I made this mistake, too!
That’s why you don’t override defaults if you don’t know what they are.
Also, TripleDES? Why not AES?
Also keep in mind that even if you do use a good algorithm (3DES? ugh!) and sensible block-chaining mode, that just might not be enough.
Like, replay attacks.
Maybe this is just simplified sample code for the blog, but both MD5CryptoServiceProvider and TripleDESCryptoServiceProvider are IDisposable objects that wrap underlying Win32 CryptoAPI components; they should be disposed so that the native objects are freed when no longer in use.
Just curious… what’s your decryption code look like?
You have another problem, although it’s not as serious. The salt shouldn’t be fixed.
It should change every time, so you can’t tell if the same plaintext was encrypted. More seriously, they don’t have to be exactly identical. You can tell if two plaintexts’ share a common prefix (in block sizes).
TripleDES shouldn’t really be relied on anymore these days, anyhow. As others have asked, why not something like AES?
More like CipherMode.Fail!
Hilarious!
In its defense, ECB does have valid uses: Whole disk encryption, for example.
Forgot about MAC? You should have sign the message.
So now you are using CipherMode.CBC ??
The Cipher Block Chaining (CBC) mode introduces feedback. Before each plain text block is encrypted, it is combined with the cipher text of the previous block by a bitwise exclusive OR operation. This ensures that even if the plain text contains many identical blocks, they will each encrypt to a different cipher text block. The initialization vector is combined with the first plain text block by a bitwise exclusive OR operation before the block is encrypted. If a single bit of the cipher text block is mangled, the corresponding plain text block will also be mangled. In addition, a bit in the subsequent block, in the same position as the original mangled bit, will be mangled.
Why isn’t 3-des considered secure? From what I’ve seen the best known attack is the mitm, which takes years and requires large amounts of memory memory.
Given that not everyone can (or should be) an encryption expert, I’d argue that the key issue here is too many options. For experts, certainly options for special cases are fine - but for the average user, why isn’t there an Encrypt(key, plaintext) function built into the API - with all the options fixed by someone who has taken the time to become an expert, so that the rest of us don’t have to?
Or if there is such a function, why didn’t you use it?
(Even your code has one too many options - as a naive user, I’ve no idea whether I should set useHashing to true or false, and why it would matter!)
Yeah - a lot of the posts have been harsh - but aren’t the consequences of this type of naive mistake also harsh?
Yes he made simple mistakes ñ but thatís why I pointed out a specific book (above) that would have stopped that mistake.
I have to agree with the harshness of others (but not the bluntness), if you havenít done a cryptography course, then you better dam well read a book on it because itís not something you want to get wrong.
The problem is that a post like this strikes us as ìif you didnít know that, stop what you are doing and go and learn about it NOW!!!î
Itís like seeing an army soldier playing with a gun and then pointing out to those around them ìhey look ñ it didnít shoot because of this little lever. It must be some type of safety latch.î If they donít know about the safety lever ñ chances are they shouldnít have the gun in their hand.
So the advice would be, go get a cryptography book, read AND understand before writing a single line of code using cryptography. Otherwise there is probably little point in even using cryptography.
Oh, where to begin. 3DES is OK, especially since the items you’re encrypting are of only short-term value. But MD5 for hashing? There are enough attacks against MD5 now that its inadvisable to use it for anything new. Try the SHA-256.
I hope you’re generating a new salt each time… that’s kind of the point of a nonce, that it’s different for each operation. It doesn’t matter if people know the nonce, then. If you use the same nonce, and it’s discovered, then it makes a brute-force or rainbow-table attack a lot more likely.
Also, I find it incredibly hard to believe that you need anything more than session management - if you’re encrypting stuff to be stored in an HTML page, you’re probably doing it wrong.
Encryption is hard to understand. When I first started having to deal with encryption I researched, mostly on the web, but I looked around a lot. I took the lazy route and looked for examples of what I was trying to do. This lead me to a lot of articles and discussion forums on wrong ways to encrypt. These wrong ways were really helpful as I was able to take my encrypting solutions and use the wrong way examples as test cases.
My advice, if you need to add an encryption scheme to your app look for on how to do it, it’s all out there somewhere. Then test, test, and test some more.
Why does the useHashing parameter control hashing of the key, rather than hashing of the plaintext? Hashing the key seems rather stupid, as you could just use hash(key-m4st3r) at the same point you’re now setting key-m4st3r. I’m not a crypto geek, but I don’t think this gains you any additional entropy or anything (the hashed key is vulnerable to the same attacks the unhashed key is, I think). OTOH, encrypting a hashed plaintext is very useful, as that’s the whole basis behind digitial signatures.
Password123 - that’s not your real password is it Jeff? I wouldn’t normally ask, but you know, recent events and all that…
I’ve got a big blind spot in my skill set when it comes to encryption. Keep on sharing, Jeff! These posts help me a lot.
Hi, this is tux:
http://upload.wikimedia.org/wikipedia/commons/5/56/Tux.jpg
and this is tux encrypted with a block cypher in ECB mode:
http://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg
regardless of the type of block cypher (3DES, AES …) ECB is a bad choice for an encryption mode; unless you are showing someone this kind of blunder.
Mario.