Best Encryption Class .net

A

Aquilla

Well-Known Member
Joined
Sep 27, 2007
Messages
141
Reaction score
0
Location
Shaolin Monastery
Hey

I am writing a basic encryption app that can encrypt .txt files and you can store your passwords of all your sites etc onto it. You only have to remember one password to decrypt and encrypt to view all your other passwords.

I am thinking of using the Rijndael Cryptography Class (Awesome name for a class :P). Will this encryption be strong enough?

Any suggestions?
Rather use AES, TripleDes?
 
Doesn't matter...they are all fine. I'd go for AES though since it'll have the best docu on the interwebs out of those. I vaguely recall 3des being slightly weaker...but its still strong enough that it doesn't matter.

Also take care...these type of things are prone to the programmer making some arb mistake that kills the security without him/her even realizing it. Esp relating to the rand & hash generation.
 
AES = Rijndael. AES was the "competition" and Rijndael was the winner.

Selection criteria wasn't limited simply to strength of the algorithm.

We had some math dude lecture us in University about encryption. He pretty much advised us to not try unless we really, really felt we were great at mathematics (apart from in depth knowledge required of underlying data storage principles on a computer).

3DES was a stop-gap for DES which is already pretty much broken.

Also what HavocXphere wrote is true.

I can already see two things that aren't taken into consideration here:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
http://en.wikipedia.org/wiki/Password_salting

Also LastPass already does what you are writing :)

Don't want to rain on your parade, just trying to be informative.

Source code for TrueCrypt will probably be the best way to see how to really do it correctly. They use very specific block chaining methods, a very strong salt and offer a choice of very strong hash algorithms also (hash algorithms also need to be strong).

They provide a huge about of knowledge.
 
Last edited:
Do not write your own crypto (if that was your plan) use publicly available classes/packages for this
 
I enrolled for the online Cryptography I course at https://www.coursera.org/course/crypto - provided by Stanford University with Prof. Dan Boneh being the lecturer. It started on Monday, but I haven't had the time to go through the videos yet, which I'll have to do tomorrow - Sunday.
I think enrollments are still open, but perhaps not for very long still...

Crypto is very interesting, challenging and a very broad subject, especially if you're going into PKI (public-key infrastructure) like I'm doing software development in.

Most of the fairly new stream cipher and hash algorithms are very difficult (or near impossible) to crack, but due to faulty implementations/use of them make them vulnerable! Like 3DES is still pretty darn secure - but DES was used in a stupid manner in the MS-CHAP v2 protocol, which is being used in WiFi security and PPTP VPNs, making it now possible to crack it in under 24 hours with the right equipment (or by using paid the online service) :D

So if you're doing this application for educational purposes - by all means go ahead. If you're doing it to sell/distribute your application, then be sure to do some serious research into how to properly use all the algorithms.

Using AES-256, SHA512 hash, a salted password, requiring a strong & long password from the user, getting random user input (like TrueCrypt does with the mouse movements) to improve the entropy/randomness of the key and of course a good pseudo random number generator are just a few things to consider. * Please just take note that I haven't worked much with file encryption at all!
AES encryption also has hardware acceleration support in the newer CPU's.
 
Thanks guys, well I am all against reinventing the wheel. I am however purely doing this "project" for educational purposes. Appreciate all the input!!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X