Q on encryption used in "Patterns of Parallel Programming" RRS feed

  • Question

  • On approximately page 50 of your Patterns of Parallel Programming whitepaper, I had some questions on the cryptography used.

    Can you tell me if your implementation is preferred, or if I should heed any advice here:


    RijndaelManaged class and AesCryptoServiceProvider class are two different implementations.RijndaelManaged class is a kind of implementation of Rijndael algorithm in .net framework, which was not validated under NIST (National Institute of Standards and Technology) Cryptographic Module Validation Program (CMVP).

    However, AesCryptoServiceProvider class calls the Windows Crypto API, which uses RSAENH.DLL, and has been validated by NIST in CMVP. Although Rijndael algorithm was the winner of the NIST competition to select the algorithm that would become AES, there are some differences between Rijndael and official AES. Therefore, RijndaelManaged class and AesCryptoServiceProvider class have subtle differences on implementation.

    In addition, RijndaelManaged class cannot provide an equivalent implementation with AES. There is another class implemented in .net framework, AesManaged class. This class just wrappedRijndaelManaged class with a fixed block size and iteration count to achieve the AES standard. However, it does not support the feedback size, especially, when the mode is set as CFB or OFB, theCryptographicException will be thrown.

    For more information, please refer to the following MSDN documents.

    AesManaged Class and AesManaged.Mode Property

    If you want to pick up standard AES as security algorithm in your application, we recommend using theAesCryptoServiceProvider class. If you want to mix the RijndaelManged class andAesCryptoServiceProvider class in your application, we suggest using CBC mode instead of CFB mode in your program, since the implementation of the CBC mode in both classes is the same.

    Tuesday, May 22, 2012 5:39 AM

All replies

  • Hi ChrisLaMont-

    My paper wasn't recommending a particular encryption algorithm or implementation; it was simply using one as an example of a compute-intensive operation.  I'm going to move your post to a forum where it's more likely that security experts will be able to give you a good answer.


    Wednesday, May 23, 2012 4:20 PM