Sunday, August 16, 2009

Cryptographic Algorithms and .Net

From the latest MSDN magazine’s Security Briefs column (link):

Recommended Cryptographic algorithms for use in encryption/decryption and hashing of data:

Do not use Ok Best practice
Hash SHA-0 (SHA), SHA-1, MD2, MD4, MD5 SHA-2 SHA-2 (includes: SHA-256, SHA-384, SHA-512)
Symmetric Block DES, DESX, RC2, SKIPJACK 3DES (2 or 3 key) AES (>=128 bit)
Symmetric Stream SEAL, CYLINK_MEK, RC4 (<128bit) RC4 (>= 128bit) Symmetric Block is preferred
Asymmetric RSA (<2048 bit), Diffie-Hellman (<2048 bit) RSA (>=2048bit ), Diffie-Hellman (>=2048bit) RSA (>=2048bit), Diffie-Hellman (>=2048bit), ECC (>=256bit)
HMAC Key Lengths <112bit >= 112bit >= 128bit

Some other things to remember:

Cng class of algorithms are typically faster (eg: SHA512Cng as opposed to SHA512CryptoServiceProvider and SHA512Managed).

Cng class of algorithms are only available on Vista, Windows Server 2008 and Windows 7.

Managed class of algorithms are not Federal Information Processing Standards (FIPS) certified. This means that they might not be available on machines, where they have been banned for use by a machine policy. (read FIPS validated cryptographic algorithms in .NET)

(the above information is true as of this writing and can change at any time – because weaknesses in Cryptographic algorithms are found all the time).

No comments: