Re: 3DES Encryption Storage Size

From: Joseph Ashwood (ashwood_at_msn.com)
Date: 10/25/05 

Date: Tue, 25 Oct 2005 20:49:18 GMT

"Larry" <lhowe2005@gmail.com> wrote in message
news:1130262392.415479.239810@g44g2000cwa.googlegroups.com...
> Let's say that I have a 10 character textual value that I want to
> encrypt using 3DES (via the CreateEncryptor method of the .NET
> TripleDESCryptoServiceProvider class). I want to store the encrypted
> byte array into a varbinary column in SQL Server 2000. How do I know
> what my maximum size of this varbinary column should be?

3DES works on 8-byte chunks, so first round your data up to 8 bytes, then
because you'll be using it in a secure mode add 8-bytes for the IV, and you
should be using a MAC so add another 8-bytes for another IV and another
8-bytes for MAC storage, totalling 40-bytes for your case, you may have to
Base-64 encode it afterwards depending on how SQL Server deals with
non-printable characters. However I would recommend that you instead use
AES, it's faster, newer, believed to be more secure, and the 16-byte block
has many advantages, even though it would move the storage requirements to
64-bytes. The biggest reason to make this change is that once you hot 2^32
3DES outputs you will see insecurities, and this will lower the security of
the credit card numbers you're storing, with AES this number moves to 2^64
which is fairly well unachievable.
                        Joe

Quantcast