none
Why Cryptography namespace only provide block cipher class, not provide stream cipher(like RC4) class RRS feed

  • Question

  • Dear All:

    I find the System.Security.Cryptography namespace only provide block cipher class,  not provide stream cipher(like RC4) class.Why?I want to provide stream cipher and block cipher in same project, I need self write stream cipher class, and call .net block cipher class, I feel strange.

    Regards,

    Karry


    Karry

    Wednesday, June 20, 2012 9:55 AM

Answers

  • RC4 very likely requires a license. Before you use it in a commercial product, I'd strongly advise you to talk to RSA. RC4 is a trademark and, in order to keep the trademark, RSA needs to enforce it, therefore a lawsuit is likely if word gets out, for instance, by someone searching the forums using the search term rc4.

    It's easy enough to code it, probably no more than 20 lines and you can find descriptions, including test vectors, by googling.

    Another way to (likely) get around the problem is to ask your customer for a piece of code with the cipher they want, with an attached copyright and license that clearly states that the code is theirs and that they get the heat from RSA. Then you put this into a separate assembly and link to it.

    That whole license/trademark/trade secret issue is probably the reason RC4 is not included in the .NET framework.


    Volker


    • Marked as answer by Karry_Wong Tuesday, June 26, 2012 10:35 AM
    • Edited by Hetzi Tuesday, June 26, 2012 1:16 PM link fixed
    Tuesday, June 26, 2012 9:19 AM

All replies

  • How are you going to determine the number of bytes the stream is going to send or receive?  Cryptography is binary data and you need some method of determining where the end of the data is going to be.

    jdweng

    Thursday, June 21, 2012 6:11 AM
  • Hi Karry,

    Welcome to the MSDN Forum.

    I have the same question with Jdweng, would you like to follow up this thread?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, June 22, 2012 10:07 AM
    Moderator
  • AES can be used as a stream cipher by using counter mode. It's not in the CipherMode Enumeration but it shouldn't be much of a problem to implement this. Just make sure you never reuse the same nonce/key pair for as long as your data needs to remain secret.

    Additionally, OFB  and CFB turn block ciphers into stream ciphers too, albeit not very good ones. But these two are part of the CipherMode enumeration.


    Volker

    • Edited by Hetzi Friday, June 22, 2012 3:09 PM OFB/CFB added
    Friday, June 22, 2012 10:50 AM
  • Hi jdweng &Mike,

    Sorry, I don't understand your question"How are you going to determine the number of bytes the stream is going to send or receive?" . I just want to know why .NET framework not provide RC4 class, I need call the unmanaged function in "Advapi32.dll"


    Karry

    Tuesday, June 26, 2012 6:59 AM
  • Hi Karry,

    See this blog: http://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx 

    Have a nice day.


    Ghost,
    Call me ghost for short, Thanks
    To get the better answer, it should be a better question.

    Tuesday, June 26, 2012 7:39 AM
  • Hi ghost,

    Thank you. But my client require use  128 bits RC4 to encrypt data

    Regards,


    Karry

    Tuesday, June 26, 2012 7:56 AM
  • RC4 very likely requires a license. Before you use it in a commercial product, I'd strongly advise you to talk to RSA. RC4 is a trademark and, in order to keep the trademark, RSA needs to enforce it, therefore a lawsuit is likely if word gets out, for instance, by someone searching the forums using the search term rc4.

    It's easy enough to code it, probably no more than 20 lines and you can find descriptions, including test vectors, by googling.

    Another way to (likely) get around the problem is to ask your customer for a piece of code with the cipher they want, with an attached copyright and license that clearly states that the code is theirs and that they get the heat from RSA. Then you put this into a separate assembly and link to it.

    That whole license/trademark/trade secret issue is probably the reason RC4 is not included in the .NET framework.


    Volker


    • Marked as answer by Karry_Wong Tuesday, June 26, 2012 10:35 AM
    • Edited by Hetzi Tuesday, June 26, 2012 1:16 PM link fixed
    Tuesday, June 26, 2012 9:19 AM