C# looks to have 4 different symmetric crypto algorithms: RijndaelManaged, DESCryptoServiceProvider, RC2CryptoServiceProvider, and TripleDESCryptoServiceProvider.
I am looking for more information between them. Mainly what is the differences between each of them. MSDN isn't being much help, or I am just tired. ;) I am sure there is pro and cons between each of them, just like anything where there are multiple ways of doing something.
Thank you for any enlightenment.
Tony
I would stick with RijndaelManaged or TripleDES as those are stronger than DES.
The main weakness in DES is its shorter keylength which could allow possible brute force attacks. Doing an encryption using DES three times is a possible means of strengthening your final result, hence TripleDES. I don't know much about RC2, so I can't comment on that method.
Indeed As Stated DES is not very strong. Triple DES is strong (there haven't AFAIK been any proper attacks against it) but is is somewhat slower.
Rijndael is the same as AES (Advanced Encryption Standard - approved by NSA, very strong) but with more choice about the size of your key.
Unfortunately I also know little about RC2. Unless it is significantly faster that Rijndael I wouldn't see much reason not to go for Rijndael (and even then I'd want to look at how secure it was.)
The following is speculation... RC2 is an ancestor by a few generations of RC6, which was one of the finalists for the selection of a cipher to be named as AES. Rijndael was chosen over RC6 so one would assume that Rijndael is better by several degrees than RC2.
Unless you have a really good reason not to, just use RijndaelManaged. Rijndael is what became AES, the general replacement to DES, so it's definitely preferred over DES and TripleDES unless you need to be compatible with some old DES-based system. There's nothing particularly wrong with RC2, but it's older than AES and there's no real reason to use it.
Rijndael is the best.
DES is not very good, pretty easy to crack with enough horsepower. Triple DES is a bit better than DES (its just DES repeated 3 times).
If you're interested, look into the bouncy castle crypto library for more c# crypto goodness: http://www.bouncycastle.org/
These algorithms represent various points on the speed vs. strength trade-off curve.
(weakest/fastest) RC2 < DES < 3DES < AES/Rijndael (strongest/slowest)
I'm not familiar with the API though, is there any additional difference between the 'Managed' and 'CryptoServiceProvider' classes?
In increasing order of 'strength' they would be ranked as:
As others have already stated: stick to AES unless you have a good reason not to.
Short answer: use Rijndael.
What the various options are:
RC2 is a weak, broken cipher built in the late 80s for export, because at the time American companies were restricted from exporting 'strong' encryption. It has a key length of 40 bits, which makes brute forcing it on today's hardware trivial (it is, after all, 20 years later).
It's name stands for Rivest Cipher No. 2, after it's creator Ron Rivest (a world-renown crpytographer, the 'R' in RSA).
DES was the Data Encryption Standard, and was termed strong crpytography. With a key length of 56 bits, however, it is now within range of brute-force decryption.
3DES is running DES three times. Just running DES twice doesn't make it much stronger, actually, but the third time does. It is effectively 116 bit encrpytion (with a 196-bit key).
3DES is a very good, strong encrpytion by today's standard.
So RC2, DES and 3DES are in the cipher suite to provide compatibility with business systems that use those ciphers.
Rijndael is however the modern cipher of choice. It is the official replacement for DES, termed the Advanced Encryption Standard (AES).
It comes in a range of keysizes, but it is important to use 128-bit. Only use other key lengths (including the longest, 256-bit) for compatibility reasons.