Browse DevX
Sign up for e-mail newsletters from DevX


Keeping Secrets: A Guide to VB .NET Cryptography : Page 4

Learn how to use the .NET encryption and key-generating classes in your own VB programming to maintain secret files on your hard drive or encrypt files before sending them over the Internet.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

The following code from the sample utility illustrates how to encrypt a file:

Sub Encrypt(ByVal inName As String , ByVal outName As String )   Try Dim storage(4096) As Byte 'create buffer Dim totalBytesWritten As Long = 8 'Keeps track
of bytes written.   Dim packageSize As Integer 'Specifies the number
of bytes written at one time.   'Declare the file streams. Dim fin As New FileStream(inName, FileMode.Open, FileAccess.Read) Dim fout As New FileStream(outName, FileMode.OpenOrCreate, _ FileAccess.Write) fout.SetLength(0)   Dim totalFileLength As Long = fin.Length 'Specifies the size
of the source file.   'create the Crypto object Dim des As New DESCryptoServiceProvider()   Dim crStream As New CryptoStream(fout, _ des.CreateEncryptor(TheKey, Vector), _ CryptoStreamMode.Write)     'flow the streams While totalBytesWritten < totalFileLength packageSize = fin.Read(storage, 0, 4096) crStream.Write(storage, 0, packageSize) totalBytesWritten = Convert.ToInt32(totalBytesWritten +
packageSize / des.BlockSize * des.BlockSize)

End While   crStream.Close()     Catch e As Exception MsgBox(e.Message) End Try   End Sub

Note the three streams created: file in (fin , the plaintext original data), file out (fout , the encrypted result), and crStream (a cryptostream that feeds the results of the DES encryption to the output file fout ). The virtue of the cryptostream is that you don't need to store its results in some intermediate file or buffer. The streamed output can simply be fed to the input of some other object.

The only fundamental difference between this encryption procedure and the decryption procedure is that when you decrypt, you use a different method (CreateDecryptor ) of the DESCryptoServiceProvider object. Otherwise the process (the arguments, the streams, and so on) is identical going in either the encryption or decryption direction.

Prevent Repetition Searches and Brute Force Attacks
Hackers or cryptanalyst employ two common methods to attack encrypted files. One is looking for repetition in your ciphertext and the other is a brute force search for your key. Let's first consider how the initialization vector prevents repetitions, and then explore why a stronger algorithm may be your best bet for defending against brute force searches.

Cryptanalysts search for patterns—particularly repeating patterns—as they try to break a cipher. Unfortunately, people commonly start their communications in repetitive ways (Dear Sir, From the Desk of, and so on). If you begin multiple messages with the same phrase and you use the same key with each one, the start of the ciphertext will be identical for each message. If each encrypted message from Antonio Banderas begins with the greeting @4^F (2$@Fx, a spy would be rather dull not to test and see if the first words were Dear Melanie. An important procedure when deciphering secret messages is guessing some of the words that likely will be used in the message. Don't give a cryptanalyst this advantage. In the example code, the initialization vector's bits are padded at the beginning of your message, which solves the repetition problem. Only the beginning of a message is vulnerable in this way.

Because computers are far faster and more accurate than humans, they are particularly adept at repetitive tasks like trying every possible key combination to crack your key. What's more, the DES encryption algorithm is, itself, not secret. The method it uses to encrypt data was made public back in the 1970s. And, of course, an intruder who wants to automate his or her search for your key can easily employ the .NET DESCryptoServiceProvider class.

How long would it take your computer to test every possible combination of the 128 bits in the key/vector combination? Experts disagree on a length of time. Some claim it would take months, while others say that a six-figure computer with specialized hardware could test billions of keys per second and crack a DES ciphertext in hours. If you have enemies willing to spend months or hundreds of thousands worth of cash to find out your secrets, I suggest you switch to TripleDES or some other algorithm. TripleDES, as you might guess, asks for a password three times as long as the eight-character DES password. The resulting key is therefore 192 bits, rather than the 64-bit DES key. Remember, all other things being equal, the longer the key, the stronger the encryption.

To further confound intruders, the TripleDES process divides the 192 bits into three separate 64-bit keys, which it uses to encrypt the data with the first key, decrypt it using the second key, and finally encrypt it again with the third key.

Don't Stop with Cryptography
Now that you've seen how .NET DES cryptography works, you could further experiment with other .NET security features, including the extremely interesting public key techniques. Although they execute slowly, they probably can offer even greater security than TripleDES. I personally don't have secrets important enough to resort to more than simple DES, but your encryption needs may be different.

Richard Mansfield has written 32 computer books since 1982, including bestsellers Machine Language for Beginners (COMPUTE! Books), The Second Book of Machine Language (COMPUTE! Books), The Visual Guide to Visual Basic (Ventana), and The Visual Basic Power Toolkit (Ventana, with Evangelos Petroutsos). From 1981 through 1987, he was editor of COMPUTE! Magazine and from 1987 to 1991 he was editorial director and partner at Signal Research. He can be reached at earth@triad.rr.com.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date