tags:

views:

68

answers:

3
Q: 

moderate encryption for a small amount of data

i am writing an application that will need to store less than about 1mb of data. this data will be read and edited by the user. this data will be very simple ascii data. the application is in vb.net on a windows-form. the data will be stored locally on the person's computer. i have several questions.

  1. what kind of encryption method should i use to store the data? the user wants something that is not too powerful, but not too simple either.

  2. how should i store the data? why not just write it to some file and encrypt it using some medium encryption method?

  3. is application settings data encrypted? perhaps i can store it that way? is it suitable to store about 1mb in application setting data? how would i do this? which variable would i use?

+1  A: 

You can just use any stream based writing technology, and wrap the stream in a CryptoStream. This works great for saving to a file of any form, but will work with any storage medium that is stream based.

Also - application settings are not encrypted (by default).

Reed Copsey  2009-08-11 01:02:15
is it possible to encrypt application settings? which method do u think is easier?
I__  2009-08-11 01:14:09
I'd make a custom file. You potentially could save an encrypted string in the application settings, but it's going to be more work to make sure nothing is done incorrectly. Encrypting a file is very easy (and shown in the MSDN example), so I'd do that.
Reed Copsey  2009-08-11 01:17:04
+1  A: 

Why the "not too powerful" requirement? You're either encrypting the data, or you're not. If you're encrypting the data and you're not using a strong encryption algorithm, you might as well not be encrypting at all.

Greg Hewgill  2009-08-11 01:03:02
+1  A: 

You are going to need to ask some more questions.

Questions to ask:
How secure does this need to be?
Does anyone else have access to the binaries and the data?
Who are you protecting this from?

Encryption is hard and expensive. Implementing security will most likely impose some level of pain on the end user.

You need to think about the master key: how secure is it? where is it stored? how is it backed up? does it need to be backed up?
Some of this comes back to the value of the data and whether the user cares about getting the data back if the machine dies.

You could look at TEA.
You could generate a random AES key (however long you want) and store this as not-extractable in the machine key store and use the built in CryptoStream as suggested by @Reed Copsey.

I think that it is very important to work out what sorts of attacks you need to be resistant against and how much the customer values protecting the data.

Hamish Smith  2009-08-11 01:20:40

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application