locked
.NET DES encryption using a weak key RRS feed

  • Question

  • Hi all,

    I have a problem with DES encryption. I have to use DES encryption with the key "00 00 00 00 00 00 00 00" (I must authenticate me first before changing the key). But the .NET DES class has a static method named "IsWeakKey" which not allowed me to use this key.

    Have you any solution for me, please ?

    Thanks

    Tuesday, July 28, 2015 9:03 AM

Answers

All replies

  • No idea ?
    Tuesday, July 28, 2015 11:44 AM
  • You can't bypass the bahaviour of a class unless that option is exposed to you by the creator of the code.

    You can, however, disassemble the DLL youself, comment out that call and assemble it again, and then place the modified library inside your BIN folder (if it's web) or in the same folder of your EXE (You're advised to NOT replace the officially signed DLL because other applications using the runtime may break).

    Also, don't forget to call IsWeakKey yourself after this change in your own code if you plan to generate a key for other use in later stage.

    P.S.: As the fashion for any request involving lowering security / alter system behavior on code level, I've intentionally left out a few details to check on whether he process adequate knowledge to do it. Please don't spoil it.

    Wednesday, July 29, 2015 1:46 AM
    Answerer
  • Thanks for your answer. I have used .Net Reflector with Reflexil plug-in to decompile and edit sources. But I have a problem to change mscorlib.dll path. I have placed the dll in my exe dir but I think that VS doesn't "see" it.

    Can you help me, please ?

    Wednesday, July 29, 2015 9:44 AM
  • You can add the assembly manually by unloading the project and edit the project file:

        <Reference Include="mscorlib">
          <HintPath>.\mscorlib.dll</HintPath>
          <Private>True</Private>
        </Reference>

    Note that you should also follow these steps to tell VS not to import the standard mscorlib itself. This skill is essential on the old days to load custom PCL.

    The only problem is that, after you compile, the system still attempts to load the mscorlib in the .NET framework GAC. How could you prevent that. (This is the core part of action considered "dangerous" and you'll have to figure it out yourself)

    Wednesday, July 29, 2015 10:39 AM
    Answerer
  • Okay, thanks for reply, but I haven't the "Do not reference mscorlib.dll" option in "Build -> Advanced" using Visual Studio 2013 (Community edition).

    Also, I have another question about the Copyright. Indeed, if I recompile Microsoft sources with my changes, I think it's a problem with copyright ?


    Wednesday, July 29, 2015 12:10 PM
  • Finally I solved all my problems without making changes in mscorlib.dll with this post : https://social.msdn.microsoft.com/Forums/fr-fr/8fdfcce7-3a8a-4271-8557-3df715c80df8/weak-key-cryptographic-exception

    Thanks for all answers!

    bye


    Wednesday, July 29, 2015 12:46 PM
  • Glad you found other way to solve it, but since you asked...

    There is no copyright problem as long as only you / your company use it because you're not going to redistribute it (just like... you can write on books you bought). It's doesn't violate DMCA because your change is not related to "circumvent copyright protection".

    However, in order to get the modified DLL loaded, if the machine is not a machine you own, you'll cross the line of "hacking" the machine. (Some of the steps requires to modify the system binaries because Microsoft has done a lot to make sure the "official" copy of mscorlib got loaded.

    I've read that reply, so you're no facing problem with other components not accepting a weak key. Sorry for pointing you to the unnecessarily convoluted way.

    Wednesday, July 29, 2015 1:43 PM
    Answerer