I have been trying to create encoding/decoding functions for secure Credit
Card information.
I was looking at 3DES/MD5 and RC2/MD5.
I found a simple function that seemed to work pretty well, but I am confused
as to what is happening.
In the routine I found it was using the TripleDESCrypto ServiceProvider (and
not the RC2CryptoServic eProvider) class. But in the CryptDeriveKey, it was
passed RC2 and MD5 and 128 bit size (3DES uses 168). It does seem to work,
however.
Why is that?
*************** *************** ******
Public Shared Function TripleDESEncode (ByVal value As String, ByVal key
As String) As String
Dim des As New Security.Crypto graphy.TripleDE SCryptoServiceP rovider
des.IV = New Byte(7) {}
Dim pdb As New Security.Crypto graphy.Password DeriveBytes(key , New
Byte(-1) {})
des.Key = pdb.CryptDerive Key("RC2", "MD5", 128, New Byte(7) {})
Dim ms As New IO.MemoryStream ((value.Length * 2) - 1)
Dim encStream As New Security.Crypto graphy.CryptoSt ream(ms,
des.CreateEncry ptor(), Security.Crypto graphy.CryptoSt reamMode.Write)
Dim plainBytes As Byte() = Text.Encoding.U TF8.GetBytes(va lue)
encStream.Write (plainBytes, 0, plainBytes.Leng th)
encStream.Flush FinalBlock()
Dim encryptedBytes( CInt(ms.Length - 1)) As Byte
ms.Position = 0
ms.Read(encrypt edBytes, 0, CInt(ms.Length) )
encStream.Close ()
Return Convert.ToBase6 4String(encrypt edBytes)
End Function
*************** *************** *****
Should I use the:
RC2CryptoServic eProvider
and
CryptDeriveKey( "RC2", "MD5", 128, New Byte(7) {})
and/or
TripleDESCrypto ServiceProvider
and
CryptDeriveKey( "TripleDES" , "MD5", 168, New Byte(7) {})
I was thinking of setting up a Class that had both.
Also, I also saw the size as 0:
CryptDeriveKey( "TripleDES" , "MD5", 0, New Byte(7) {})
Does that mean it is using the largest possible size?
Thanks,
Tom
