none
using hash values for security RRS feed

  • Question

  • Hai all,

    The below mentioned code is usind tripledes and md5 algorithms, wich uses 128bits hash value. Now i want to use algorithm that uses more than 128bits. I am using the following code. But when I am trying to use some other hash algorithm, its throwing error 'Specified key is not a valid size for this algorithm'. Can anyone suggest me an algorithm for using more than 128 bits.

    My Code:

    public static string CryptTripleDES(bool pblnFlag, string pstrOriginal)
      {
       if(pstrOriginal.Trim().Length == 0)
       {
        return "";
       }

       string strEncrypted = null;
       string strDecrypted = null;
       string strSystem = null;
       string strReturn = null;
       TripleDESCryptoServiceProvider tripledes;
       MD5CryptoServiceProvider hashmd5;
       byte[] yarrPwdHash;
       byte[] yarrBuff;

       
       strSystem = "mariajanesalexjanesed";

       hashmd5 = new MD5CryptoServiceProvider();
       yarrPwdHash = hashmd5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strSystem));
       hashmd5 = null;

       tripledes = new TripleDESCryptoServiceProvider();
       tripledes.Key = yarrPwdHash;
       tripledes.Mode = CipherMode.ECB; //CBC, CFB
       try
       {
        if (pblnFlag.Equals(true))
        {
         yarrBuff = ASCIIEncoding.ASCII.GetBytes(pstrOriginal);
         strEncrypted = Convert.ToBase64String(tripledes.CreateEncryptor().TransformFinalBlock(yarrBuff, 0, yarrBuff.Length));
         strReturn = strEncrypted;
        }
        else
        {
         yarrBuff = Convert.FromBase64String(pstrOriginal);

         strDecrypted = ASCIIEncoding.ASCII.GetString(tripledes.CreateDecryptor().TransformFinalBlock(yarrBuff, 0, yarrBuff.Length));
         strReturn = strDecrypted;
        }
       }
       catch (Exception)
       {
        //throw new Exception("Invalid Data ! Encrypt/Decrypt Failed !");
       }
       finally
       {
        //cleanup
        tripledes = null;
       }
       return (strReturn);
      }

    Tuesday, July 31, 2012 6:39 AM

Answers

  • At least SHA256 seems to be the recommended at the moment, no collisions detected. You also have it available for 384 and 512 bit size. 

    Always use a salt with hashing to avoid rainbow table attacks.


    Tuesday, July 31, 2012 6:59 AM
    Moderator
  • Error is coming from the setting the TripleDes.Key, right? That is because the hash you use as key exceeds the supported 192 bits. SHA256 will not work as it produces 256 bit hash and neither 384 or 512 will work in a way you are using it in your current code.

    You should create the key some other way and use hash other than MD5. One option might be use Rfc2898DeriveBytes class to create key from secret password and salt bytes. You can look examples in Rfc2898DeriveBytes documentation.


    Tuesday, July 31, 2012 9:33 AM

All replies

  • At least SHA256 seems to be the recommended at the moment, no collisions detected. You also have it available for 384 and 512 bit size. 

    Always use a salt with hashing to avoid rainbow table attacks.


    Tuesday, July 31, 2012 6:59 AM
    Moderator
  • I tried that but its throwing error "Specified key is not a valid size for this algorithm"...how can i alter the above code?
    Tuesday, July 31, 2012 8:39 AM
  • Error is coming from the setting the TripleDes.Key, right? That is because the hash you use as key exceeds the supported 192 bits. SHA256 will not work as it produces 256 bit hash and neither 384 or 512 will work in a way you are using it in your current code.

    You should create the key some other way and use hash other than MD5. One option might be use Rfc2898DeriveBytes class to create key from secret password and salt bytes. You can look examples in Rfc2898DeriveBytes documentation.


    Tuesday, July 31, 2012 9:33 AM
  • You need to use Rijndael or AES crypto providers to use 256 bit key for the encryption/decryption.
    Tuesday, July 31, 2012 8:20 PM
    Moderator