8

My boss wants me to encrypt some information used during data transfer. The individual strings to be encrypted are between eight and twenty characters long. A single password must be used to encrypt and decrypt so I need a symmetric alogrithm. I don't want to roll my own - I want to use one built into .NET from C#.

So, which algorithm is best?

6 Answers6

8

TripleDes ?

You can use the System.Security.Cryptography.TripleDESCryptoServiceProvider

Small amount of code to encrypy/decrypt... does exactly what it says on the tin :)

Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
Eoin Campbell
  • 43,500
  • 17
  • 101
  • 157
  • I agree with you DES is best option for him. – Syed Tayyab Ali May 10 '09 at 16:50
  • My only concern with DES is how to do a key exchange securely. – James Black May 10 '09 at 22:54
  • 1
    This issue (key exchange) applies to any symmetric cipher (of course there are also issues with asymmetric), and the OP explicitly requested symmetric. http://en.wikipedia.org/wiki/Key_exchange is a good place to start, but it's a complex topic. – Matthew Flaschen May 11 '09 at 05:08
  • Shouldn't be a problem. It is for exchanging banking details between two internal offices. –  May 11 '09 at 06:51
7

TripleDES is a very good option, but you can also consider AesCryptoServiceProvider (AES), which is a modern symmetric cipher.

Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
3

.net security classes:

Hash

* MD5
* MD5Cng
* SHA1
* SHA1Managed
* SHA1Cng
* SHA256
* SHA256Managed
* SHA256Cng
* SHA384
* SHA384Managed
* SHA384Cng
* SHA512
* SHA512Managed
* SHA512Cng

Symmetric Encryption: Uses the same key for encryption and decryption.

* DES
* DESCryptoServiceProvider
* TripleDES
* TripleDESCryptoServiceProvider
* Aes
* AesCryptoServiceProvider
* AesManaged
* RC2
* RC2CryptoServiceProvider
* Rijandel
* RijandelManaged

Asymmetric Encryption: Uses different keys for encryption and decryption.

* DSA
* DSACryptoServiceProvider
* ECDsa
* ECDsaCng
* ECDiffieHellman
* ECDiffieHellmanCng
* RSA
* RSACryptoServideProvider
Ron
  • 1,786
  • 19
  • 20
  • 1
    That's a very good dump of class names, but most of those have no relevance to the submitter (who wants a /symmetric/ /encryption/ algorithm), not a hash or an asymmetric cipher. – Matthew Flaschen May 10 '09 at 17:15
3

Here is encrypt & decrypt function with des3 encryption

''' <summary>
''' Encrypts a memory string (i.e. variable).
''' </summary>
''' <param name="data">String to be encrypted.</param>
''' <param name="key">Encryption key.</param>
''' <param name="iv">Encryption initialization vector.</param>
''' <returns>Encrypted string.</returns>
Public Shared Function Encrypt(ByVal data As String, ByVal key As String, ByVal iv As String) As String
    Dim bdata As Byte() = Encoding.ASCII.GetBytes(data)
    Dim bkey As Byte() = HexToBytes(key)
    Dim biv As Byte() = HexToBytes(iv)
    
    Dim stream As MemoryStream = New MemoryStream
    Dim encStream As CryptoStream = New CryptoStream(stream, des3.CreateEncryptor(bkey, biv), CryptoStreamMode.Write)
    
    encStream.Write(bdata, 0, bdata.Length)
    encStream.FlushFinalBlock()
    encStream.Close()
    
    Return BytesToHex(stream.ToArray())
End Function
    
''' <summary>
''' Decrypts a memory string (i.e. variable).
''' </summary>
''' <param name="data">String to be decrypted.</param>
''' <param name="key">Original encryption key.</param>
''' <param name="iv">Original initialization vector.</param>
''' <returns>Decrypted string.</returns>
Public Shared Function Decrypt(ByVal data As String, ByVal key As String, ByVal iv As String) As String
    Dim bdata As Byte() = HexToBytes(data)
    Dim bkey As Byte() = HexToBytes(key)
    Dim biv As Byte() = HexToBytes(iv)
    
    Dim stream As MemoryStream = New MemoryStream
    Dim encStream As CryptoStream = New CryptoStream(stream, des3.CreateDecryptor(bkey, biv), CryptoStreamMode.Write)
    
    encStream.Write(bdata, 0, bdata.Length)
    encStream.FlushFinalBlock()
    encStream.Close()
    
    Return Encoding.ASCII.GetString(stream.ToArray())
End Function
Jan
  • 4,974
  • 3
  • 26
  • 43
Vikram
  • 6,865
  • 9
  • 50
  • 61
1

You could just use RSA encryption, since these are short strings, which will make key exchange simpler.

How much you can encrypt with RSA is based on the key length.

I am a fan of the rsa library from bouncy castle.

James Black
  • 41,583
  • 10
  • 86
  • 166
0

DES is pretty much obsolete at this point. Here is the Wikipedia. If you are changing the key a lot, it might be adequate, but if you are relying on a key for a while, AES seems like a better choice.

Of course it is a question of how much protection you need. But AES is build right in there too.

I have used AES for small strings, and it works nice.

What I have read about TripleDES is that since DES is easily crackable, TripleDES is still not substantial.

John Christman
  • 583
  • 4
  • 11
  • 2
    Actually, Wikipedia (http://en.wikipedia.org/wiki/TripleDES#Security) and NIST (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf) (p. 66), say that TripleDES is expected to be secure until 2030. – Matthew Flaschen May 13 '09 at 05:42
  • 1
    [Original NIST document](http://web.archive.org/web/20090327043940/http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf) from Internet Archive. [Revised NIST document](http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf) (2007) with same conclusion on Triple DES. – Matthew Flaschen May 02 '12 at 23:06