Bapho
commented
9 years ago Just copy the PRNGFixes class and apply the fix:
http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html
Open TomMD opened 9 years ago
Bapho
commented
9 years ago Just copy the PRNGFixes class and apply the fix:
http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html
navneet83
commented
9 years ago @TomMD I have highlighted the important of randomizing IV and in code I have used random IV in all the implementations. I don't see this as an issue. Below I have mentioned more details about each implementation --
Java code uses SecureRandom class. See here https://github.com/Pakhee/Cross-platform-AES-encryption/blob/master/Android/CryptLib.java#L267 C# Code uses RNGCryptoServiceProvider.GetBytes (this fills an array of bytes with a cryptographically strong sequence of random values.) See code here- https://github.com/Pakhee/Cross-platform-AES-encryption/blob/master/C-Sharp/CryptLib.cs#L56 ios Code uses SecRandomCopyBytes which generates cryptographically secure random numbers. See code here - https://github.com/Pakhee/Cross-platform-AES-encryption/blob/master/iOS/CryptLib.m#L168
navneet83
commented
9 years ago For added security, I'll integrate the class suggested by @Bapho
ShankarSangoli
commented
9 years ago I believe that we need the same random IV which is used for encryption to decrypt it. Then how do you share the random IV between the platforms?
I have a requirement where I need to encrypt data in C# and decrypt in Android or IOS? Is it doable without sharing random IV?
Bapho
commented
9 years ago @ShankarSangoli imo you only need to know the length of the IV to decrypt the data...
You've commented that the secure random is broken on many platforms - how about including the fix in the IV generation code?