Encryption with des with random password

  • Thread starter Thread starter newbie
  • Start date Start date
N

newbie

Hello,

I face a practical problem with encryption.

I've read examples for encrypting a file with the DES algorythm. The
algorythm uses a key and a IV value. Both are 8 bytes if I'm correct, and
can be generated by the system or specified by me at design time.

How can I then do DES encryption with a password?
pwd: 8charact
can be translated into the key value (transform string to byte array)

But what about passwords longer than 8 characters? How is this best
implemented?

Thanks.
 
The following routine will create an IV and Key based on a text password.
It uses multiple passes and a keyed hash (MACTripleDES) to help prevent
dictionary attacks.
Make sure you generate the "salt" array from a random sequence (don't use
mine! anyone can see this post and take it) :-) and the salt value must be a
24-byte number. You can set the number of rounds to anything you want, but
10 should be sufficient.
You will always get an 8-byte key no matter how big the password is (that's
the beauty of hash algorithms). Also note that in this case, it will be
case-sensitive.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim key As Byte()
Dim iv As Byte()
Dim password As String = "MyP@$$w0rd"
CreateDESKey(password, key, iv)
End Sub

Private Sub CreateDESKey(ByVal password As String, ByRef key As Byte(),
ByRef iv As Byte())
Const numberOfRounds As Integer = 10
Dim salt As Byte() = {241, 103, 32, 233, 54, 141, 82, 161, 213, 130,
105, 95, 104, 112, 213, 57, 93, 93, 169, 185, 195, 157, 106, 40}
Dim i As Integer

Dim dHash As New System.Security.Cryptography.MACTripleDES(salt)

key = System.Text.Encoding.Default.GetBytes(password)

For i = 1 To numberOfRounds
key = dHash.ComputeHash(key)
Next

iv = key

For i = 1 To numberOfRounds
iv = dHash.ComputeHash(iv)
Next
End Sub

-Rob Teixeira [MVP]
 
Thanks a lot
Rob Teixeira said:
The following routine will create an IV and Key based on a text password.
It uses multiple passes and a keyed hash (MACTripleDES) to help prevent
dictionary attacks.
Make sure you generate the "salt" array from a random sequence (don't use
mine! anyone can see this post and take it) :-) and the salt value must be a
24-byte number. You can set the number of rounds to anything you want, but
10 should be sufficient.
You will always get an 8-byte key no matter how big the password is (that's
the beauty of hash algorithms). Also note that in this case, it will be
case-sensitive.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim key As Byte()
Dim iv As Byte()
Dim password As String = "MyP@$$w0rd"
CreateDESKey(password, key, iv)
End Sub

Private Sub CreateDESKey(ByVal password As String, ByRef key As Byte(),
ByRef iv As Byte())
Const numberOfRounds As Integer = 10
Dim salt As Byte() = {241, 103, 32, 233, 54, 141, 82, 161, 213, 130,
105, 95, 104, 112, 213, 57, 93, 93, 169, 185, 195, 157, 106, 40}
Dim i As Integer

Dim dHash As New System.Security.Cryptography.MACTripleDES(salt)

key = System.Text.Encoding.Default.GetBytes(password)

For i = 1 To numberOfRounds
key = dHash.ComputeHash(key)
Next

iv = key

For i = 1 To numberOfRounds
iv = dHash.ComputeHash(iv)
Next
End Sub

-Rob Teixeira [MVP]
Click to expand...
 
There is no decode. You should never be able to get a password back from a
password-derrived key. It's a one-way operation. Think of it as a safety
feature.

If you want to encrypt a password, that's a whole other story, and I posted
some code just a couple days ago on how to do that.
But even then, it's preferable to store non-decryptable passwords if
possible. If you want to check that someone typed in the correct password,
just run the password through the same algorithm, and if you get the same
result, you know they typed it in correctly. The danger with decryptable
passwords is that if someone gets the encrypted passwords, then can always
try to decrypt them.

-Rob Teixeira [MVP]
 
Stupid mistake on my part. Goes to show what happens when you're tired and
keep posting... :)

The line that says:
iv = key

should be this instead:
ReDim iv(7)
Array.Copy(key, iv, 8)

Sorry about that.
-Rob Teixeira [MVP]
 
Back
Top