Encrypted strings AES 256 CBC always changes - SOLVED

[liveme]

Hi everyone,

I'm wondering if I am missing something when :

a) I'm returned an encrypted string that starts with the same 10 caracters..
- Is that a normal thing or something is missing or wrong in the Encryption setting ?

b) Eventhough I dont change the data content to be crypted, the encryption resulting string will change each time - and encrypted chains is the correct one.

So I would say that the Encryption/decryption tasks seems to run fine.
(always retreives the same input string from the start).

What "worries" me is that the encription string returns always start with the same sequence of car : "U2FsdGVkX1" followed by a string that changes...

Code: Select all

on doEnCryptData
   # ENCRYPTING AND ENCODING DATA
   put "ABCDEF" into InPassword
   put "345345" into InputData
   encrypt InputData using "aes-256-cbc" with password InPassword
   put base64Encode(It) into Field "Resu"
end doEnCryptData

any different behavior/setting on your side is welcomed !
Thanks

[EddieLee]

Hi,

Here are some links that I think might help you out and is beneficial for you!

https://livecode.fandom.com/wiki/Encrypt
https://livecode.fandom.com/wiki/Encrypt_using_rsa

Hope it helps!

[jacque]

I think the leading characters are the salt value which is calculated by LC if you don't provide your own. It doesn't contain any of the actual data, it's just a value that allows decryption while preventing dictionary attacks. It can't be used on its own to decrypt.

[liveme]

i've changed my code to the one pointed in Eddie's suggested link... and results came out a bit quite different..
a) produces much shorter encrypted strings
b) first characters now never get repeated

...so it kind of feel better using this disctinct formula
so if any other users running a similar stuff on their own could let us know if the "crypting process seems" to be set properly..
.so as to use in production mode.

Beside : about TLS
*TLS DOES use a good level of security but it was interesting to learn that once a connection is established, a man in the middle, can still potentialy intercepts all the SLL packet strings "in clear" hence...only some encrypted column could make life harder...and if nothing was encrypted..than all your data seems to transit in Clear (which I though TLS would "never" let this to happen - dahh..we learn every day, nehh ?!!!)

Will post new code below soon...(missing the decrypting button script still)

[liveme]

here are both script I'd like to - secure check : working in aes-128 :
*extra 64Encoding is also required for this case.

encrypting

Code: Select all

on doEnCryptData
   # ENCRYPTING AND ENCODING DATA
   put "4561234567890123" into tKeyHex 
   put "6543210987654321" into tIVHex
   put "ThIsIsOurSeaCreetDah" into InputData
   encrypt InputData using "aes-128-cbc" with key tKeyHex and IV tIVHex at 128 bit
   put base64Encode(It) into Fld "Resu"
end doEnCryptData

decrypting

Code: Select all

on doDeCryptData
   # DECRYPTING AND DECODING DATA
   put "4561234567890123" into tKeyHex 
   put "6543210987654321" into tIVHex
   put field "Resu" into OutputData
   put base64Decode(OutputData) into CodeData
   decrypt CodeData using "aes-128-cbc" with key tKeyHex and IV tIVHex at 128 bit
   put it into field "Resu"
end doDeCryptData

* beside if s/o has any clue how to use : decrypt CodeData using "aes-256-cbc" - instead ?
reply also wellcomed

[liveme]

I think the leading characters are the salt value which is calculated by LC

...assuming that these are some LC Salt value :
- Does it make sens that : for the same InputValue...;the Cypher would generates many distinct values (following the salt string) ?
(although it could be some wanted results to make crypted Output even more secure... )

[liveme]

finally...AES-256-CBC "funny results".. SOLVED !

so, yes, the result should not changed when using the sam input. It probably was dong that with AES256 due to the inacurate Key lenght !
... some Online Enbcrypting tool helped a lot in setting AND Checking this all !

see : www devglan com online-tools aes-encryption-decryption

PS : missconfigured AES could be used to generate Ramdom Strings !!!