Password encryption

  • Thread starter Thread starter nickdu
  • Start date Start date
N

nickdu

If I want to support password encryption, how is that done? Ideally I would
like to make it as secure as possible without a lot of extra effort on my
part. What does that mean? Well it means if I can simply use classes that
support 256 bit encryption over classes that only support 64 bit or 128 bit
encryption then that's one easy choice.

Do I simply take the password and generate a SHA256 hash value and use that
as a key to the Rijndael provider?
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com
 
Hello Nick,

Thank you for posting here.

For password encryption, could you let me know more about your application
scenarios? Because we usually don't need to use symmetric algorithm to
encrypt and decrypt the password. Instead, we just store the hash of the
password and each time an input password need to be verified, we hash the
input and compare the result with the stored hash. To make the hash more
secure, we can add "salt" to the original password before it being hashed
and stored. To read more about the "Salt":
http://en.wikipedia.org/wiki/Salt_(cryptography).

Talking about the hash / encryption algorithms available in .NET, they
depends on the version of .NET and the version of the OS you're targeting.
If you could make this information clear to me, I can give you more
specific information. However, let me provide some general information
first.

For hashing the password, you can consider use SHA512Managed Class. This
class computes the SHA512 hash algorithm for the input data using the
managed implementation, which is supported since .NET version 1.0, and can
be used on all the desktop / server Windows systems that .NET supports. You
may also find another class called SHA512, which is an abstract class and
the base class for SHA512Managed. The online reference for SHA512Managed:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512m
anaged.aspx

In .NET 3.5, we also have some new SHA-512 implementations which are
actually wrapper around system functionalities. You may want to read a post
on the .NET Security Blog to find out more about the new classes:
http://blogs.msdn.com/shawnfa/archive/2007/01/17/new-crypto-algorithms-in-or
cas.aspx

For symmetric algorithms, besides the RijndaelManaged class, if you are
target .NET 3.5, you can also use the AesManaged class which provides a
managed implementation of the Advanced Encryption Standard (AES) symmetric
algorithm. The AES algorithm is essentially the Rijndael symmetric
algorithm with a fixed block size and iteration count. This class functions
the same way as the RijndaelManaged class but limits blocks to 128 bits and
does not allow feedback modes. Online reference for AesManaged class:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmana
ged.aspx

Please kindly let me know if you have any other concerns with more detailed
information. I will be happy to work on them with you.

Regards,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
You misunderstood me. I'm not looking to encrypt a password. I want to use
a password (or secret phrase) to encrypt a block of text.
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com


"Jie Wang [MSFT]" said:
Hello Nick,

Thank you for posting here.

For password encryption, could you let me know more about your application
scenarios? Because we usually don't need to use symmetric algorithm to
encrypt and decrypt the password. Instead, we just store the hash of the
password and each time an input password need to be verified, we hash the
input and compare the result with the stored hash. To make the hash more
secure, we can add "salt" to the original password before it being hashed
and stored. To read more about the "Salt":
http://en.wikipedia.org/wiki/Salt_(cryptography).

Talking about the hash / encryption algorithms available in .NET, they
depends on the version of .NET and the version of the OS you're targeting.
If you could make this information clear to me, I can give you more
specific information. However, let me provide some general information
first.

For hashing the password, you can consider use SHA512Managed Class. This
class computes the SHA512 hash algorithm for the input data using the
managed implementation, which is supported since .NET version 1.0, and can
be used on all the desktop / server Windows systems that .NET supports. You
may also find another class called SHA512, which is an abstract class and
the base class for SHA512Managed. The online reference for SHA512Managed:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512m
anaged.aspx

In .NET 3.5, we also have some new SHA-512 implementations which are
actually wrapper around system functionalities. You may want to read a post
on the .NET Security Blog to find out more about the new classes:
http://blogs.msdn.com/shawnfa/archive/2007/01/17/new-crypto-algorithms-in-or
cas.aspx

For symmetric algorithms, besides the RijndaelManaged class, if you are
target .NET 3.5, you can also use the AesManaged class which provides a
managed implementation of the Advanced Encryption Standard (AES) symmetric
algorithm. The AES algorithm is essentially the Rijndael symmetric
algorithm with a fixed block size and iteration count. This class functions
the same way as the RijndaelManaged class but limits blocks to 128 bits and
does not allow feedback modes. Online reference for AesManaged class:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmana
ged.aspx

Please kindly let me know if you have any other concerns with more detailed
information. I will be happy to work on them with you.

