Deriving Rijndael Key from Plain and Cipher Text

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jonesy246
Forum Newbie
Posts: 1
Joined: Thu Jul 01, 2010 8:33 am

Deriving Rijndael Key from Plain and Cipher Text

Post by jonesy246 »

I'm implementing a solution for managing licenses using PHP's mycrypt functions - see example #2 at http://www.php.net/manual/en/function.m ... e-open.php.

I'm not going to go into massive detail of how my solution works, but what I want to know is if a person knows the:

1) Plain text
2) Ciphered version of that plain text
3) Initiation vector used to create that cipher text

Can they derive the encryption key used to convert the plain text to cipher text? I'm using rijndael-128.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Deriving Rijndael Key from Plain and Cipher Text

Post by Mordred »

Not, unless you're doing something stupid, or you use a very weak key.

Having said that, if an attacker has the means to know your plaintext, maybe you should revisit the need to encrypt it in the first place.
Post Reply