Security - 3DES and RC2

Discussion in 'ASP .Net Security' started by tshad, Jun 13, 2006.

  1. tshad

    tshad Guest

    I have been trying to create encoding/decoding functions for secure Credit
    Card information.

    I was looking at 3DES/MD5 and RC2/MD5.

    I found a simple function that seemed to work pretty well, but I am confused
    as to what is happening.

    In the routine I found it was using the TripleDESCryptoServiceProvider (and
    not the RC2CryptoServiceProvider) class. But in the CryptDeriveKey, it was
    passed RC2 and MD5 and 128 bit size (3DES uses 168). It does seem to work,
    however.

    Why is that?

    ************************************

    Public Shared Function TripleDESEncode(ByVal value As String, ByVal key
    As String) As String

    Dim des As New Security.Cryptography.TripleDESCryptoServiceProvider

    des.IV = New Byte(7) {}

    Dim pdb As New Security.Cryptography.PasswordDeriveBytes(key, New
    Byte(-1) {})

    des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})

    Dim ms As New IO.MemoryStream((value.Length * 2) - 1)

    Dim encStream As New Security.Cryptography.CryptoStream(ms,
    des.CreateEncryptor(), Security.Cryptography.CryptoStreamMode.Write)

    Dim plainBytes As Byte() = Text.Encoding.UTF8.GetBytes(value)

    encStream.Write(plainBytes, 0, plainBytes.Length)

    encStream.FlushFinalBlock()

    Dim encryptedBytes(CInt(ms.Length - 1)) As Byte

    ms.Position = 0

    ms.Read(encryptedBytes, 0, CInt(ms.Length))

    encStream.Close()

    Return Convert.ToBase64String(encryptedBytes)

    End Function
    ***********************************

    Should I use the:

    RC2CryptoServiceProvider
    and
    CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})

    and/or

    TripleDESCryptoServiceProvider
    and
    CryptDeriveKey("TripleDES", "MD5", 168, New Byte(7) {})

    I was thinking of setting up a Class that had both.

    Also, I also saw the size as 0:

    CryptDeriveKey("TripleDES", "MD5", 0, New Byte(7) {})

    Does that mean it is using the largest possible size?

    Thanks,

    Tom
    tshad, Jun 13, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wolf
    Replies:
    0
    Views:
    832
  2. Amitesh Hati

    3DES Encryption

    Amitesh Hati, May 29, 2006, in forum: Java
    Replies:
    1
    Views:
    4,864
    Jan Peter Stotz
    May 31, 2006
  3. tshad

    3DES confusion

    tshad, Jan 3, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    432
    Mark Rae
    Jan 3, 2007
  4. news.pironet-ndh.com

    Weak Key in 3DES and MAC

    news.pironet-ndh.com, Feb 25, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    181
    news.pironet-ndh.com
    Feb 25, 2004
  5. Jerry Maguire

    Microsoft .NET and perl 3DES encryption

    Jerry Maguire, Jan 21, 2004, in forum: Perl Misc
    Replies:
    3
    Views:
    364
    Sisyphus
    Jan 24, 2004
Loading...

Share This Page