Using AES256 as "decryption" in MachineKey for SqlMembershipProvider - encryption

I'm creating custom registration forms for Forms Based Authentication for a SharePoint 2010 site, and storing passwords as 'Encrypted' in the aspnet_Membership database table.
My setting in web.config shows that the 'decryption' parameter is "AES". My boss is asking that I look to use AES256, as it's more secure, but I'm having trouble working out how to do this. I've been Googling and "stackoverflow-ing", but so far I've not been able to find that one post that either explains what I need to do, or where to look for good information.
My questions, I think, are:
is "AES256" a valid value for the "decryption" parameter of ?
if not, is simply generating a longer "decryptionkey" all that's required to make AES stonger? i.e. if I make my decryption key 64 characters long, would that constitute AES256?
if I'm totally off base with my current thinking, can anyone put me on track, or explain (or link to an explanation of) how to update my web.config to use AES256 rather than the default AES?
Just in case anyone wants to say "You should use Hashed".. been there, discussed that, decision made to use Encrypted. Just thought I'd get that out of the way :)

No, you can only use "AES" as the decryption parameter for the AES algorithm.
Yes, if you generate one that is 256 bits (64 bytes) long, you effectively have AES256. In reality, you could generate one that is 512 bits long, too. The longer this value is, the stronger the encryption.
No need. You seem to be understanding it.
Now, in .NET 4.0, they've enhanced this a bit, allowing SHA256 to be used for validation as well. See MSDN's documentation (archive.org snapshot) for details.

Related

Hard coded encryption without need for a key

sorry if there is an answer to this somewhere, but I could not find a clear explanation.
If I need to encrypt a sensitive field before storing it in my db, can the following approach possibly work?
I write a hard-coded encryption-cipher algorithm (in my php file) without any random behavior, like shuffling a deck of cards in a certain sequence, but only I know the exact sequence. I then also write the exact opposite algorithm to de-crypt the ciphered field, thus (hopefully) eliminating the need for a decryption key.
My understanding is that only the resulting string will be exposed to http(s) traffic and even if the result is posted back it is over https.
Can this approach work?

Best way to authenticate users?

I realize this question maybe subjective, but I'm fairly new at this and while there is A LOT on this subject. I’ve yet to be able to form a good opinion on this and I'm thinking that maybe due in part that because I'm new I can only think in terms of my project, which isn’t anything out of the ordinary.
So I’m asking in my environment what is the best option for authentication? What method is best sessions? cookies? Something else? Also how do you save passwords in a table safely? I researched data types, but that seem to yield any help. Is there something special that you have to do the table and/or column? Eventually I would love to add other authentication methods to my site {ie Facebook, Google, OpenID}, but I think I need to understand this first.
My environment is ASP.NET with the code behind in VB. I am using MSSQL 2005 (But have access to 2008 if need be).
Thanks
Josh
I'm not familiar with ASP, so I can't answer you on how best to communicate and keep the credentials throughout the session. It sounds like using the built-in membership system, as others have suggested, is the safest approach. I totally sympathize, however, with your desire to do things yourself and understand how they are working under-the-hood. If you do want to tackle doing this yourself, I can speak to the database side of things.
If at all possible, don't ever store the actual password anywhere. You should only be storing an irreversibly-encrypted value generated from the password (using a hash-encryption algorithm such as SHA512Managed). To authenticate the user, rather than decrypting the stored password and comparing the two plain-text passwords, you want to encrypt the entered password and then compare the two encrypted values. If you store the actual password, even if it's encrypted with a reversible-encryption algorithm, it is a big security risk.
Also, if you are using an encryption algorithm that allows you to specify a seed value, you should use an algorithm to generate the seed value based on the original password. You don't want to use the same encryption-seed value for every password.
Also, most encryption methods are designed to be fast so that they can be used for communication streams. However, if they are fast, that means someone can brute-force crack them more quickly. Therefore, the best method for making your encryption safer is to make them as slow as is reasonably possible. Often this is accomplished by re-encrypting the encrypted value over and over again in a loop for a fixed number of times.

