I am using AES algorithm for encryption and decryption of password when the PasswordFormat is Encrypted for the asp.net membership system. If the format was Hashed i would generate unique salted value for each password and store it in a column in the table where password is stored. But for encryption it is different i am worrying about below
1
If i generate unique IV, Key for each password then i have to maintain them somewhere. Is this correct approach from point of security?
2
If i HardCode IV and Key in application configuration(web.config) file then there i will have to worry about what happens when any of the above pair changes? How should i handle this situation?
3
Give me your ideas for what i should do. i will put them here 🙂
Answers:
No, there is no need for a unique key per password – and it would not be useful as your key would have to be stored somewhere. You might as well store the password in that safe system.
You should not store the key in the same system with the same access conditions as the password. This would make encrypted storage futile. You should put the key somewhere else protected against abuse, and perform the encryption within that system.
You are much better off choosing a function such as PBKDF2 and store the result of that. Key management is a tricky thing and should not be choosen without a good idea on how to proceed (hire a professional if you go that way).
Finally, the whole idea of an IV is that it protects plain text when the same key is used. You may set the IV to all zero’s if you have a key per plain text / cipher text pair. It is however the idea that you use a single key, stored somewhere save, and a random IV stored with the cipher text.
As said, if you did not know this already, then your scheme is unsafe, because there are many other things to consider, and you probably didn’t.
PS Microsoft has some ways to securily store keys in the system, you might want to search stackoverflow for that. I’m however not an expert regarding the MS API’s.