473,473 Members | 2,097 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

C#,encryption , and generating a key

Does anyone have a good method for generating an encryption key, used
by the .net system, from a key phrase entered by the user. Eg. That
will allow the user to enter the same value and get the same key?

Thanks

Nov 15 '05 #1
4 5720
Try the PasswordDeriveBytes class.
That's your easiest bet. Of course, you could do it manually, but getting
the algorithm down to where you could mitigate some of the dictionary and
cryptanalysis attacks is tricky.

-Rob Teixeira [MVP]

"David" <db*******@comcast.net> wrote in message
news:v0********************************@4ax.com...
Does anyone have a good method for generating an encryption key, used
by the .net system, from a key phrase entered by the user. Eg. That
will allow the user to enter the same value and get the same key?

Thanks

Nov 15 '05 #2
"Rob Teixeira [MVP]" <RobTeixeira@@msn.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Try the PasswordDeriveBytes class.
That's your easiest bet. Of course, you could do it manually, but getting
the algorithm down to where you could mitigate some of the dictionary and
cryptanalysis attacks is tricky.

-Rob Teixeira [MVP]


To do this manually, you would use SHA-1 and do the following

EncryptionKey = SHA-1(SHA-1(Supplied Passphrase) || Supplied Passphrase)

Why use SHA-1 twice? Unfortunately, SHA-1 (and MD5 for that matter) are
susceptible to message extension attacks. It's not obvious how one would you
use a message extension attack on a passphrase construction but that's not
the point. It's a known weakness so it's best to eliminate it anyway because
someone much smarter than you might work out how to use message extension in
your system.

Simon.
Nov 15 '05 #3
While this approach is strongER, it is still suseptable to dictionary
attacks. This is why strong password-derived algorithms usually take seed
values in addition to the passphrase, use keyed hashes (instead of an
unkeyed hash like SHA), and run through several iterations using derived
feedback, or run through several iterations of a feistel network-type
algorithm.

-Rob Teixeira [MVP]

"Simon Johnson" <ck***@hotmail.com> wrote in message
news:br**********@titan.btinternet.com...
"Rob Teixeira [MVP]" <RobTeixeira@@msn.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Try the PasswordDeriveBytes class.
That's your easiest bet. Of course, you could do it manually, but getting the algorithm down to where you could mitigate some of the dictionary and cryptanalysis attacks is tricky.

-Rob Teixeira [MVP]
To do this manually, you would use SHA-1 and do the following

EncryptionKey = SHA-1(SHA-1(Supplied Passphrase) || Supplied Passphrase)

Why use SHA-1 twice? Unfortunately, SHA-1 (and MD5 for that matter) are
susceptible to message extension attacks. It's not obvious how one would

you use a message extension attack on a passphrase construction but that's not
the point. It's a known weakness so it's best to eliminate it anyway because someone much smarter than you might work out how to use message extension in your system.

Simon.

Nov 15 '05 #4


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 15 '05 #5
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
34
Encryption with Python?
by: Blake T. Garretson | last post by:
I want to save some sensitive data (passwords, PIN numbers, etc.) to disk in a secure manner in one of my programs. What is the easiest/best way to accomplish strong file encryption in Python? ...
Python
1
Oracle ODBC error with ENCRYPTION
by: Cliff | last post by:
We are trying to connect to 3 different Oracle databases using MS Access as the front-end and ODBC as the connection. The problem that we are having is that 1 of the databases requires a...
Oracle Database
34
encryption with python
by: jlocc | last post by:
Hi! I was wondering if someone can recommend a good encryption algorithm written in python. My goal is to combine two different numbers and encrypt them to create a new number that cann't be...
Python
113
How good an encryption algorithm is this?
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
C# / C Sharp
1
Encryption Provider with PUBLIC decryptor and PRIVATE encryptor?
by: blesh | last post by:
I have a need to encrypt information with a private key and decrypt it with a public key. As odd as that sounds, that's what I need. I need to make sure the public can't duplicate the encryption....
C# / C Sharp
3
Encryption of Large Text String
by: xanthviper | last post by:
I know this has been probably covered a lot, but hopefully someone can help me out. Awhile back, I was doing some searching on encryption methods and found an example to where you can take very...
ASP.NET
11
Simple XOR encryption code issues (segmentation fault)
by: John Williams | last post by:
I've written a simple program to do XOR encryption as my first foray into understanding how encryption works. The code compiles fine, however it segmentation faults on every run. using gdb to...
C / C++
22
encryption problem
by: Wilson | last post by:
i am learning to program using c++ and was set a task of making a simple encryption algorithim. I choose to start with one where simply each letter is replaced with its equivilent in the alphabet...
C / C++
9
Using encryption
by: Alan M Dunsmuir | last post by:
In my (PHP-5) application I have to write some records to a table in my database, which I don't want even my clients using the system to be able to read. This is not a problem in National...
PHP
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us