HighTechTalks DotNet Forums  

RSACryptoServiceProvider minimum key-length

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security RSACryptoServiceProvider minimum key-length

Dotnet Security microsoft.public.dotnet.security


Discuss RSACryptoServiceProvider minimum key-length in the Dotnet Security forum.



Reply
Page 2 of 2 < 1 2
 
Thread Tools Search this Thread Display Modes
  #11  
Old   
Valery Pryamikov
 
Posts: n/a

Default Re: RSACryptoServiceProvider minimum key-length - 03-13-2007 , 11:44 AM





On Mar 13, 7:45 am, "Joe Kaplan"
<joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:
Quote:
It sounds like you are out of luck then. Like Valery said, this key is so
insecure as to be useless and is not supported by .NET cryptography. I'm
not sure what options you have. Perhaps an alternate crypto API for .NET
supports such weak keys.

I'd suggest pushing back on the spec or looking for different options.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
Thanks Joe for warm wellcomeback .

As about available options for the original poster - the best one
would be to fire the person that did the spec because this kind of
ignorance is really depressive. Person knows nothing about
cryptography, but consider him/her self capable of writting crypto/
security spec.
As I understand - all they wanted is to have a short authentication
code. I'm not even sure that they needed signature as authentication
code, but even for that - there are short signatures available that
simultaneously provide good security bounds. But if they only need
authentication code - they could simply use MAC (or HMAC).

-Valery
http://www.harper.no/valery



Reply With Quote
  #12  
Old   
wip@pdi.at
 
Posts: n/a

Default Re: RSACryptoServiceProvider minimum key-length - 03-16-2007 , 08:17 AM





hi,

FYI: we are now using a third-party .net lib (http://www.cryptosys.net/
pki/) which alllows us to use the required key length. seems to work
fine...

br, pingram.


On 13 Mrz., 16:44, "Valery Pryamikov" <val... (AT) harper (DOT) no> wrote:
Quote:
On Mar 13, 7:45 am, "Joe Kaplan"

joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:
It sounds like you are out of luck then. Like Valery said, this key is so
insecure as to be useless and is not supported by .NET cryptography. I'm
not sure what options you have. Perhaps an alternate crypto API for .NET
supports such weak keys.

I'd suggest pushing back on the spec or looking for different options.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net

Thanks Joe for warm wellcomeback .

As about available options for the original poster - the best one
would be to fire the person that did the spec because this kind of
ignorance is really depressive. Person knows nothing about
cryptography, but consider him/her self capable of writting crypto/
security spec.
As I understand - all they wanted is to have a short authentication
code. I'm not even sure that they needed signature as authentication
code, but even for that - there are short signatures available that
simultaneously provide good security bounds. But if they only need
authentication code - they could simply use MAC (or HMAC).

-Valeryhttp://www.harper.no/valery



Reply With Quote
  #13  
Old   
Dominick Baier
 
Posts: n/a

Default Re: RSACryptoServiceProvider minimum key-length - 03-16-2007 , 09:25 AM


cool - problem "solved" :P

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:
hi,

FYI: we are now using a third-party .net lib
(http://www.cryptosys.net/ pki/) which alllows us to use the required
key length. seems to work fine...

br, pingram.

On 13 Mrz., 16:44, "Valery Pryamikov" <val... (AT) harper (DOT) no> wrote:

On Mar 13, 7:45 am, "Joe Kaplan"

joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:

It sounds like you are out of luck then. Like Valery said, this key
is so insecure as to be useless and is not supported by .NET
cryptography. I'm not sure what options you have. Perhaps an
alternate crypto API for .NET supports such weak keys.

I'd suggest pushing back on the spec or looking for different
options.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"http://www.directoryprogramming.net
Thanks Joe for warm wellcomeback .

As about available options for the original poster - the best one
would be to fire the person that did the spec because this kind of
ignorance is really depressive. Person knows nothing about
cryptography, but consider him/her self capable of writting crypto/
security spec.
As I understand - all they wanted is to have a short authentication
code. I'm not even sure that they needed signature as authentication
code, but even for that - there are short signatures available that
simultaneously provide good security bounds. But if they only need
authentication code - they could simply use MAC (or HMAC).
-Valeryhttp://www.harper.no/valery



Reply With Quote
Reply
Page 2 of 2 < 1 2

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top