1

I have an application that keeps it's data in classes (not database). for saving data I use binaryformatter and convert this data to memorystream then encrypt it. for being safe, I want to keep a backup of this data. so I would have same data encrypted with same key but different salt and counter(IV) . Is this safe or having same data with same key will endanger security?

I tried to add a class with random length fake bytes to data and set it in start, so files will have different sizes and their data will not be exactly same, but it seems binaryformatter have it's own order and I can not ensure that this class will be in start of encrypted file (is there a way to do this?)

Improve this question
5
  • What language is this C#? And what are you trying to do, make redundant but not identical coppies? Commented Apr 18, 2017 at 6:50
  • It sounds like the IV becomes the key. Key management is going to be your big problem. Commented Apr 18, 2017 at 6:51
  • @this.josh yes C#, I try to keep a backup of my data in a safe way. Commented Apr 18, 2017 at 7:50
  • @schroeder thanks. Is there any right way to create encrypted copy of data with same key? Commented Apr 18, 2017 at 7:52
  • 2
    Please see this. You can safely encrypt same data with same key and different IV. What you should be careful with is that you never use same key and IV combination with two different plaintexts - never reuse key/IV combination. Also, for most modes IV needs to be random and not counter. What mode did you choose? More info here. Commented Apr 18, 2017 at 8:08

2 Answers 2

Reset to default
0

You can safely encrypt same plain text twice with the same key and different IV. Please see this and this.

You need to be careful not to reuse same key/IV combination on two different plaintexts. You will always need to generate new IV for every plaintext you want to encrypt.

Also, for most modes IV needs to be random and not counter. When you choose mode of operation be sure to check IV requirements and follow them.

Improve this answer
0

I am not sure what is the language you are using. As an example if you are using Java, the best way to encrypt your object is using Java Sealed Object. It provides you the easy encryption and decryption process with less overhead and provides easy persistence state as well.

It is safe to use different IV and salt. You need to make sure that your key,IV and salts are secured during the Crypto process.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.