Regards,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Hi Nick,

Sorry for the misunderstanding.

In order to use a password to encrypt a block of text, you can use the way
you mentioned in your original post. And in order to prevent dictionary
attack, you may want to add salt to the password hashing to make such
attacks harder.

Since you didn't mention the version of .NET Framework you're targeting,
I'm using the RijndaelManaged class instead of AesManaged class (new in
3.5) to make a demo:

private string EncryptText(string password, string salt, string plainText)
{
int blockSize = 128; // Block size in bits.
int keySize = 256;
SHA256Managed sha = new SHA256Managed(); // key size is 256
byte[] key = sha.ComputeHash(Encoding.UTF8.GetBytes(salt + password));
byte[] iv = new byte[blockSize / 8]; // The IV size should be the
same as blockSize.
Array.Copy(sha.ComputeHash(Encoding.UTF8.GetBytes(password + salt)),
iv, iv.Length);

RijndaelManaged rijndael = null;
MemoryStream msEncrypt = null;
CryptoStream csEncrypt = null;
StreamWriter swEncrypt = null;

try
{
rijndael = new RijndaelManaged();
rijndael.BlockSize = blockSize;
rijndael.KeySize = keySize;
rijndael.Key = key;
rijndael.IV = iv;

// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijndael.CreateEncryptor();

// Create the streams used for encryption.
msEncrypt = new MemoryStream();
csEncrypt = new CryptoStream(msEncrypt, encryptor,
CryptoStreamMode.Write);
swEncrypt = new StreamWriter(csEncrypt);

//Write all data to the stream.
swEncrypt.Write(plainText);
}
finally
{
if (swEncrypt != null)
swEncrypt.Close();
if (csEncrypt != null)
csEncrypt.Close();
if (msEncrypt != null)
msEncrypt.Close();

// Clear the RijndaelManaged object.
if (rijndael != null)
rijndael.Clear();
}

// Get the encrypted bytes from the memory stream and convert to base64
text.
return Convert.ToBase64String(msEncrypt.ToArray());
}

private string DecryptText(string password, string salt, string
encryptedText)
{
int blockSize = 128; // Block size in bits.
int keySize = 256;
SHA256Managed sha = new SHA256Managed(); // key size is 256 bits
byte[] key = sha.ComputeHash(Encoding.UTF8.GetBytes(salt + password));
byte[] iv = new byte[blockSize / 8]; // The IV size should be the
same as blockSize.
Array.Copy(sha.ComputeHash(Encoding.UTF8.GetBytes(password + salt)),
iv, iv.Length);

RijndaelManaged rijndael = null;
MemoryStream msEncrypt = null;
CryptoStream csEncrypt = null;
StreamReader srDecrypt = null;

try
{
rijndael = new RijndaelManaged();
rijndael.BlockSize = blockSize;
rijndael.KeySize = keySize;
rijndael.Key = key;
rijndael.IV = iv;

// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijndael.CreateDecryptor();

// Create the streams used for decryption.
msEncrypt = new
MemoryStream(Convert.FromBase64String(encryptedText));
csEncrypt = new CryptoStream(msEncrypt, encryptor,
CryptoStreamMode.Read);
srDecrypt = new StreamReader(csEncrypt);

// Read the decrypted bytes from the decrypting stream
return srDecrypt.ReadToEnd();
}
finally
{
if (srDecrypt != null)
srDecrypt.Close();
if (csEncrypt != null)
csEncrypt.Close();
if (msEncrypt != null)
msEncrypt.Close();

// Clear the RijndaelManaged object.
if (rijndael != null)
rijndael.Clear();
}
}

Please kindly let me know if the code above helps.

Thanks,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks. Couple follow on questions.

1. I don't want the caller to have to supply a salt value. However, I would
like to make it more secure. Can I just have a static salt value in my
implementation and provide the same secureness assuming anyone trying to
decrypt the data doesn't have access to my code? So for instance:

public class Encryption
{
private byte[] _salt = new byte[] {...};

public Stream Encrypt(Stream src, string password)
{
...
}
}

2. I though the salt value was supposed to be added at the end of the phrase
before generating the hash? From the docs:

"This attack is made much more difficult by the introduction of salt, or
random bytes, at the end of the password before the key derivation."

