Re: Choosing encryption method?

From: Ayende Rahien (Ayende_at_nospam.com)
Date: 04/27/04 

Date: Tue, 27 Apr 2004 02:22:50 +0200

Thanks, I'll do that.

Alek Davis wrote:

> Ayende,
>
> Verifying whether decryption was successful does not come out-of-the-box,
> but you can implement it yourself with little effort.
> For example, before encrypting data, hash it using MD5 or SHA-1 algorithm
> and append the resulting hash bytes at the end of the plain text. When you
> decrypt data, split the decrypted bytes into original plain text and hash
> (which should be trivial, since the size of hash is always the same and you
> know that the hash bytes are at the end), and hash the decrypted plain text
> again. If the generated hash value matches the decrypted hash value, you can
> assume that decryption worked.
>
> Alek
>
> "Ayende Rahien" <Ayende@nospam.com> wrote in message
> news:eFIe458KEHA.1120@TK2MSFTNGP11.phx.gbl...
>
>>I'll check that out, thanks.
>>
>>Another question, how can I tell if I'm decrypting with the wrong
>>password? Having garbage data is too late, I think ;-)
>>
>>Michel Gallant wrote:
>>
>>
>>>You are manually trying to do what password-derived symmetric
>>>encryption already does (derives a symmetric key from hash of pswd
>
> etc..).
>
>>>See comments here:
>>> http://www.jensign.com/JavaScience/dotnet/SimCryptNET
>>>and details of adding extra entropy to weak passwords here:
>>>
>
> http://www.jensign.com/JavaScience/dotnet/SimCryptNET/indexdetails.html
>
>>>- Mitch Gallant
>>> MVP Security
>>>
>>>"Ayende Rahien" <Ayende@nospam.com> wrote in message
>
> news:%23slvMN8KEHA.2012@TK2MSFTNGP11.phx.gbl...
>
>>>>I want to secure sensitive data (bank & money) using
>>>>System.Security.Cryptography, my problem is what strategy to take?
>>>>
>>>>The requirements (in order of importance):
>>>>0> Has to work on Win9x (so CryptoAPI is probably out)
>>>>1> Has to survive client's reinstalls - moving to another computer, etc.
>>>>2> As secure as possible.
>>>>3> Datasets of a few MB.
>>>>4> Require resounable performance.
>>>>5> Data is usually text (XML data)
>>>>
>>>>
>>>>At first I thought about using RjindaelManaged with a user-generated
>>>>password.
>>>>The way I'm doing it is SHA386 the password, grab the first 256 bits for
>>>>key and the rest for IV, and the encrypting it.
>>>>The question is how secure it is? I understand that using a password
>>>>choosen by the user (and it'll have to be this) weaken the bit-range of
>>>>the encryption, but does SHAing the password helps?
>>>>
>>>>I suppose I could generate a random key and use asymmertric encryption,
>>>>but then I face the same problem, how do I survive a reinstall/moving to
>>>>another computer?
>>>>
>>>>Any other suggestions would be appriciated.
>>>>
>>>>Thanks in advance,
>>>>Ayende Rahien
>>>
>>>
>>>
>
>

Quantcast