 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / March 2007RSACryptoServiceProvider minimum key-length
hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram You are misunderstanding how RSA encryption works. RSA is only used to encrypt a symmetric session key. Your requirement for a 256 bit key probably refers to the symmetric session key. A 256 bit RSA key makes no sense, as you should be using an RSA key that is at least 1024 bits. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > hi, > [quoted text clipped - 16 lines] > > thanks for any kind of hint, pingram joe, thanks for your input. basically i agree that a 256 bit key for encryption doesn't make much sense. unfortunatlly the key length really has to be 256 bit - i'd be happy to change this specification but that's not an option (btw: in this case we use rsa for digital signature (not encryption) and chances of a collision actually are quite low). any hints welcome! br, pingram. On 9 Mrz., 16:22, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > You are misunderstanding how RSA encryption works. RSA is only used to > encrypt a symmetric session key. Your requirement for a 256 bit key [quoted text clipped - 32 lines] > > - Zitierten Text anzeigen - I don't think you understood what I said. When you are doing RSA encryption, that is generally ALWAYS combined with an additional symmetric encryption algorithm like 3DES or AES. RSA is just used for encrypting the symmetric session key. The bulk encryption of data is done with the symmetric algorithm and key. This is how protocols like SSL and SMIME email encryption work. A 256 bit session key makes perfect sense if you are using AES/Rjindael, so that's probably what the spec is suggesting. If they are really saying the RSA key needs to be 256 bit, then the spec itself doesn't understand how crypto works and needs to go back to the author. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > joe, > [quoted text clipped - 51 lines] >> >> - Zitierten Text anzeigen - joe, yes, symetric encryption will be done with 3DES; nevertheless the 256 bit RSA key length is mandatory and changing this spec is not possible! br, pingram. On Mar 9, 6:41 pm, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > I don't think you understood what I said. When you are doing RSA > encryption, that is generally ALWAYS combined with an additional symmetric [quoted text clipped - 74 lines] > > - Show quoted text - On Mar 12, 11:34 am, w...@pdi.at wrote: > joe, > [quoted text clipped - 3 lines] > > br, pingram. Do you know that it takes 20 seconds to factor 256 bit integer on a low end tablet? And when I tried that om 4-way 64 bit server box it took less than a second for that. Even One Laptop Per Child will factor it in one minute. What could be the reason to have a private key that everyone can find from your public key in less than a minute? Unless you are mistaken and you really talking about some other keys (i.e. not RSA but for ex. ECC or AES) -Valery http://www.harper.no/valery finally - valery jumps in :) I was missing you Dude! ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > On Mar 12, 11:34 am, w...@pdi.at wrote: > [quoted text clipped - 16 lines] > -Valery > http://www.harper.no/valer On Mar 12, 12:27 pm, Dominick Baier <dbaier@pleasepleasenospam_leastprivilege.com> wrote: > finally - valery jumps in :) > > I was missing you Dude! > > ----- > Dominick Baier (http://www.leastprivilege.com) Thanks Dominick! :D -Valery http://www.harper.no/valery Yes, definitely nice to see you back here again. :) Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > On Mar 12, 12:27 pm, Dominick Baier > <dbaier@pleasepleasenospam_leastprivilege.com> wrote: [quoted text clipped - 10 lines] > -Valery > http://www.harper.no/valery It sounds like you are out of luck then. Like Valery said, this key is so insecure as to be useless and is not supported by .NET cryptography. I'm not sure what options you have. Perhaps an alternate crypto API for .NET supports such weak keys. I'd suggest pushing back on the spec or looking for different options. Joe K. SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > joe, > [quoted text clipped - 95 lines] >> >> - Show quoted text - On Mar 13, 7:45 am, "Joe Kaplan" <joseph.e.kap...@removethis.accenture.com> wrote: > It sounds like you are out of luck then. Like Valery said, this key is so > insecure as to be useless and is not supported by .NET cryptography. I'm [quoted text clipped - 8 lines] > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net Thanks Joe for warm wellcomeback :D. As about available options for the original poster - the best one would be to fire the person that did the spec because this kind of ignorance is really depressive. Person knows nothing about cryptography, but consider him/her self capable of writting crypto/ security spec. As I understand - all they wanted is to have a short authentication code. I'm not even sure that they needed signature as authentication code, but even for that - there are short signatures available that simultaneously provide good security bounds. But if they only need authentication code - they could simply use MAC (or HMAC). -Valery http://www.harper.no/valery hi, FYI: we are now using a third-party .net lib (http://www.cryptosys.net/ pki/) which alllows us to use the required key length. seems to work fine... br, pingram. > On Mar 13, 7:45 am, "Joe Kaplan" > [quoted text clipped - 26 lines] > > -Valeryhttp://www.harper.no/valery cool - problem "solved" :P ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > hi, > [quoted text clipped - 35 lines] >> authentication code - they could simply use MAC (or HMAC). >> -Valeryhttp://www.harper.no/valery Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.