Re: DES ECB Encryption cannot decrypt
From: I.Charitopoulos (i.charitopoulos_at_mellon.com.gr)
Date: 08/26/03
- Previous message: Keith Patrick: "Re: Meaning/consequences of Unrestricted=true"
- Next in thread: Ivan Medvedev [MS]: "Re: DES ECB Encryption cannot decrypt"
- Reply: Ivan Medvedev [MS]: "Re: DES ECB Encryption cannot decrypt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Aug 2003 18:55:44 +0300
I have come across the same problem, though so far I truncated the padded 0s
at the end of the ciphertext, believing it to be "garbage" that somehow
ended up there, probably due to some imaginary glitch. Thanx for the *very
insightfull* post Ivan.
You should note though, in some cases like communicating with legacy systems
(as I have unfortunately been attempting to lately) requires that we lower
the security standards and use low-security algorithms. I am currently
trying to pass and receive encrypted data to an old embedded system that the
only encryption it offers is a really awkward looking C implementation of
DES (still trying to make sure its in ECB mode) written back in '96,
provided "as is" in its operating system... and finding it quite difficult.
----- Original Message -----
From: "Ivan Medvedev [MS]" <ivanmed@online.microsoft.com>
Newsgroups: microsoft.public.dotnet.security
Sent: Friday, May 09, 2003 6:31 PM
Subject: Re: DES ECB Encryption cannot decrypt
> Per -
> there is a thing in crypto called "padding" - when the data is
encrypted
> with DES in .NET classes by default it is padded with up to 8 bytes of
> padding, that is why you are getting 16 bytes of ciphertext. Now, the
> decryptor by default expects the cipher text to have that padding and
> attempts to remove it, and because you only give it the first 8 bytes of
the
> ciphertext it fails. Padding must be used if you need to process data of
> various lengths. If your data size is always a multiple of 8 you don't
have
> to use padding and you can turn it off by setting DES.Padding =
> PaddingMode.None for both encrypting and decrypting algorithm object.
> I would highly recommend that you read some books or online resources
on
> cryptography in general. I have seen companies having big problems because
> people implementing crypto didn't exactly know what they were doing. For
> example, I wouldn't recommend using ECB mode unless you know for sure that
> it is the right choice, instead I would recommend sticking to the default.
> In out prior conversation I have posted a modified version of your
code
> that worked without problems and could roundtrip any data. As I understood
> you could not use that code because the encryptor returned a byte array
and
> for some reason you only can pass around strings (please correct me if I
> understood it incorrectly). Therefore I suggested that you use Base64; use
> ToBase64 in the encrypting method to get a string out of the encrypted
> bytes, pass the string around and use FromBase64 in the decrypting method
to
> get bytes out of the string. ToBase64/FromBase64 guarantees that you get
the
> same byte array out as you put in.
> Please let me know if this approach does not work for you or you have
> trouble making the program work, and I will post another version of the
> program that does exactly what you want.
> --Ivan
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
- Previous message: Keith Patrick: "Re: Meaning/consequences of Unrestricted=true"
- Next in thread: Ivan Medvedev [MS]: "Re: DES ECB Encryption cannot decrypt"
- Reply: Ivan Medvedev [MS]: "Re: DES ECB Encryption cannot decrypt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
