Re: Create hash with AES?

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 11/08/03 

Date: Sat, 8 Nov 2003 10:36:25 -0500

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:OVOZExgpDHA.3688@TK2MSFTNGP11.phx.gbl...
> "Bob" <bob@nospam.com> wrote in message
> > It just occured to me that I should probably ask if AES is in fact the
> best
> > way to go for the encryption of sensitive Govt data? Mainly text and
> binary
> > files, but also email, and text such as passwords...
>
> Yes, the AES is the most sensible choice.
>
> However if you're going to encrypt government data with it, I suggest you do
> not use the code posted here in this thread; it has some serious issues.
 -- snip

> Long story short: don't use
> passwords, use a secure random key. [You can generate a random key by using
> the RNGCryptoServiceProvider. Before storing the key on a disk, encrypt it
> with a public/private key pair of the user. For government purposes, it
> would be wise to use a public/private key pair on a smart card. If this is
> not possible, you can always use the public/private key pairs Windows
> generates for each user account. Unfortunately, I don't think .NET has
> direct support for this, so you may have to do some interop.]

An article will appear next week (will advise here) showing how to use any
X509 certificate file, or any CryptoAPI store certificate, to "envelope" the
symmetric key (i.e. encrypt with the RSA public key) any .NET symmetric key
and associated IV for best protection, as Pieter advises above. Currently, this
functionality requires Pinvoke to CryptoAPI, but next release of .NET will
have classes supporting this EnvelopedData funtionality.

Cheers,
 - Mitch Gallant

Relevant Pages

  • Re: Create hash with AES?
    ... > files, but also email, and text such as passwords... ... the AES is the most sensible choice. ... However if you're going to encrypt government data with it, ... would be wise to use a public/private key pair on a smart card. ...
    (microsoft.public.dotnet.security)
  • Re: AES with constant key
    ...  But if the message file you encrypt say with straight AES ECB mode ... And thats if AES is perfect which is not likely. ... to trick people into using weak crypto so that the big 3 letter ... My Compression codehttp://bijective.dogma.net/ ...
    (sci.crypt)
  • RE: AES Symmetric Key Secure Storage
    ... private key - both stored in a CAPI container. ... Now if you use PER USER AES key than the best is to protect the key (ie. ... encrypt it) with a key pair stored in the user's container. ...
    (microsoft.public.platformsdk.security)
  • Re: Need secure block cipher for 96 bits of block size
    ... AES need 128 bits data blocks. ... If you need to send exactly 96 bits of ciphertext for 96 bits of plaintext ... Encrypt the first 64 bits of plaintext to give a first 64-bit block. ... To decrypt you first decrypt the second block, and append the last 32 bits ...
    (sci.crypt)
  • Re: AES encryption doubts about array sizes
    ... Your IV is exactly 16 bytes, which equals the blocksize of AES. ... Here you encrypt the IV, ... also,I tried the decryption, ...
    (comp.lang.java.programmer)
Quantcast