3. I see that you set the IV to the has of the password + salt. Can I just
use the salt as the IV? My salt is 32 bytes which matches the block size I'm
using. Will using the salt as the IV make it any less secure?

--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com


"Jie Wang [MSFT]" said:
Hi Nick,

Sorry for the misunderstanding.

In order to use a password to encrypt a block of text, you can use the way
you mentioned in your original post. And in order to prevent dictionary
attack, you may want to add salt to the password hashing to make such
attacks harder.

Since you didn't mention the version of .NET Framework you're targeting,
I'm using the RijndaelManaged class instead of AesManaged class (new in
3.5) to make a demo:

private string EncryptText(string password, string salt, string plainText)
{
int blockSize = 128; // Block size in bits.
int keySize = 256;
SHA256Managed sha = new SHA256Managed(); // key size is 256
byte[] key = sha.ComputeHash(Encoding.UTF8.GetBytes(salt + password));
byte[] iv = new byte[blockSize / 8]; // The IV size should be the
same as blockSize.
Array.Copy(sha.ComputeHash(Encoding.UTF8.GetBytes(password + salt)),
iv, iv.Length);

RijndaelManaged rijndael = null;
MemoryStream msEncrypt = null;
CryptoStream csEncrypt = null;
StreamWriter swEncrypt = null;

try
{
rijndael = new RijndaelManaged();
rijndael.BlockSize = blockSize;
rijndael.KeySize = keySize;
rijndael.Key = key;
rijndael.IV = iv;

// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijndael.CreateEncryptor();

// Create the streams used for encryption.
msEncrypt = new MemoryStream();
csEncrypt = new CryptoStream(msEncrypt, encryptor,
CryptoStreamMode.Write);
swEncrypt = new StreamWriter(csEncrypt);

//Write all data to the stream.
swEncrypt.Write(plainText);
}
finally
{
if (swEncrypt != null)
swEncrypt.Close();
if (csEncrypt != null)
csEncrypt.Close();
if (msEncrypt != null)
msEncrypt.Close();

// Clear the RijndaelManaged object.
if (rijndael != null)
rijndael.Clear();
}

// Get the encrypted bytes from the memory stream and convert to base64
text.
return Convert.ToBase64String(msEncrypt.ToArray());
}

private string DecryptText(string password, string salt, string
encryptedText)
{
int blockSize = 128; // Block size in bits.
int keySize = 256;
SHA256Managed sha = new SHA256Managed(); // key size is 256 bits
byte[] key = sha.ComputeHash(Encoding.UTF8.GetBytes(salt + password));
byte[] iv = new byte[blockSize / 8]; // The IV size should be the
same as blockSize.
Array.Copy(sha.ComputeHash(Encoding.UTF8.GetBytes(password + salt)),
iv, iv.Length);

RijndaelManaged rijndael = null;
MemoryStream msEncrypt = null;
CryptoStream csEncrypt = null;
StreamReader srDecrypt = null;

try
{
rijndael = new RijndaelManaged();
rijndael.BlockSize = blockSize;
rijndael.KeySize = keySize;
rijndael.Key = key;
rijndael.IV = iv;

// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijndael.CreateDecryptor();

// Create the streams used for decryption.
msEncrypt = new
MemoryStream(Convert.FromBase64String(encryptedText));
csEncrypt = new CryptoStream(msEncrypt, encryptor,
CryptoStreamMode.Read);
srDecrypt = new StreamReader(csEncrypt);

// Read the decrypted bytes from the decrypting stream
return srDecrypt.ReadToEnd();
}
finally
{
if (srDecrypt != null)
srDecrypt.Close();
if (csEncrypt != null)
csEncrypt.Close();
if (msEncrypt != null)
msEncrypt.Close();

// Clear the RijndaelManaged object.
if (rijndael != null)
rijndael.Clear();
}
}

Please kindly let me know if the code above helps.

Thanks,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Hi Nick,
1. I don't want the caller to have to supply a salt value. However, I would
like to make it more secure. Can I just have a static salt value in my
implementation and provide the same secureness assuming anyone trying to
decrypt the data doesn't have access to my code?
Click to expand...

If the salt is a randomly generated 256 bit value then stored statically in
your code, the total number of possible keys an attacker needs to try (with
a dictionary of 200,000 English words) would be 2^256 * 200000 =
2.3158417847463239084714197001738e+82, theoretically.

I believe it will take an attacker *some time* to deal with this number of
possible keys.

But just like you said, this is based on the assumption that your code
(both source code and the compiled binary) is safe from the attackers.
2. I though the salt value was supposed to be added at the end of the phrase
before generating the hash? From the docs:
"This attack is made much more difficult by the introduction of salt, or
random bytes, at the end of the password before the key derivation."
Click to expand...

Based on the nature of the hash function, I don't think adding the salt at
the end of the password is the only way to go. The salt here is to mess up
the hash output of the original password for the attacker, making the
number of hashes to guess extend from 200,000 to 2^256, so add it in front
of the password, to the end of the password, or even do an Xor calculation
with the password will all do it.
3. I see that you set the IV to the has of the password + salt. Can I just
use the salt as the IV? My salt is 32 bytes which matches the block size I'm
using. Will using the salt as the IV make it any less secure?
Click to expand...

As long as your salt is safe from the attacker, I don't think it will be
less secure. Or you may want to use another randomly generated 256bit value
and hard coded just like the salt value as the IV. This will make another
2^256 times to guess for IV and it causes you only one more line of code.

My biggest concern is the security of the code itself, because we made
assumption that the attacker will never know get hands on it, otherwise the
hard coded salt and IV will be compromised, so the dictionary attack might
be working easily again.

Making the data secure is not easy and it is actually a chain to secure
rather than just a single spot. We did our part on algorithm, and we also
need to make the users to do their parts, like using a complex password
instead of a simple phrase.

Please kindly let me know if this addresses your concerns.

Best regards,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks Jie. I will include another randomly generated array of bytes for the
IV.

With respect to the IV and salt being hardcoded in my library and the
security around that, how would it differ if the API I exposed allowed the
user to pass the salt and IV?

If the user passed the salt and IV they would most likely have to do the
same thing as I'm doing and store a static value in either the code or a
configuration file, right?
--
Thanks,
Nick

(e-mail address removed)
remove "nospam" change community. to msn.com


"Jie Wang [MSFT]" said:
Hi Nick,
1. I don't want the caller to have to supply a salt value. However, I would
like to make it more secure. Can I just have a static salt value in my
implementation and provide the same secureness assuming anyone trying to
decrypt the data doesn't have access to my code?
Click to expand...

If the salt is a randomly generated 256 bit value then stored statically in
your code, the total number of possible keys an attacker needs to try (with
a dictionary of 200,000 English words) would be 2^256 * 200000 =
2.3158417847463239084714197001738e+82, theoretically.

I believe it will take an attacker *some time* to deal with this number of
possible keys.

But just like you said, this is based on the assumption that your code
(both source code and the compiled binary) is safe from the attackers.
2. I though the salt value was supposed to be added at the end of the phrase
before generating the hash? From the docs:
"This attack is made much more difficult by the introduction of salt, or
random bytes, at the end of the password before the key derivation."
Click to expand...

Based on the nature of the hash function, I don't think adding the salt at
the end of the password is the only way to go. The salt here is to mess up
the hash output of the original password for the attacker, making the
number of hashes to guess extend from 200,000 to 2^256, so add it in front
of the password, to the end of the password, or even do an Xor calculation
with the password will all do it.
3. I see that you set the IV to the has of the password + salt. Can I just
use the salt as the IV? My salt is 32 bytes which matches the block size I'm
using. Will using the salt as the IV make it any less secure?
Click to expand...

As long as your salt is safe from the attacker, I don't think it will be
less secure. Or you may want to use another randomly generated 256bit value
and hard coded just like the salt value as the IV. This will make another
2^256 times to guess for IV and it causes you only one more line of code.

My biggest concern is the security of the code itself, because we made
assumption that the attacker will never know get hands on it, otherwise the
hard coded salt and IV will be compromised, so the dictionary attack might
be working easily again.

Making the data secure is not easy and it is actually a chain to secure
rather than just a single spot. We did our part on algorithm, and we also
need to make the users to do their parts, like using a complex password
instead of a simple phrase.

Please kindly let me know if this addresses your concerns.

Best regards,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Hi Nick,

You're right.

I've also seen people use the ID / Creation Date or a dedicated "Salt"
field to store a per user salt in database related development. If you have
any information that is randomly created and will never be changed later,
also it will always be easily accessible by you but not the attacker, you
can use that as your salt. Otherwise, store a static value and keep it safe.

Have a nice day!

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top