I am storing files in S3 and want to encrypt the data to the maximum. I am using ThreeSharp S3 library and it uses DESCryptoServiceProvider to encrypt the data. How strong is DESCryptoServiceProvider compared to other encryption available in .Net?
我在S3中存储文件,并希望将数据加密到最大。我正在使用ThreeSharp S3库,它使用DESCryptoServiceProvider来加密数据。与.Net中提供的其他加密相比,DESCryptoServiceProvider有多强?
I have also seen services like Mozy.com that use 448-bit Blowfish encryption. I have done some research and found some free libraries that offer Blowfish. But nothing that tells why Blowfish is better than what .Net provides.
我也看到像Mozy.com这样使用448位Blowfish加密的服务。我做了一些研究,发现了一些提供Blowfish的免费图书馆。但没有什么可以说明为什么Blowfish比.Net提供的更好。
I need to know what is the strongest encryption possible in .Net 3.5. I would also like any suggestions on other libraries that might not be in .Net that would offer higher encryptions.
我需要知道.Net 3.5中最强大的加密方式。我还想了解其他可能不会在.Net中提供更高加密的库的建议。
6 个解决方案
#1
DES is obsolete. Its 56 bit key basically can be brute forced by a laptop computing power in a matter of hours. The best symmetric key encryption that .Net ships with out of the box is AES 256 (http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx). A comparison of Blowfish and AES (aka. Rijndael) is beyond the scope of this discussion, but AES is the adopted NIST standard and the way to go for the foreseeable future. See http://en.wikipedia.org/wiki/Advanced_Encryption_Standard for more details.
DES已经过时了。它的56位密钥基本上可以通过笔记本电脑的计算能力在几个小时内强制执行。 .Net附带的最佳对称密钥加密是AES 256(http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx)。 Blowfish和AES(又名Rijndael)的比较超出了本讨论的范围,但AES是采用的NIST标准,也是可预见的未来发展方向。有关详细信息,请参阅http://en.wikipedia.org/wiki/Advanced_Encryption_Standard。
#2
DES is insecure. Use AES. AES is approved by the NSA for all of its top-secret operations.
DES是不安全的。使用AES。 AES被美国国家安全局批准用于其所有绝密操作。
#3
DES is nominally 64 bit but actually 56 bit encryption, due to the use of parity bits in the key. However, it is an old federal standard that despite its age has never been broken except by brute force. Generally, you would stick with the standardised encryption algorithms for interoperability, and also because having had more scrutiny than the others if they were going to be broken they probably would already have been. So for strong encryption provided by .NET, you'd be best off going for either 3DES (168 bit effectively) or AES (up to 256 bit) - the latter is implemented under its original name of Rijndael, as .NET first published this library before the AES selection process had formally ended.
由于在密钥中使用了奇偶校验位,DES名义上是64位但实际上是56位加密。然而,它是一个古老的联邦标准,尽管它的年龄从来没有被蛮力破坏。一般来说,你会坚持使用标准化的加密算法来实现互操作性,并且因为如果他们要破坏它们,他们可能已经有了更多的审查。因此,对于.NET提供的强加密,您最好选择3DES(有效168位)或AES(最高256位) - 后者是在其原始名称Rijndael下实现的,因为.NET首次发布此AES选择过程正式结束之前的库。
In encryption, you need strong enough encryption, not the strongest available. Either of these will do the trick unless you are trying to protect information from people with the same level of resources as the NSA...
在加密中,您需要足够强大的加密,而不是最强大的加密。除非你试图保护与NSA具有相同资源水平的人的信息,否则这些都可以解决问题...
#4
I'm talking a long time ago now (VB6 days) but I used to use some modules that worked with PGP from within VB, this worked excellently and given PGP's reputation I would, if I had the choice (ie the modules/new .net libraries still exist), choose it over any of the Builtin CLR encryption for security reasons.
我很久以前就在谈论(VB6天),但我过去常常使用一些与VB中的PGP配合使用的模块,这非常有效,并且如果我有选择(即模块/新的话),我会得到PGP的声誉。网库仍然存在),出于安全原因选择任何Builtin CLR加密。
Although If there are no recent .net libraries for PGP then the 256 bit AES is probably your best bet.
虽然如果PGP没有最近的.net库,那么256位AES可能是你最好的选择。
EDIT: Something probably worth noting with AES is that the NSA required that all newer encryption algorithms created contain a back door access system for them to use on encrypted data should they require access (terrorists encrypted data etc) Phil Zimmermann (the original author of PGP) point blank refused to do this. While i have no idea which encryption algoriths contain the back door (AES was introduced to .Net well after this argument took place so there is a high probability it does have a back door) it's safe to say PGP doesn't!
