Re: Elliptic Curve Cryptography algorithm for key exchange

From: Michel Gallant (neutron_at_nspxistar.ca)
Date: 10/30/03 

Date: Thu, 30 Oct 2003 13:35:14 -0500

"Pent" <pent> wrote in message news:%23nNXjEwnDHA.964@TK2MSFTNGP10.phx.gbl...
> "Michel Gallant" news:OuoAervnDHA.1632@TK2MSFTNGP10.phx.gbl...
> > Anyway, another trend, particularly in .NET documentation that should be
> > at least be flagged, is the samples which encourage the use of AES, but
> with
> > only password derived (instead of asymmetric key protected) keys. This
> might
> > leads to developer perception of better security (i.e. AES) but in reality
> poor
> > protection with easily crackable pswd-derived AES keys!!
> >
>
> I think this depends on how good the password deriving function is. Next
> version of .NET will have another one, http://www.faqs.org/rfcs/rfc2898.html
> (PBKDF2) based class to derive bytes from password. MSDN docs should
> emphasize the role of iteration in password derived function, besides
> choosing good password and salt.
>

The current 1.1. release has PasswordDeriveBytes() as you know, leveraging underlying
CryptoAPI CryptDeriveKey() with some protection to PKCS#5 (not available via CryptoAPI):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemsecuritycryptographypasswordderivebytesclasstopic.asp

However, with asymmetric encryption, you have maximum possible key entrypy by default,
not dependent on the programmer implementing sufficient iterations, salt et.c..
(of course, the RSA keys must be closely guarded).

 - Mitch Gallant