I am implementing a bit of security in a system that was originally built without encryption on a specific piece of data. The plan was to encrypt this piece of data and include it as part of the response in a web service. But this data is plainly available in the front end so the user could easily see the plain value and its encrypted value. How hard is it to derive the key and iv? I think it would be too easy to be comfortable with. Am I right? Is there any security worth doing if they can always see the plain value?
Asked
Active
Viewed 277 times
1 Answers
0
Are you using CBC mode? AES-CBC is supposed to be secure against known-plaintext attack, as long as you are using different random IVS with different messages. The encryption key would remain a secret even if the attacker knows the IV, plain text, and the encrypted message.
user12480
- 293
- 2
- 9