Choosing encryption method?
From: Ayende Rahien (Ayende_at_nospam.com)
Date: 04/26/04
- Next message: Michel Gallant: "Re: Choosing encryption method?"
- Previous message: Aaron: "RE: Decryption Performance"
- Next in thread: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Michel Gallant: "Re: Choosing encryption method?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Apr 2004 22:19:11 +0200
I want to secure sensitive data (bank & money) using
System.Security.Cryptography, my problem is what strategy to take?
The requirements (in order of importance):
0> Has to work on Win9x (so CryptoAPI is probably out)
1> Has to survive client's reinstalls - moving to another computer, etc.
2> As secure as possible.
3> Datasets of a few MB.
4> Require resounable performance.
5> Data is usually text (XML data)
At first I thought about using RjindaelManaged with a user-generated
password.
The way I'm doing it is SHA386 the password, grab the first 256 bits for
key and the rest for IV, and the encrypting it.
The question is how secure it is? I understand that using a password
choosen by the user (and it'll have to be this) weaken the bit-range of
the encryption, but does SHAing the password helps?
I suppose I could generate a random key and use asymmertric encryption,
but then I face the same problem, how do I survive a reinstall/moving to
another computer?
Any other suggestions would be appriciated.
Thanks in advance,
Ayende Rahien
- Next message: Michel Gallant: "Re: Choosing encryption method?"
- Previous message: Aaron: "RE: Decryption Performance"
- Next in thread: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Michel Gallant: "Re: Choosing encryption method?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
