Re: Microsoft.VisualBasic.Strings.Asc ?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Fri, 2 Jan 2009 12:41:03 -0500, "James" <noone@xxxxxxxxxxx> wrote:

"rossum" <rossum48@xxxxxxxxxxxx> wrote in message
news:ecall4drok5mpblatt57635uj9fcdse0lq@xxxxxxxxxx
On Tue, 30 Dec 2008 15:53:07 -0500, "James" <noone@xxxxxxxxxxx> wrote:

I'm trying to put together a simple utility to do rc4 encryption based on
the rc4 algorithm
RC4 is an old algorithm and is now obsolescent. It is fine for a
learning exercise, being very easy to program, or for mild security.
You should not use it in a new application.

For a secure alternative use AES in counter (CTR) mode or one of the
eSTREAM stream cyphers from http://www.ecrypt.eu.org/stream/

The Wikipedia article (http://en.wikipedia.org/wiki/RC4) covers the
weaknesses of RC4 well.

rossum

thanks for the input and the link. This little tool I'm trying to make is
for a system that already exists and already uses RC4... otherwise I would
definitely be using something stronger. Changing the original system may
actually be an option but there are 2 issues with that: 1, the encrypting
needs to take place from a wsh/vbscript which as I understand it is not a
good language for writing cipher code, and 2, I'm not at all experienced
with writing cipher code at this point and I would have to do it... and
really, mild security is all my particular situation calls for.

thanks agian. I appreciate the input.

If you are using RC4 for backwards compatibility reasons then you need
to be very careful with the key schedule and nonce you use. If you
ever reuse the same key/nonce combination then you have lost all
security for those messages.

As the Wikipedia article implies, you should not just concatenate the
key and nonce. You should concatenate and hash, using a cryptographic
hash such as SHA-256, (C# has SHA256Managed as part of
System.Security.Cryptography), and use the SHA-256 output as the
actual key for RC4.

rossum

.

Relevant Pages

  • How Microsoft implement its crypto API?
    ... I used MD5 and RC4 algorithm ... Since RC4 is not supported in Dot net ... are different to what I got from using Win32 Crypto API. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Microsoft.VisualBasic.Strings.Asc ?
    ... the rc4 algorithm ... RC4 is an old algorithm and is now obsolescent. ... learning exercise, being very easy to program, or for mild security. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Microsoft.VisualBasic.Strings.Asc ?
    ... This little tool I'm trying to make is for a system that already exists and already uses RC4... ... "rossum" wrote in message ... the rc4 algorithm ... learning exercise, being very easy to program, or for mild security. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Regarding Salt in RC4
    ... Kamalesh wrote: ... > What is salt in RC4 algorithm? ... Technically RC4 doesn't "have" a salt. ...
    (sci.crypt)
  • Re: Limiting RC4 to "40 bit" strength
    ... to form the key-input to RC4, you absolutely must hash them ... before feeding to RC4. ... and RC4 is not secure when used with simple concatenation. ...
    (sci.crypt)