none
Which algorithm for encrypting file? RRS feed

  • Question

  • Hi. I want to encrypt a file with a lot of passwords. The passwords are stored in a string and should be written to a file encrypted by a password/passphrase. It should be possible to read the file and encrypt the passwords if someone has the passphrase.

    I went to System.Security.Cryptography but found a lot of possibilities here (like DES, Triple DES, DSA, RSA and so on). Since the passwords have to stay secure, I would need a strong encryption (the time for encryption is not so important).

    Which algorithm would you suggest?!

    Friday, June 29, 2007 10:17 AM

Answers

  • I would strongly suggest using the Rijndael encryption.

     

    I googled this particlular page but if you don't like this example you can probably find many more.

     

    http://www.obviex.com/samples/Encryption.aspx

    Friday, June 29, 2007 2:31 PM
  • It is usually bad practice to store any passwords using any two-way encryption algorithm. Instead, you should store a one-way hash of the passwords. That way, if the file is somehow compromised, everyone's passwords will not be visible. You could still use the file to check whether passwords are correct. For more information about this, see this website: http://www.15seconds.com/issue/000217.htm

    And it is hard to write a good encryption algorithm, although not an obfuscation algorithm.  Definitely use the process described in that article, and use a one-way hash calculation like in System.Security.Cryptography.SHA1 which is very good.
    Sunday, July 1, 2007 8:22 AM
  • Assuming you want to use symmetric encryption, RijndaelManaged provides 128 - 256 bit encryption by 32 bit increments.

    Sunday, July 1, 2007 5:29 PM

All replies

  • I would strongly suggest using the Rijndael encryption.

     

    I googled this particlular page but if you don't like this example you can probably find many more.

     

    http://www.obviex.com/samples/Encryption.aspx

    Friday, June 29, 2007 2:31 PM
  • I wud suggest to go for your own Algorithm. Its not that hard dude.
    Friday, June 29, 2007 6:28 PM
  • It is usually bad practice to store any passwords using any two-way encryption algorithm. Instead, you should store a one-way hash of the passwords. That way, if the file is somehow compromised, everyone's passwords will not be visible. You could still use the file to check whether passwords are correct. For more information about this, see this website: http://www.15seconds.com/issue/000217.htm

    And it is hard to write a good encryption algorithm, although not an obfuscation algorithm.  Definitely use the process described in that article, and use a one-way hash calculation like in System.Security.Cryptography.SHA1 which is very good.
    Sunday, July 1, 2007 8:22 AM
  • Thanks for your replys. The problem is: I need to be able to decrypt the passwords I encrypted (not only the hash-values), because they are used to logon to some 3rd-party services. To secure the passwords, the "master-password" to encrypt the file is not stored in the code, the user has to enter it every time. So unfortunalty, using hashes is not an option.

    I think writing your one algorithm is not very sercure, because you have to think about all the sideeffects and backdoors it could have which you didn't think about (like: "What happens if the user encrypts an empty string?" or "Could it be that some special exponents reveal the secret text?") . I would prefer using a well known and well tested algorithm.

    Sunday, July 1, 2007 10:24 AM
  • Assuming you want to use symmetric encryption, RijndaelManaged provides 128 - 256 bit encryption by 32 bit increments.

    Sunday, July 1, 2007 5:29 PM
  • Dude,

    Form what you say, you want to store a file which contans a list of passwords for <other> systems.

    So, essentially, the fact that it's "Passwords" you are storing is a red herring. In effect, you have a file containing data you want to secure.

    you are correct in that tyring to write your own algorithm is a bad idea. writing an encryption algorithm is easy. writing a strong encryption algorithm is hard. The problem is that you have no way of knowing which you have unless you open it up to the cyrptography community for them to test. Stick with one of the "standard" algorithms (which HAVE been tested by the comminuty...)

    Do you intend sending the file to others so they can open it? In which case, you can use an asymmetric algorithm (with public & private keys - use the recipient's public key to encrypt,  so only they can decrypt with their private key). Or will it stay on one machine? in which case you can use symmetric algorithm's (the same key is used to encrypt and de-crypt).

    Of course, if you are going to send the file to someone, you can still use the more secure symmetric methods, but you will need a secure way of giving them the key (the normal method is to exchange public keys, use private keys to encrypt and send the symmetric key, and then use the symmetric key for the data.)

    So which sould you choose? Whichever best fits your needs.

    if you go asymmetric RSA, or DH (Diffie-Hellman) could be used.

    If you go symmetric, 3des (aka TrippleDES),or AES (aka Rijndael) are both good.

    There are others, too.....

    But if you ask for a definative opinion, then you'll get as many different answers as you care to read..... On the whole, the more bits in the key the better....  

    Hope this helps

    Jeff

    Saturday, July 7, 2007 5:41 AM