0

How do you use CBC and HMAC?

I couldn't find enough information on the internet.

How do you get the IV? How would you know what it is when you need to decrypt later? (Wouldn't putting it in the database defeat the purpose?)

What is HMAC, and is it protected from hacking?

The encrypted text stays in the database. If someone hacks into the database, they would probably have access to the file manager too, unless they found a way to do SQL injection. How would the script know which IV and key to use, that the hacker wouldn't know?

What is the best method to use when encrypting multiple paragraphs of text, which will only be seen within the website by the user who wrote it? (The user always views it as plain text.)

I use ECB now (the website has not yet been released for beta) but I've heard that CBC is much more secure.

Anon
  • 45
  • 1
  • 6

1 Answers1

3

The main purpose of an IV is to be different for each encryption. It's not secret. It's standard to create a random IV for each encryption, and store it as a prefix of the ciphertext.

HMAC is a MAC, and it ensures that only messages created by somebody who knows the key are accepted as valid. It's important to apply the MAC after encryption and to include the IV. i.e. HMAC(IV+Encrypt(...)), and thus verify it before decryption. This avoids certain attacks, such as padding oracles.

It's also worth a consideration to use an authenticated encryption mode, such as AES-GCM, which combines authentication and encryption in a secure way. Just make damn sure you never reuse an IV in that case.

Where to store the key is a difficult question, and very application dependent. As you noticed, storing the key on the same system as the database does not gain you much.

Sometimes it's a good idea to derive the key from the user's password, using a slow KDF with a salt, such as PBKDF2. Sometimes you can store it on the client. Sometimes you can store it on a different server with smaller attack surface.

To figure out where to store it, you need clear requirements and a threat model.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262