编辑:AES可能值得注意的是NSA要求创建的所有新加密算法都包含一个后门访问系统,供他们在需要访问时使用加密数据(*加密数据等)Phil Zimmermann(PGP的原作者) )空白拒绝这样做。虽然我不知道哪个加密算法包含后门(AES在这个论点发生后很好地引入.Net所以很可能它有后门),可以说PGP没有!
http://www.philzimmermann.com/EN/faq/faq.html
Quote from some security website
从一些安全网站引用
"Phil Zimmermann, the anti-government creator of PGP says that copies of its encryption software which were sold before Fall 2001, when he left NAI, are solid, but future versions may be tainted"
PGP的反*创建者Phil Zimmermann表示,他在2001年秋季离开NAI之前出售的加密软件的副本是可靠的,但未来的版本可能会受到污染“
So may not be spot on for the latest versions but i'm happy to use a pre 2001 version (7.0.3 is the last version that Zimmermann would vouch for) :-)
因此最新版本可能不会出现,但我很高兴使用2001年之前的版本(7.0.3是Zimmermann将保证的最后一个版本):-)
EDIT2: http://www.codeproject.com/KB/security/gnupgdotnet.aspx this looks like it may help.
EDIT2:http://www.codeproject.com/KB/security/gnupgdotnet.aspx这看起来可能有所帮助。
HTH
OneSHOT
#5
Use System.Security.Cryptography.RijndaelManaged 256-bit key. Nothing's going to break that and if there was a cryptographic revolution that could all of a sudden break that, there are probably more important targets than the data you're protecting; banks, international corporations, governments.
使用System.Security.Cryptography.RijndaelManaged 256位密钥。没有什么能打破这一点,如果有一场加密革命可能会突然破坏,那么可能会有比你保护的数据更重要的目标;银行,国际公司,*。
#6
Blowfish is an older cipher than Rijndael. Blowfish is old enough to have been studied in depth, and there have been no effective attacks on it, so it's probably secure enough.
Blowfish是一种比Rijndael更老的密码。 Blowfish已经足够老了,已经进行了深入的研究,并且没有对它进行过有效的攻击,所以它可能足够安全。
However, the guys who designed Blowfish don't recommend using it anymore. Since I'm no cyrptography guru, I'd defer to their judgment on this one. Instead, they recommend Blowfish's successor Twofish, which was one of the AES finalists.
但是,设计Blowfish的人不再推荐使用它了。既然我不是文盲大师,我会推迟他们对这个问题的判断。相反,他们推荐Blowfish的继任者Twofish,这是AES决赛入围者之一。
#1
DES is obsolete. Its 56 bit key basically can be brute forced by a laptop computing power in a matter of hours. The best symmetric key encryption that .Net ships with out of the box is AES 256 (http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx). A comparison of Blowfish and AES (aka. Rijndael) is beyond the scope of this discussion, but AES is the adopted NIST standard and the way to go for the foreseeable future. See http://en.wikipedia.org/wiki/Advanced_Encryption_Standard for more details.
DES已经过时了。它的56位密钥基本上可以通过笔记本电脑的计算能力在几个小时内强制执行。 .Net附带的最佳对称密钥加密是AES 256(http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx)。 Blowfish和AES(又名Rijndael)的比较超出了本讨论的范围,但AES是采用的NIST标准,也是可预见的未来发展方向。有关详细信息,请参阅http://en.wikipedia.org/wiki/Advanced_Encryption_Standard。
#2
DES is insecure. Use AES. AES is approved by the NSA for all of its top-secret operations.
DES是不安全的。使用AES。 AES被美国国家安全局批准用于其所有绝密操作。
#3
DES is nominally 64 bit but actually 56 bit encryption, due to the use of parity bits in the key. However, it is an old federal standard that despite its age has never been broken except by brute force. Generally, you would stick with the standardised encryption algorithms for interoperability, and also because having had more scrutiny than the others if they were going to be broken they probably would already have been. So for strong encryption provided by .NET, you'd be best off going for either 3DES (168 bit effectively) or AES (up to 256 bit) - the latter is implemented under its original name of Rijndael, as .NET first published this library before the AES selection process had formally ended.
