AES Encryption
#2
In a crypto-system, the key is supposed to be secret. In your system, the key is based on OS, username... that is NOT secret at all and anybody who access the computer (or its information) would be able to generate that key.

You should let the user enter a key by himself (secret and not based on known information) and hash it with a strong hash function such as PBKDF2 with 10000 rounds of salted SHA512.

You cannot base the IV on the key because its entropy is way too low.

I recommend you to read some articles (wikipedia is a good start):
http://en.wikipedia.org/wiki/Kerckhoffs's_principle
http://en.wikipedia.org/wiki/Key_derivation_function
http://en.wikipedia.org/wiki/Initialization_vector


Messages In This Thread
AES Encryption - by TrAnn3l - 07-29-2014, 09:02 PM
RE: AES Encryption - by hypn0s - 07-30-2014, 07:16 PM
RE: AES Encryption - by TrAnn3l - 07-31-2014, 01:17 PM