Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=80016 --- shadow/80016 2006-11-23 06:17:03.000000000 -0500 +++ shadow/80016.tmp.29857 2006-11-23 09:21:48.000000000 -0500 @@ -1,23 +1,23 @@ Bug#: 80016 Product: Mono: Class Libraries Version: 1.2 OS: All OS Details: -Status: NEW -Resolution: -Severity: +Status: RESOLVED +Resolution: DUPLICATE +Severity: Unknown Priority: Normal Component: System.Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] QAContact: [EMAIL PROTECTED] TargetMilestone: --- URL: Cc: -Summary: Different encrypted string with Rijndael Algorithm. +Summary: PasswordDeriveBytes results differ from Microsoft when used in non-PKCS5 compliant mode Description of Problem: I've a problem encrypting a string with the Rijndael algorithm. The encryption method returns me different encrypted string executing it over mono and over Microsoft framework. I've tested the TripleDES @@ -60,6 +60,37 @@ Additional Information: ------- Additional Comments From [EMAIL PROTECTED] 2006-11-23 06:17 ------- Created an attachment (id=18137) A Visual Studio solution with the case of use the encryption algorithms + +------- Additional Comments From [EMAIL PROTECTED] 2006-11-23 09:21 ------- +This is the same problem as bug #79499 (and #69036) and has nothing to +do with the algorithm themselves (i.e. remove the use of +PasswordDeriveBytes or use the 2.0 Rfc2898DeriveBytes and you won't +have the problem). + +Note that (most of) the same conclusions apply here. You cannot, +either securely or for interop, ask more than 160 bits (20 bytes) of +data out of PasswordDeriveBytes (it's PKCS#5 v1.5) as, by default, the +algorithm is based on SHA-1. + +The MS "extension" (it's not allowed in the PKCS#5 standard) to allow +more than 20 bytes out of the derivation is (a) undocumented and (b) +doesn't add any security (which means that it limits your security, +possibly making you less secure that you expect). In this case your +crypto, either algorithms, have an effective strength of 160 bits +(actually it's even less than that because your salt is static - but +that's another issue). + +The fix suggested in #79499 would also "work" for you. That is call +GetBytes once (total length), then split the key and IV into separate +buffers. Note that this works because, in that specific case, we're +able to match MS undocumented derivation. I.e. it doesn't make it more +secure (than the first 20 bytes) and it will cause you problem to +interoperate with anything else besides MS and Mono. + +Last note: the issue is already documented in monodoc + + +*** This bug has been marked as a duplicate of 79499 *** _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