由于在密钥中使用了奇偶校验位,DES名义上是64位但实际上是56位加密。然而,它是一个古老的联邦标准,尽管它的年龄从来没有被蛮力破坏。一般来说,你会坚持使用标准化的加密算法来实现互操作性,并且因为如果他们要破坏它们,他们可能已经有了更多的审查。因此,对于.NET提供的强加密,您最好选择3DES(有效168位)或AES(最高256位) - 后者是在其原始名称Rijndael下实现的,因为.NET首次发布此AES选择过程正式结束之前的库。
In encryption, you need strong enough encryption, not the strongest available. Either of these will do the trick unless you are trying to protect information from people with the same level of resources as the NSA...
在加密中,您需要足够强大的加密,而不是最强大的加密。除非你试图保护与NSA具有相同资源水平的人的信息,否则这些都可以解决问题...
#4
I'm talking a long time ago now (VB6 days) but I used to use some modules that worked with PGP from within VB, this worked excellently and given PGP's reputation I would, if I had the choice (ie the modules/new .net libraries still exist), choose it over any of the Builtin CLR encryption for security reasons.
我很久以前就在谈论(VB6天),但我过去常常使用一些与VB中的PGP配合使用的模块,这非常有效,并且如果我有选择(即模块/新的话),我会得到PGP的声誉。网库仍然存在),出于安全原因选择任何Builtin CLR加密。
Although If there are no recent .net libraries for PGP then the 256 bit AES is probably your best bet.
虽然如果PGP没有最近的.net库,那么256位AES可能是你最好的选择。
EDIT: Something probably worth noting with AES is that the NSA required that all newer encryption algorithms created contain a back door access system for them to use on encrypted data should they require access (terrorists encrypted data etc) Phil Zimmermann (the original author of PGP) point blank refused to do this. While i have no idea which encryption algoriths contain the back door (AES was introduced to .Net well after this argument took place so there is a high probability it does have a back door) it's safe to say PGP doesn't!
编辑:AES可能值得注意的是NSA要求创建的所有新加密算法都包含一个后门访问系统,供他们在需要访问时使用加密数据(*加密数据等)Phil Zimmermann(PGP的原作者) )空白拒绝这样做。虽然我不知道哪个加密算法包含后门(AES在这个论点发生后很好地引入.Net所以很可能它有后门),可以说PGP没有!
http://www.philzimmermann.com/EN/faq/faq.html
Quote from some security website
从一些安全网站引用
"Phil Zimmermann, the anti-government creator of PGP says that copies of its encryption software which were sold before Fall 2001, when he left NAI, are solid, but future versions may be tainted"
PGP的反*创建者Phil Zimmermann表示,他在2001年秋季离开NAI之前出售的加密软件的副本是可靠的,但未来的版本可能会受到污染“
So may not be spot on for the latest versions but i'm happy to use a pre 2001 version (7.0.3 is the last version that Zimmermann would vouch for) :-)
因此最新版本可能不会出现,但我很高兴使用2001年之前的版本(7.0.3是Zimmermann将保证的最后一个版本):-)
EDIT2: http://www.codeproject.com/KB/security/gnupgdotnet.aspx this looks like it may help.
EDIT2:http://www.codeproject.com/KB/security/gnupgdotnet.aspx这看起来可能有所帮助。
HTH
OneSHOT
#5
Use System.Security.Cryptography.RijndaelManaged 256-bit key. Nothing's going to break that and if there was a cryptographic revolution that could all of a sudden break that, there are probably more important targets than the data you're protecting; banks, international corporations, governments.
使用System.Security.Cryptography.RijndaelManaged 256位密钥。没有什么能打破这一点,如果有一场加密革命可能会突然破坏,那么可能会有比你保护的数据更重要的目标;银行,国际公司,*。
#6
Blowfish is an older cipher than Rijndael. Blowfish is old enough to have been studied in depth, and there have been no effective attacks on it, so it's probably secure enough.
Blowfish是一种比Rijndael更老的密码。 Blowfish已经足够老了,已经进行了深入的研究,并且没有对它进行过有效的攻击,所以它可能足够安全。
However, the guys who designed Blowfish don't recommend using it anymore. Since I'm no cyrptography guru, I'd defer to their judgment on this one. Instead, they recommend Blowfish's successor Twofish, which was one of the AES finalists.
但是,设计Blowfish的人不再推荐使用它了。既然我不是文盲大师,我会推迟他们对这个问题的判断。相反,他们推荐Blowfish的继任者Twofish,这是AES决赛入围者之一。