How to AES Encrypt in .NET without an IV
We have a legacy part of our Classic ASP application that use some code which is supposed to encrypt/decrypt strings with Rijndael (AES). This code was found on the Internet here (Rijndael AES Block Cipher (VB Version)). I already found a question on SO that references this exact library and which ask almost the same thing as me, but I suspect at least one thing that goes wrong (other than adding the length of the data to encrypt at the beginning of the bytes array). The vbScript implementation does not look like to add an IV at all to the data to encrypt. So, I am not able to match the same encryption with RijndaelManaged since it :
- automatically generates a different IV every time
- absolutely requires an IV
Does someone knows if it is possible to AES encrypt something in .Net without specifiying an IV (empty) ?
Both the code you are using and the solution to your problem are completely insecure. First, *YOU SHOULD NOT UNDER ANY CIRCUMSTANCES USE A CRYPTO LIBRARY SOME RANDOM GUY WROTE * Period, end of story. Both windows and .net have trusted, vetted, encryption libraries. They don't have things like timing attack issues, out right backdoors, or just moronic things that would be attempted by no one who knew anything about crypto.
Case in point, the library you mention, appears to only support ECB mode. This is completely insecure and no one who knew what they were doing would do it. Although there are a bunch of reasons for it, the best demonstration fo why not to do it is this :
This is an ecb encrypted picture of the linux penguine. Not very secure is it?
- Error publishing Blazor Webassembly with AOT (.Net 8.0) - Error : Precompiling failed for "aot-instances.dll" with exit code 1. Can not open image
- WebBrowser control: "Specified cast is not valid."
- .Net Framework You must add a reference to assembly mscorlib, Version=4.0.0.0
- How to auto increment the version (eg. “1.0.*”) of a .NET Core project?
- Calling ConnectAsync to a ClientWebSocket exits the method with no exception
- .NET API Update Includes ID
- Found conflicts between System.Net.Http
- How do I run EF Core ExecuteUpdateAsync and add a new entity as part of that update?
- Error : relation "OutboxState" does not exist
- Azure Devops - YAML - not reading .net version from props file
- MudDialog is unresponsive when opened from an external class
- Rotating portfolio of several websites
- How to disable all logging info to the spark console from .net application
- RouteValueDictionary ignores empty values
- When should you use the as keyword in C#
- run e edited dont rededit its danger
- Loading Iron Ruby DSL files on demand
- Connect from local machine to aws MSK
- How can I display a DateTimePicker in a DataGridView?
- .NET Arrays datatypes
- Convert file path to a file URI?
- .NET Core 3.1 GoogleSignIn -The authentication handler registered for scheme 'Bearer' is 'JwtBearerHandler' which cannot be used for SignInAsync
- How to record high quality videos with Windows Media Encoder in C#
- How to receive handle of second Monitor / Desktop
- Is there a way to create an immutable (read-only) XDocument?
- C# API - Provide download of files from Azure Blobstorage
- Zip Azure Storage Files and Return File from Web API returns corrupted files when unzipped
- When is it worth using a BindingSource?
- Unable to load 'Microsoft.Data.ConnectionUI" for DataConnectionDialog use
- Json Deserialization parsing non valid Json object