views:

214

answers:

1

As documented by the MSDN here, there are several providers for many of the different hashing algorithms (e.g. MD5, SHA, RIPE). For each of the algorithms, any available implementation seems to fall into 1 of 3 categories:

  • [Algo]Cng
  • [Algo]CryptoServiceProvider
  • [Algo]Managed

Why are there multiple implementations of any of these hashing algorithms?

What are the differences between the implementations?

What are the practical differences when choosing which implementation to utilize in an application?

References:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx

+6  A: 

[Algo]Managed is a pure-IL implementation of the algorithm. [Algo]CryptoServiceProvider delegates to CAPI, which allows you to use things such as hardware crypto devices. [Algo]Cng uses Cryptography API: Next Generation (CNG) which is designed to be a replacement for CAPI but is only supported in Vista and Server 2008.

Ignacio Vazquez-Abrams
Ahh, we are so close. Thanks for the answer to questions 1 and 2. Any chance you or anyone else knows the answer to the third question (my major concern) especially when CryptoServiceProvider and Managed are both available?
Burly
That's fascinating! Great answer.
amdfan
One would tend to think that Managed code is going to be slower than Native code, especially on crypto code, and even more if you have a hardware device.
Vinko Vrsalovic
Vinko - I would tend to agree that a purely managed implementation of a crypto algo would be slower than a fully optimized native implementation or dedicated hardware device. However, what about the portability, maintainability, and availability of the different implementations?
Burly