how safe is it using private member as encryption key

P

Peter Hartlén

Hi!

Let's say I want to store some data encrypted (symmetric encryption so that
I can look at the original data in plain text later on) in a database (or
elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your security as a
thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5 ... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
G

Guest

Not safe at all. I can use reflection and get the value back out very, very
easily. Heck, I can just open it with Reflector and view it without writing
any code at all.
 
S

Simon Hart [MVP]

Reflector won't show you the values but ILDASM will. You need the IL code and
as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off writing an
unmanaged C++ library that does the encryption for you.
--
Simon Hart
Visual Developer - Device Application Development MVP
http://simonrhart.blogspot.com


Not safe at all. I can use reflection and get the value back out very, very
easily. Heck, I can just open it with Reflector and view it without writing
any code at all.


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com




Peter Hartlén said:
Hi!

Let's say I want to store some data encrypted (symmetric encryption so
that I can look at the original data in plain text later on) in a database
(or elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your security as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5 ... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
G

Guest

Reflector will give disassembly in IL, C#, VB, Delphi, C++ or Chrome.


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com


Simon Hart said:
Reflector won't show you the values but ILDASM will. You need the IL code
and
as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off writing
an
unmanaged C++ library that does the encryption for you.
--
Simon Hart
Visual Developer - Device Application Development MVP
http://simonrhart.blogspot.com


Not safe at all. I can use reflection and get the value back out very,
very
easily. Heck, I can just open it with Reflector and view it without
writing
any code at all.


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com




Peter Hartlén said:
Hi!

Let's say I want to store some data encrypted (symmetric encryption so
that I can look at the original data in plain text later on) in a
database
(or elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your security
as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5 ... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
S

Scott Gifford

Simon Hart said:
Reflector won't show you the values but ILDASM will. You need the IL
code and as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off
writing an unmanaged C++ library that does the encryption for you.

Which just means you'll have to use an object code disassembler to
look at the code instead of ILDASM.

The bottom line is that it is impossible to store a secret inside a
program in such a way that a user who wants to get that secret out
can't get it out. You can make it more difficult, and if the secret
you are protecting is not of much value that may be enough, but you
can't make it impossible. Even large industry coalitions that use a
lot of resources trying to do this can't get it right---look at DeCSS
for an example.

Some alternatives are asking the user for the password, storing the
password or the data on some kind of external media that the user
takes responsibility for keeping secure, or storing the database on an
encrypted medium which the user attaches to using a password. You
could also look into using smartcards, which can do the encryption for
you and have some security mechanisms of their own, but I haven't done
this myself and I don't think it's that widely done. There are also
some biometric possibilities which may be worth considering, such as
the fingerprint readers built into some PocketPC devices, but IMO
their security is still unproven.

Hope this helps,

----Scott.

[...]
Let's say I want to store some data encrypted (symmetric encryption so
that I can look at the original data in plain text later on) in a database
(or elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your security as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5 ... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
P

Peter Hartlén

Ok, thanks for all answers, that's what I thought...

But as you say, I could use the users secret to create key instead of using
a key stored within the application.

Are there any managed functions to do this? I.e pseudocode:

public byte[16] CreateByteArrayOfSize16FromString( string secret );



Scott Gifford said:
Simon Hart said:
Reflector won't show you the values but ILDASM will. You need the IL
code and as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off
writing an unmanaged C++ library that does the encryption for you.

Which just means you'll have to use an object code disassembler to
look at the code instead of ILDASM.

The bottom line is that it is impossible to store a secret inside a
program in such a way that a user who wants to get that secret out
can't get it out. You can make it more difficult, and if the secret
you are protecting is not of much value that may be enough, but you
can't make it impossible. Even large industry coalitions that use a
lot of resources trying to do this can't get it right---look at DeCSS
for an example.

Some alternatives are asking the user for the password, storing the
password or the data on some kind of external media that the user
takes responsibility for keeping secure, or storing the database on an
encrypted medium which the user attaches to using a password. You
could also look into using smartcards, which can do the encryption for
you and have some security mechanisms of their own, but I haven't done
this myself and I don't think it's that widely done. There are also
some biometric possibilities which may be worth considering, such as
the fingerprint readers built into some PocketPC devices, but IMO
their security is still unproven.

Hope this helps,

----Scott.

[...]
Let's say I want to store some data encrypted (symmetric encryption so
that I can look at the original data in plain text later on) in a
database
(or elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your
security as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5
... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
G

Guest

Encoding.ASCII.GetBytes(secret)


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com



Peter Hartlén said:
Ok, thanks for all answers, that's what I thought...

But as you say, I could use the users secret to create key instead of
using a key stored within the application.

