The way to determine IV for AES encryption, possible security problems with this approach
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:
echo $RANDOM | md5sum | cut -d' ' -f1 > iv
and then using it:
openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc
Assuming that echo $RANDOM
returns good random value, then I use md5sum
on that value, and md5sum
has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl
. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?
openssl aes md5 bash
add a comment |Â
up vote
2
down vote
favorite
I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:
echo $RANDOM | md5sum | cut -d' ' -f1 > iv
and then using it:
openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc
Assuming that echo $RANDOM
returns good random value, then I use md5sum
on that value, and md5sum
has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl
. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?
openssl aes md5 bash
3
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:
echo $RANDOM | md5sum | cut -d' ' -f1 > iv
and then using it:
openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc
Assuming that echo $RANDOM
returns good random value, then I use md5sum
on that value, and md5sum
has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl
. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?
openssl aes md5 bash
I am trying to make a folder encryption with maximum automation (except password input).
Inside a bash script I do the following:
echo $RANDOM | md5sum | cut -d' ' -f1 > iv
and then using it:
openssl aes-128-cbc -md sha256 -iv $(cat iv) -in folder.7z -out folder.7z.enc
Assuming that echo $RANDOM
returns good random value, then I use md5sum
on that value, and md5sum
has collision weaknesses, so I assume that there is some security problem with that, but this is the way I found of how to produce a correct iv string for openssl
. Can someone point what exactly can be a problem with this approach, and may be give an advice how to produce a pseudo-random iv in a better way?
openssl aes md5 bash
openssl aes md5 bash
edited 24 mins ago
asked 2 hours ago
stackoverflower
215
215
3
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago
add a comment |Â
3
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago
3
3
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
Assuming that
echo $RANDOM
returns good random valueâ¦
It does not. $RANDOM
in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.
add a comment |Â
up vote
2
down vote
... md5sum has collision weaknesses, so assume that there is some security problem with that,
Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Assuming that
echo $RANDOM
returns good random valueâ¦
It does not. $RANDOM
in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.
add a comment |Â
up vote
3
down vote
Assuming that
echo $RANDOM
returns good random valueâ¦
It does not. $RANDOM
in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Assuming that
echo $RANDOM
returns good random valueâ¦
It does not. $RANDOM
in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.
Assuming that
echo $RANDOM
returns good random valueâ¦
It does not. $RANDOM
in bash is implemented using a LCRNG with 32 bits of state and a 15-bit output.
edited 1 hour ago
answered 1 hour ago
duskwuff
79149
79149
add a comment |Â
add a comment |Â
up vote
2
down vote
... md5sum has collision weaknesses, so assume that there is some security problem with that,
Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.
add a comment |Â
up vote
2
down vote
... md5sum has collision weaknesses, so assume that there is some security problem with that,
Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
... md5sum has collision weaknesses, so assume that there is some security problem with that,
Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.
... md5sum has collision weaknesses, so assume that there is some security problem with that,
Collision attacks are irrelevant here. All what matters is that the IV used is in no way predictable (i.e. no bias - all outputs have the same probability) and the same IV is not used with the same input. For more see How do poor-quality initialization vectors affect the security of CBC mode?.
edited 1 hour ago
answered 1 hour ago
Steffen Ullrich
109k12190254
109k12190254
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196311%2fthe-way-to-determine-iv-for-aes-encryption-possible-security-problems-with-this%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
I don't have time to write an answer now but there are many problems with your code. The openssl command line is only designed for tests, not for production use, and it's very difficult to use it correctly. Use a tool design for this purpose, such as zip or 7z's encryption feature, or gpg.
â Gilles
1 hour ago