Some general comments. The first is around the IV. In general, you want the IV to be random.By restricting it to (displayable) ASCII, you're somewhat limiting the possible values.
In general, you'd be better off by a) using the GenerateIV() method, and b) prepending the IV value to the ciphertext, so that c) you don't need to pass it as a parameter to either function.
Some general comments. The first is around the IV. In general, you want the IV to be random.By restricting it to (displayable) ASCII, you're somewhat limiting the possible values.
In general, you'd be better off by a) using the GenerateIV() method, and b) prepending the IV value to the ciphertext, so that c) you don't need to pass it as a parameter to either function. The second comment is that, in general, you need to plan for future changes to your crypto needs.It would be better to embed some versioning or parameter information alongside the ciphertext, and avoid embedding specific crypto settings in your code. If, at a later date, you decide to double the number of iterations for the password, for instance, you might still want to decrypt values that were encrypted using the older settings (or warn the user that the value is no longer accessible).
You can also push a lot of decisions into your config files. For instance, you can create a name for your crypto provider (e.g. MyAppSymmetricCrypto) that maps to RijndaelManaged today, but at a later date, could be changed to whatever is then appropriate.
And the comments about the IV also hold for the Salt. – Henk Holterman Dec 30 '10 at 10:00 Thanks allot, so how I translate your suggestion to a code? – Data-Base Jan 5 at 11:35.
In addidtion to @Damien_The_Unbeliever answer MS recommends using Rfc2898DeriveBytes instead of PasswordDeriveBytes. (and then you can drop 'HashAlgorithm' from your method parameters). You can calculate the IV from your password: var bytes = new Rfc2898DeriveBytes(password, salt, iterations); var key = bytes.
GetBytes(keySize); var iv = bytes. GetBytes(ivSize); you should check your input values for invalid values/ranges. Wrap the MemoryStream & CryptoStream classes in using statements.
I personally wouldn't recommend using the same IV for multiple messages, even if the same password is being used for both. Same IV + Same key reveals if two messages start with the same (N = block size) bytes. This may or may not be a meaningful disclosure, but for a general crypto solution should be avoided.
– Damien_The_Unbeliever Jan 1 at 15:38 Thanks allot, so how I translate your suggestion to a code? – Data-Base Jan 5 at 11:35 I mean var iv = bytes. GetBytes(ivSize); "iv" is it the "InitialVectorBytes" in my code?
And what is "ivSize" where it is in my code? – Data-Base Jan 5 at 11:42 @Damien_The_Unbeliever , Thanks allot, again not sure how I can implement your suggestion! – Data-Base Jan 5 at 11:44.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.