Re: Choosing encryption method?
From: Ayende Rahien (Ayende_at_nospam.com)
Date: 04/26/04
- Next message: Bravery: "Directory.GetFiles Across Servers"
- Previous message: Michel Gallant: "Re: Choosing encryption method?"
- In reply to: Michel Gallant: "Re: Choosing encryption method?"
- Next in thread: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Alek Davis: "Re: Choosing encryption method?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Apr 2004 23:39:03 +0200
I'll check that out, thanks.
Another question, how can I tell if I'm decrypting with the wrong
password? Having garbage data is too late, I think ;-)
Michel Gallant wrote:
> You are manually trying to do what password-derived symmetric
> encryption already does (derives a symmetric key from hash of pswd etc..).
> See comments here:
> http://www.jensign.com/JavaScience/dotnet/SimCryptNET
> and details of adding extra entropy to weak passwords here:
> http://www.jensign.com/JavaScience/dotnet/SimCryptNET/indexdetails.html
>
> - Mitch Gallant
> MVP Security
>
> "Ayende Rahien" <Ayende@nospam.com> wrote in message news:%23slvMN8KEHA.2012@TK2MSFTNGP11.phx.gbl...
>
>>I want to secure sensitive data (bank & money) using
>>System.Security.Cryptography, my problem is what strategy to take?
>>
>>The requirements (in order of importance):
>>0> Has to work on Win9x (so CryptoAPI is probably out)
>>1> Has to survive client's reinstalls - moving to another computer, etc.
>>2> As secure as possible.
>>3> Datasets of a few MB.
>>4> Require resounable performance.
>>5> Data is usually text (XML data)
>>
>>
>>At first I thought about using RjindaelManaged with a user-generated
>>password.
>>The way I'm doing it is SHA386 the password, grab the first 256 bits for
>>key and the rest for IV, and the encrypting it.
>>The question is how secure it is? I understand that using a password
>>choosen by the user (and it'll have to be this) weaken the bit-range of
>>the encryption, but does SHAing the password helps?
>>
>>I suppose I could generate a random key and use asymmertric encryption,
>>but then I face the same problem, how do I survive a reinstall/moving to
>>another computer?
>>
>>Any other suggestions would be appriciated.
>>
>>Thanks in advance,
>>Ayende Rahien
>
>
>
- Next message: Bravery: "Directory.GetFiles Across Servers"
- Previous message: Michel Gallant: "Re: Choosing encryption method?"
- In reply to: Michel Gallant: "Re: Choosing encryption method?"
- Next in thread: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Michel Gallant: "Re: Choosing encryption method?"
- Reply: Alek Davis: "Re: Choosing encryption method?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
