Re: Importance of salt
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/16/05
- Next message: vla10d_at_gmail.com: "Re: Importance of salt"
- Previous message: vla10d_at_gmail.com: "Re: Importance of salt"
- In reply to: vla10d_at_gmail.com: "Re: Importance of salt"
- Next in thread: vla10d_at_gmail.com: "Re: Importance of salt"
- Reply: vla10d_at_gmail.com: "Re: Importance of salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Sep 2005 03:15:08 -0700
Hello vla10d@gmail.com,
don't use Random!
IIRC - the SymmetricAlgorithm class has built in key generation. For general
purpose random numbers use the RNGCryptoServiceProvider class.
as i said - there is another golden rule - never use a long term secret (=password)
directly to encrypt bulkloads of data.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Okay, I will consider your approach. Just to be sure that I completely
> understand, the increase in time comes from the first computation
> where he retrieves a key based on his dictionary. Trying to decrypt
> with that retrieved key is the same as if he immediately tried the key
> he got based on his dictionary.
>
> Is there a risk in generation of random key? As I understand, the
> Random class from the .NET Framework generates pseudo-random numbers
> and shouldn't be used in encryption.
>
> Oh, one more thing I see as an advantage of random salt... with it the
> resulting encrypted text will always be different even for the same
> plain text.
>
> Thanks for the book recommendation as well.
>
> V.
>
- Next message: vla10d_at_gmail.com: "Re: Importance of salt"
- Previous message: vla10d_at_gmail.com: "Re: Importance of salt"
- In reply to: vla10d_at_gmail.com: "Re: Importance of salt"
- Next in thread: vla10d_at_gmail.com: "Re: Importance of salt"
- Reply: vla10d_at_gmail.com: "Re: Importance of salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
