When creating a crypto key from a known value would use pbkdf2 @ 10000 or higher iterations for the encryption key from known key, MD5 is *NOT* sufficient.
When an IV or salt is used, it should be unique to each encode. Can be added to the encrypted output or stored separately... re-using the IV allows for a broader attack surface, especially if the encoded content is simlar, such as JSON encoded objects, etc.
tracker1 1270 days ago. link 1 point ▲ ▼