the C library, in which case what else did they leave out. Or the c library only supported ECB mode. In wich case, you're back to square one because its author was likely not that good. – imichaelmiers Apr 25 '12 at 22:17
  • Great ECB mode with Padding = true fixed my issue and so now both libraries match their results. Thank you – MaxiWheat Apr 26 '12 at 12:19
  • Oops, I mean Padding = PaddingMode.Zeros – MaxiWheat Apr 27 '12 at 13:33
  • 1
    Great Jeff Atwood quote: "I honestly did not realize that it was possible to pick a cipher mode that did not do some kind of block chaining! CipherMode.ECB? More like CipherMode.Fail!" – JoelFan Jun 06 '12 at 20:46
2

No you cannot encrypt anything in CBC mode without an IV. You may however explicitly set the IV to al zero's. As the IV is XOR'ed with the first plain block, setting the IV to all zero's is equivalent to not having an IV.

This is just an answer to your question, you might want to heed all the other security advice given to you so far. You might also want to check if the code is actually using CBC mode encryption that requires an IV.

An IV for CBC mode encryption is always exactly one block in size (16 bytes for AES, but use a getBlockSize() method whenever available.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
1

Explicitly set the Mode property of your cipher to ECB.

ECB is unsafe unless the plain texts you are encrypting are short, random, unique strings. It's useful, for example, to encrypt a session key or another cryptographic key.

erickson
  • 265,237
  • 58
  • 395
  • 493