The way to determine IV for AES encryption, possible security problems with this approach

Clash Royale CLAN TAG#URR8PPP

up vote
2
down vote

favorite

I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:

echo $RANDOM | md5sum | cut -d' ' -f1 > iv

and then using it:

openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc

Assuming that echo $RANDOM returns good random value, then I use md5sum on that value, and md5sum has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?

openssl aes md5 bash

share|improve this question

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
  – Gilles
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
2
down vote

favorite

I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:

echo $RANDOM | md5sum | cut -d' ' -f1 > iv

and then using it:

openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc

Assuming that echo $RANDOM returns good random value, then I use md5sum on that value, and md5sum has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?

openssl aes md5 bash

share|improve this question

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
  – Gilles
  1 hour ago
  

  
  
  
  

add a comment | 

up vote
2
down vote

favorite

up vote
2
down vote

favorite

I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:

echo $RANDOM | md5sum | cut -d' ' -f1 > iv

and then using it:

openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc

Assuming that echo $RANDOM returns good random value, then I use md5sum on that value, and md5sum has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?

openssl aes md5 bash

share|improve this question

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:

echo $RANDOM | md5sum | cut -d' ' -f1 > iv

and then using it:

openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc

Assuming that echo $RANDOM returns good random value, then I use md5sum on that value, and md5sum has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?

openssl aes md5 bash

openssl aes md5 bash

share|improve this question

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

share|improve this question

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

share|improve this question

share|improve this question

edited 24 mins ago

edited 24 mins ago

edited 24 mins ago

asked 2 hours ago

stackoverflower

215

asked 2 hours ago

stackoverflower

215

asked 2 hours ago

stackoverflower

215

215

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
  – Gilles
  1 hour ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
  – Gilles
  1 hour ago
  

  
  
  
  

3

3

I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
– Gilles
1 hour ago

I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
– Gilles
1 hour ago

add a comment | 

2 Answers
2

active

oldest

votes

up vote
3
down vote

Assuming that echo $RANDOM returns good random value…

It does not. $RANDOM in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

add a comment | 

up vote
2
down vote

... md5sum has collision weaknesses, so assume that there is some security problem with that,

Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196311%2fthe-way-to-determine-iv-for-aes-encryption-possible-security-problems-with-this%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote

Assuming that echo $RANDOM returns good random value…

It does not. $RANDOM in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

add a comment | 

up vote
3
down vote

Assuming that echo $RANDOM returns good random value…

It does not. $RANDOM in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

add a comment | 

up vote
3
down vote

up vote
3
down vote

Assuming that echo $RANDOM returns good random value…

It does not. $RANDOM in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

Assuming that echo $RANDOM returns good random value…

It does not. $RANDOM in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

share|improve this answer

share|improve this answer

edited 1 hour ago

edited 1 hour ago

edited 1 hour ago

answered 1 hour ago

duskwuff

79149

answered 1 hour ago

duskwuff

79149

answered 1 hour ago

duskwuff

79149

79149

add a comment | 

add a comment | 

up vote
2
down vote

... md5sum has collision weaknesses, so assume that there is some security problem with that,

Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

add a comment | 

up vote
2
down vote

... md5sum has collision weaknesses, so assume that there is some security problem with that,

Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

add a comment | 

up vote
2
down vote

up vote
2
down vote

... md5sum has collision weaknesses, so assume that there is some security problem with that,

Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

... md5sum has collision weaknesses, so assume that there is some security problem with that,

Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

share|improve this answer

share|improve this answer

edited 1 hour ago

edited 1 hour ago

edited 1 hour ago

answered 1 hour ago

Steffen Ullrich

109k12190254

answered 1 hour ago

Steffen Ullrich

109k12190254

answered 1 hour ago

Steffen Ullrich

109k12190254

109k12190254

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196311%2fthe-way-to-determine-iv-for-aes-encryption-possible-security-problems-with-this%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email