Is AES-256-CBC safe to use in 2018?
Is it safe to use CBC mode for AES?
My research on this topic led to an article with the following lines in it -
AES encryption refers to the process of concealing electronic data using an approved 128-bit, 192-bit, or 256-bit symmetric encryption algorithm from the Advanced Encryption Standard (AES), also known as FIPS 197. The AES is a computer security standard for cryptographically securing electronic information, usually secret and top-secret government information. The standard is published and maintained by the National Institute for Standards and Technology (NIST).
The AES is one of many NIST-issued Federal Information Processing Standards (FIPS), which are approved by the U.S. Secretary of Commerce before publication to ensure their legal alignment with the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987. It is the only publicly available block cipher approved by the National Security Agency (NSA) for transmission and encryption of secret and top-secret information and intelligence.
It's a little hard to say without knowing your exact set-up if Aes-256-cbc would be safe, but CBC may well be fine, especially as it is available in .NET as is.The main risk of CBC is the padding oracle attack here are some good links:
- https://blog.cloudflare.com/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/
- https://docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-cbc-mode If you can be confident that an attacker cannot modify the cipher text then you should be alright. You could also go down the route of encrypt-then-MAC to ensure that the actual ciphertext was unaltered.