views:

50

answers:

2

Hi,

I'm getting my head around encryption and how encoding affects generation of the keys and initialization vectors.

I'm working with a TripleDESCryptoServiceProvider which requires 24 byte key and 8 byte initialization vector using ASCII encoding. If i decide to use a different encoding , how will this affect generation of the key and the initialization vector?

Which encoding should I be using instead UTF8/16/32?

Thank you

+2  A: 

The encryption parameters are completely unrelated to your choice of encoding. Encryption parameters are always defined in terms of bytes. Encoding is concerned with translating characters to bytes and bytes back to characters. The only place they "collide" is using passwords to generate encryption keys. You should use a class designed specifically to do this, like Rfc2898DeriveBytes.

Most of the times I see ASCII encoding used the programmer would have been better served using UTF8 encoding. UTF8 encoding encodes and decodes ASCII characters exactly the same way as ASCII encoding, but it also correctly and efficiently encodes all the rest of the Unicode. Use ASCII encoding if you need to generate an Exception when a non-ASCII character is encountered.

GregS
Is there a reason for using Rfc2898DeriveBytes? I don't plan on changing initialization vector or the key once the application is installed on the client machine.
vikp
A: 

I'm no expert, but, TripleDES is no longer considered secure enough. Microsoft's recommendation is to use AES 256 bit and above. I don't think the text encoding affects the strength of the encryption, only the length of the "plain text" key and IV.

Doobi
Thanks a lot!!!
vikp
There is nothing insecure about TripleDES. No-one is even close to being able to break it. It is, however, much slower than AES for comparable security.
Rasmus Faber
@Doobi: AES-128 is recommended by many experts, and there is nothing "above" AES-256.
GregS
Noted. Thanks for that, Crypto isn't my specialty.
Doobi