 |
|
|
First,It is very important to me to know method of mathematical justification on a cryptographic algorithm. No idea how to start the justification on it by mathematic because of I've heard about that justification is done before the algorithm is started to build BUT at real condition here, algorithm building is already done before starting justification.
Is this a method or solution to do justification on the algorithm by mathematical after algorithm built? I want to do a proper crypto analysis to prove that the algorithm is not hackable. If any body knows about that, further i'll give more information about the algorithm as well.
General detail
Type: symmetric block cipher
Functions: confidentiality and authenticity
Key size: 256
Round: 3
Complexity: encryption, decryption and key setup
Attack: have not tested yet.
Second, What are the weakness of current IEEE 801.x? Where is possible to find true material, vulnerabilities on IEEE?
Thank you
|
|
|
|
|
|
|
Hello
I wrote a tiny elegant function which does encryption and decryption.
If you just need rapidly a function to encrypt / decrypt, copy/paste this code and youre done.
If the decryption fails it returns null.
Elmü
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
public static string Crypt(string s_Data, string s_Password, bool b_Encrypt)
{
byte[] u8_Salt = new byte[] {0x26, 0x19, 0x81, 0x4E, 0xA0, 0x6D, 0x95, 0x34, 0x26, 0x75, 0x64, 0x05, 0xF6};
PasswordDeriveBytes i_Pass = new PasswordDeriveBytes(s_Password, u8_Salt);
Rijndael i_Alg = Rijndael.Create();
i_Alg.Key = i_Pass.GetBytes(32);
i_Alg.IV = i_Pass.GetBytes(16);
ICryptoTransform i_Trans = (b_Encrypt) ? i_Alg.CreateEncryptor() : i_Alg.CreateDecryptor();
MemoryStream i_Mem = new MemoryStream();
CryptoStream i_Crypt = new CryptoStream(i_Mem, i_Trans, CryptoStreamMode.Write);
byte[] u8_Data;
if (b_Encrypt) u8_Data = Encoding.Unicode.GetBytes(s_Data);
else u8_Data = Convert.FromBase64String (s_Data);
try
{
i_Crypt.Write(u8_Data, 0, u8_Data.Length);
i_Crypt.Close();
}
catch { return null; }
if (b_Encrypt) return Convert.ToBase64String (i_Mem.ToArray());
else return Encoding.Unicode.GetString(i_Mem.ToArray());
}
|
|
|
|
|
|
|
Hello all, I know that this article was written some time ago.
I found it very good, and quite simple.
Some important information was missing, tough, and I wanted to add to it for completeness. O
The class is pretty simple to use, but it does not states that you cannot use any key/iv length you want. I think that was an important point.
This can lead you (if you were a crypto-newbie like me) to weird errors and/or unexpected behaviour, if you don't know those considerations.
Specifically, you should make sure that
a) Initialization Vector (iv) length must be *roughly* 16 bytes/characters long.
b) Key length must be some of
4 characters/bytes (128-bit)
6 characters/bytes (192-bit)
8 characters/bytes (256-bit)
Other sizes might work (16 characters/bytes for 512-bit key should work, for example). Not tested, tough (just guessing), so if it does not work or you have trouble, just stick to the above specs.
* All of these sizes are expressed assuming that
1 character = 1 ASCII 8-bit character, hence occuping each 1 byte.
Just wanted to comment it for completeness.
I hope this helps to avoid some headaches to crypto-newbies like me just because they used the wrong key/iv sizes just like me.
Regards.
|
|
|
|
|
|
|
You may also be interested in looking at the following, related Code Project articles:
Generic SymmetricAlgorithm Helper[^]
This is a generic helper class that exposes simplified Encrypt and Decrypt functionality for strings, byte arrays and streams for any SymmetricAlgorithm derivative (DES, RC2, Rijndael, TripleDES, etc.).
Making TripleDES Simple in VB.NET and C#[^]
This is a simple wrapper class that provides an easy interface for encrypting and decrypting byte arrays and strings using the 3DES algorithm.
|
|
|
|
|
|
|
Use the combination given below.
Plain Text = "378282246310005"
CryptoKey = "kjsfksfj"
IV = "947803489AD34678"
The code does not work, it fails while decrypting. Any Ideas why?
Thanks
Rageesh
Email : rageesh@hotmail.com
|
|
|
|
|
|
|
|
|
|
If you put text 'sqlserver=' into 'plain text' control in demo application, it fails during decryption, in VS 2005. Error code: 'Length of the data to decrypt is invalid'.
If you enter 'sqlserver', decryption works.
If you enter 'sqlserver==', decryption works.
Why?
|
|
|
|
|
|
|
>Why?
I can only guess that this project was created with VS 2003, and if you had converted with VS 2005 some trubles may occur.