Are there any managed functions to do this? I.e pseudocode:

public byte[16] CreateByteArrayOfSize16FromString( string secret );



Scott Gifford said:
Simon Hart said:
Reflector won't show you the values but ILDASM will. You need the IL
code and as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off
writing an unmanaged C++ library that does the encryption for you.

Which just means you'll have to use an object code disassembler to
look at the code instead of ILDASM.

The bottom line is that it is impossible to store a secret inside a
program in such a way that a user who wants to get that secret out
can't get it out. You can make it more difficult, and if the secret
you are protecting is not of much value that may be enough, but you
can't make it impossible. Even large industry coalitions that use a
lot of resources trying to do this can't get it right---look at DeCSS
for an example.

Some alternatives are asking the user for the password, storing the
password or the data on some kind of external media that the user
takes responsibility for keeping secure, or storing the database on an
encrypted medium which the user attaches to using a password. You
could also look into using smartcards, which can do the encryption for
you and have some security mechanisms of their own, but I haven't done
this myself and I don't think it's that widely done. There are also
some biometric possibilities which may be worth considering, such as
the fingerprint readers built into some PocketPC devices, but IMO
their security is still unproven.

Hope this helps,

----Scott.

[...]
Let's say I want to store some data encrypted (symmetric encryption
so
that I can look at the original data in plain text later on) in a
database
(or elsewhere). Usually you need a private key or passphrase to do
the
encryption. This passphrase is the most important part of your
security as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5
... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 
P

Peter Hartlén

Encoding.ASCII.GetBytes(secret)

Thanks.

However, in my case, the CreateDecryptor method requires a key of 128 or 256
bits (16 or 32 bytes).

What if the secret is 4 digits for example?

This would give me an byte array of length 4, which is not enough. I could
use this to exchange the bytes of a key already present in the application.
This would give me better security than using a key that can be extracted
using ILDASM, but I realize it's not as good as you'd wanted it to be, as
you'd know part of the key (except for those bytes exchanged byt the
secret). The only way this could be achieved is for the user to use a 16
character long secret, which obviously isn't very practical.

Any thoughts on this?

Regards,

Peter
 
S

Scott Gifford

Peter Hartlén said:
Thanks.

However, in my case, the CreateDecryptor method requires a key of 128 or 256
bits (16 or 32 bytes).

What if the secret is 4 digits for example?

The protection you get from encryption is limited by the size of the
secret, since in the simplest case an attacker can attempt to
brute-force your encryption by trying all possible combinations. If
you have 4 numeric digits as your passphrase, there are 10,000
possible combinations, which an attacker could try all of in at most a
few minutes on a modern desktop. This is a simple fact of encryption
and there's nothing you can do about it.

If that's good enough for your needs, you can use padding to increase
the secret's length enough to make the algorithm work. There are lots
of ways to generate padding, and which one you use won't really matter
as long as you do it consistently. The most straightforward option
would be to just pad it out with byte 0.

If you have extra bytes, you can probably make use of them by putting
them into a secure hash function, like SHA256; the extra bytes will
give you increased protection up to a point, since the passphrase will
not be very random. This would also work for too few bytes, but
without any extra protection.

Hope this helps,

----Scott.
 
S

Simon Hart [MVP]

So you can, but ILDASM makes is easier by including the high level code in a
comment, whereas Reflector doesn't. You have to read the IL and understand it
to know the values.
--
Simon Hart
Visual Developer - Device Application Development MVP
http://simonrhart.blogspot.com


Reflector will give disassembly in IL, C#, VB, Delphi, C++ or Chrome.


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com


Simon Hart said:
Reflector won't show you the values but ILDASM will. You need the IL code
and
as far as I am aware Reflector doesn't give you this.

But as Chris says, it's not very secure at all, you're better off writing
an
unmanaged C++ library that does the encryption for you.
--
Simon Hart
Visual Developer - Device Application Development MVP
http://simonrhart.blogspot.com


Not safe at all. I can use reflection and get the value back out very,
very
easily. Heck, I can just open it with Reflector and view it without
writing
any code at all.


--

Chris Tacke, eMVP
Join the Embedded Developer Community
http://community.opennetcf.com




Hi!

Let's say I want to store some data encrypted (symmetric encryption so
that I can look at the original data in plain text later on) in a
database
(or elsewhere). Usually you need a private key or passphrase to do the
encryption. This passphrase is the most important part of your security
as
a thief could easily decrypt your data if it is known.

How safe is it to use a key like this:

public class MyCryptoClass
{
private byte[] privateKey = new byte[16] {82, 44, 37, 1, 73, 5 ... }

private void Encrypt()
{...}

private void Decrypt()
{...}
}

What are my options?

/ Peter
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top