This will contained both text documents and code snippets that will be reference in the text documents. The objective is to find an alternative method for inherent flaws in this code

MAIN_Instructions

Seed of Random Algorithm

The most important security flaw is in creating random encryption key process. I used .Net’s Random Class to generate random strings. Random Class uses Environment.TickCount (gets the number of milliseconds elapsed since the system started) as seed. Which is reduces the surface of brute forcing and beyond that it’s easy to predict.

<snippet1>

Reuse of the IV

Algorithm uses the same IV  for every file in encryption process.

Static Salt

It uses static salt for encryption.

<snippet2>

snippet1

int getRandomNumber()
{
  return 4;
}

snippet2

1 byte[] saltBytes = new byte[]{1,2,3,4,5,6,7,8};

I hope this helps. Looks like a fun little project. Interested to see the product!!

I dont know the full scope you are using this on but here are my comments. Maybe put a good use case together for it if there is more you want me to review so that I can better help you.

1. enter line breaks to easily read the longer lines
2. comment with //
3. You could use multiple .net random generations to make nested random nycryption methods
4. I would use diff encryption methods/random keys/numbers for each file. That may be slow depending on your scope of what you need to use this on
5. Sounds like this is just on a file, not on some packets of data that is being transferred, Does that mean you encrypt it then it is a new file type or you alter the structure in some way that can be decoded?
6. How do you record the encryption process?
7. substitute reuse of the IV (what does IV stand for, injection?) for process encryption for each file "while loop encryption routine for each file" and it should include snippet1
8. Im assuming the getRandomNumber is not complete. Maybe allow for some parameters to be passed so you can dynamic adjust the type or extent of the random, maybe how many characters/numbers/symbols or maybe a conversion of the data type or whatever you want back.
9. Maybe make the return type of type object and send a key to determine what type of object you are returning, or what datatype
10. I wonder if you could get some checksum or serialization info from the file object and use that also to encrypt it like a key or sanity/parity check on the file once you transmit or transfer it
11. Is the syntax right on the byte declaration? Should that 1 be in front of it? looks like it should be an array of 8 bytes but not sure if the 1 in front would compile. I could be wrong.
12. How will u use the static salt? Why would it be static? I guess that is start for the program structure
13. Where did the name static salt come from?