Maybe .NET/CLR 2.0 has some internal changes on cryptoalgorithm implementation, but anyway I have no simple answer or solution on this problem. I think that additional research must be done.
xedom developers team
personal web page
|
|
|
|
|
|
|
I had the same problem (using VS2005)
solved this way... I mean, it works for me!
private ICryptoTransform EncryptorDecryptor;
public string Decrypt(string s)
{
Algorithm = new RijndaelManaged();
Algorithm.BlockSize = 256;
Algorithm.KeySize = 256;
EncryptorDecryptor = Algorithm.CreateDecryptor(key, iv);
byte[] encrypted;
UnicodeEncoding textConverter = new UnicodeEncoding();
encrypted = textConverter.GetBytes(s);
MemoryStream msDecrypt = new MemoryStream(encrypted);
msDecrypt.Position = 0;
CryptoStream csDecrypt = new CryptoStream(msDecrypt, EncryptorDecryptor, CryptoStreamMode.Read);
strReader = new StreamReader(csDecrypt);
string Decrypted = strReader.ReadToEnd();
return Decrypted;
}
I now it's almost the same, but... so it works!!!
|
|
|
|
|
|
|
If you take a look at this blog: http://blogs.msdn.com/shawnfa/archive/2005/11/10/491431.aspx
It explains why there's a problem with .Net 2/VS2005. The program needs to use Base64 encoding.
|
|
|
|
|
|
|
I had the same kind of probleme and I found a solution :
this line (in Encrypt):
pwd_str = new UnicodeEncoding().GetString(pwd_byte);
then this one (in Decrypte) :
MemoryStream memStream = new MemoryStream(
new UnicodeEncoding().GetBytes(s));
lost a part of the byte[] (a few byte).
So I used another kind of encoding :
pwd_str = Encoding.GetEncoding("iso-8859-15").GetString(pwd_byte, 0, pwd_byte.Length);
and then :
memStream = new MemoryStream(Encoding.GetEncoding("iso-8859-15").GetBytes(s));
this seems to work better !
Winny
|
|
|
|
|
|
|
|
|
|
Your code sample helped a lot...
|
|
|
|
|
|
|
If you create web application (ASP.NET and C#) and use Cryptography.dll on English Operating System (Web Server), the client (Japanese Operating System) will Decrypt error. Like this:
"http://th-svr03/demo/hr.aspx?dt=녉標쁟漱긢ㆵጷ᪸◕꒿폚샘ꬵ跳ẫԼ&tw=兛聕쮎汋狉㣽냁笵防垑⽆᫄�ﱂ치塂&st=幧픩搑蹟�䴨䶱䊦쇒壼툟蚳ㅗ㊬ବ"
The url was encrypted by Web server then returned for client browers (Japanese Operating System). When you get url for decrypting then result is not same original string (before encrypting).
Can you solve this problem? thanks!
Hoac Tai Thien
|
|
|
|
|
|
|
hi,
your app is realy nice, but i have a problem to store the encrypted text into a XML-File. i became always a error-message that the storeing process could not be finished. if i try to store a "normal" text (not encrypted) the code is pretty good.
thanks for helping.
|
|
|
|
|
|
|
Hi,
I had a similar problem. In my case I was working with an UFT-8 Encoding XML file, and Cryption Class uses Unicode. If you change your XML file type it´s possible that your problem is fixed.
Best Regards
Carlos
|
|
|
|
|
|
|
nice article,
i suggest you check msdn .net security how-to's
for a complete list of articles about storing secrets, cryptography, dpapi,web security, etc...
i had implemented a dpapi library using a user-store some time ago using these how-to's and it worked great (putting aside some managed-com registration issues)
good luck
rugha
|
|
|
|
|
|
|
Your class is a nice wrapper for CryptoStream, but I see a problem...
The application has to store the key somewhere.
For non-critical passwords this may be alright, you can compile the key with the application so that every installation uses the same one. But if you store a personal key, a spy can find it and decrypt all the passwords. So the next step might be a key-manager for the password-manager...
|
|
|
|
|
|
|
You should not use encryption to store password. It's insecure (the key can be retrieved in the code) and inefficient. Every good system handle passwords using an hashing algorithm (MD5, SHA, ...). Hashing is available in the framework so there's no reason not to use it. You should also consider using SALT to thwarth dictionnary attacks.
More informations (from commercial products):
http://www.xceedsoft.com/kb/result.asp?id=285
http://www.aspencrypt.com/task_password.html
Cordially,
Michel
|
|
|
|
|
|
|
hashedJunk = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(passwordWithNaCl, "md5");
|
|
|
|
|
|
|
ok. and if you got a WinForm application? Thanx all for constructive critics, but I developed this wrappper for own needs because I did not find other wrappers that were as simpli in use as mine...
|
|
|
|
|
|
|
Works fine in a WinForm app.
|
|
|
|
|
|
|
ok. and if you got a WinForm application? Thanx all for constructive critics, but I developed this wrappper for own needs because I did not find other wrappers that were as simpli in use as mine...
|
|
|
|
|
|
|
Hashing algorithm hides password once and for all. It used when you have ability compare typed by user text then hashed passw with stored passw. But if you want to store some password(for example it may be password for connection to DataBase) you should use encryption.
Correct me if i'm wrong.;)
|
|
|
|
|
|
|
That's right. But then, the key used to encrypt the passwords should be entered by the user of the application (see PasswordSafe). There is no way to securely keep the master key so that the application can, by itself, decrypt the data. You can make it difficult to extract but it will never be as secure as, let's say, Rijndael, the algorithm used in this article. And since security is a chain as weak as its weakest link...
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin