PasswordDeriveBytes

[Wouter Roosenburg]

Hi all,

I want to use TripleDES encryption in my pocket pc app. The server app is
using the full .net framework with the cryptographic namespaces. On the PPC
I am using opennetcf.

The problem is: when i generate a key using the same code at both sides,
I'll get a different crypto key.



public static byte[] GenerateKey(string challengestring, byte[] password)
{
byte[] salt = System.Text.Encoding.UTF8.GetBytes(challengestring);

PasswordDeriveBytes pGenerator = new
PasswordDeriveBytes(Encoding.UTF8.GetString
(password, 0, password.Length),salt);

byte [] cKey = pGenerator.CryptDeriveKey("TripleDES", "SHA1", 0, new
byte[8]);

return (cKey);
}


At the server side (full .NET) I can vary the keysize. If I'll enter 192
i'll get a 24 bit key, 128 bit will generate 16 bit key etc. If i'll vary
the keysize at the CF, i'll ALWAYS get a key of 8 bits NO MATTER WHAT the
keysize value is. And even if I generate a 8 bit key at both sides (with the
same basedata, e.g. challengestring and password) both keys never match.

Anyone has a clue on this?

 

[casey chesnut]

read the article (PasswordDeriveBytes section):
http://www.brains-N-brawn.com/spCrypt

in general, i had problems getting PasswordDeriveBytes to be compatible on
the desktop and device.
the guys at mono.org had similar compatiblity issues for different reasons
too.
i recommend using the P_SHA1 algorithm instead.
it is what TLS, WS-Trust, and WS-SecureConvresation uses.
you'll find the code in this download: http://www.brains-N-brawn.com/spWSE
you can just pass in an empty nonce and timestamp.

i know Microsoft is implementing this for V2.
will have to try and see if they've been able to make it compatible.

Thank you,
casey