Improving cipher's properties sanity check

I am reading about cryptography I was thinking about these properties of AES (that I use):
same message = same ouput
no message length secrecy
possible insecurity if you know the messages (does this actually apply to AES?)
I hear that AES is secure, but what if I want to theoritcaly improve these properties?
I was thinking I could do this:
apply encryption algorithm A
XOR with random data D (making sure the output looks random in case of any cipher)
generate random data that are longer than the original message
use hashing function F to allocate slots in random data (this scrambles the order bytes)
Inputs: Encryption algorith A, Data to XOR with D and a hashing function F
My questions are
does the proposed solution theoreticaly help with my concerns?
is this approach used somewhere?
Possible enhancements to this approach
I could also say that the next position chosen by hashing function will be altered using a checksum of the last decoded byte after the XOR step (that way the message has to be decoded from beginning to end)
If I was to use this to have conversation with someone, the data to XOR with could be the last message from the other person, but thats probably a vulnerability.
I am looking forward to your thoughts!
(This is only theoretical, I am not in need of more secure encryption, just trying to learn from you guys.)
Yeah.
Look. If you want to learn about cryptography, I suggest you read Applied Cryptography. Really, just do it. You will get some nice definitive learnings, and get an understanding of what is appropriate and what is not. It specifically talks about implementation, which is what you are after.
Some rules of thumb:
Don't make up your own scheme. This is almost universally true. There may be exceptions, but it's fair to say that you should only invent your own scheme if you've thoroughly reviewed all existing schemes and have specific quantifiable reasons for them not being good enough.
Model your attacker. Find out what scenarios you are intending to protect against, and structure your system so that it works to mitigate the potential attacks.
Complexity is your enemy. Don't make your system more complex then it needs to be.
Stay up to date. You can find a few mailing lists related to cryptography and (and hashing) join them. From there you will learn interesting implementation details, and be aware of the latest attacks.
As for specifically addressing your question, well, it's confusing. I don't understand your goal, nor do I understand steps 3 and 4. You might like to take a quick look here to gain an understanding of the different ways you can use a given encryption algorithm.
Hope this helps.
You assumptions are incorrect.
same message != same output
The output will not be the same if you encrypt the same message twice.
This is because you are suppsed to use different IVs'.
Message length can be hidden by adding random data to the plaintext.
Attacks have been demonstrated against AES with lesser number of rounds.
Full-round AES has not been compromised in any way.
Other than that I suggest you follow Noon Silks recommendation and read Applied Cryptography.
What's the point of the random data XOR? If it's truly random, how will you ever decrypt it? If you're saying the random data is part of the key, you might as well drop AES and use only the truly random key - as long as it's the same length (or longer than) the data and is never used more than once to encrypt. It's called a one-time pad, the only theoretically unbreakable encryption algorithm I know about.
If the random bits are pseudo-randomly generated, it's highly unlikely that your efforts will yield added security. Consider how many talented mathematicians were involved in designing AES...
EDIT: And I too highly recommend Applied Cryptography, it's an actually very readable and interesting book, not as dry as it may sound.

How to prevent user from decrypting data file while the program is capable to read the data file freely?

I want to ask for a mature model to do this.
Suppose I want to deliver a program and a sensitive data file to user. The program is able to read any data stored in the data file, but user is not allowd to easly break the data file. The data file will be encrypted by standard algorithm such as AES. Now, the problem turns to how to manage the key. Putting the key in the program seems to be a bad idea, but what else I can do? Apparently I can't give the key to user directly.
There is no way to do this securely, ie. to really prevent the user from reading the data. As long as they have the data and they have the program that can read it a competent disassembler will be able to figure out how the program reads it and do the same thing. Or, even easier, they could let the program do it and then get the decrypted version out of its memory.
Having said that, if you just want to prevent the average user from doing it, hardcoding the key in your source code should be fine. :) Just be realistic about the level of protection this provides.
Does it have to be pure software? If not, you could look at a solution which does decryption and storage of the key on a hardware device, e.g. a USB dongle.
You can also potentially prevent the whole problem by having your software retireve the data from a web-service instead of a data file. In this case you can control access to the data much more tightly (i.e. who gets how much of what and when). This might or might not work for your application.
Otherwise as others pointed out, there is no known good pure software solution.
There is no 100% safe solution to this because at some point you have to have the key loaded into memory so that de/encryption can take place and a savvy-enough hacker will be able to capture it. The best you can do is to make it very difficult to capture and to mitigate exposure to data (by limiting access as much as possible) if the key is compromised.
As far as how to make it safer... you could have a combined key that is made up of something stored in the program and something derived from the user's passcode?
Is your perceived user determined? are they skilled enough to do reverse the application or the key? If the user is considered to just be a generic desktop user you probably could implement a partial key using some general encryption just to make the key non obvious, beyond that a determined individual will be able to reverse must simple means of encrypting keys and data.
A DVD John conundrum, eh? Why is having a key in the program bad? You could have a super-obscured function which computes it reliably once. Someone with disassembler and debugger can break your key given enough time, IMO.

How to prove inconstructable cryptographic scheme?

I realize this question might not be that programming related, and that it by many will sound like a silly question due to the intuitive logical fault of this idéa.
My question is: is it provable impossible to construct a cryptographic scheme (implementable with a turing-complete programming language) where the encrypted data can be decrypted, without exposing a decryption key to the decrypting party?
Of course, I can see the intuitive logical fault to such a scheme, but as so often with formal logic and math, a formal proof have to be constructed before assuming such a statement. Is such a proof present, or can it easely be constructed?
Thank you for advice on this one!
Edit: Thank you all for valuable input to this discussion!
YES!!! This already exists and are called zero knowledge protocols and zero knowledge proofs.
See http://en.wikipedia.org/wiki/Zero-knowledge_proof
However, you have to have a quite a good background in mathematics and crypto to understand the way it works and why it works.
One example of a zero knowledge protocol is Schnorr's ZK protocol
No; but I'm not sure you're asking what you want to be asking.
Obviously any person who is decrypting something (i.e. using a decryption key) must, obviously, have the key, otherwise they aren't decrypting it.
Are you asking about RSA, which has different keys for decrypting and encrypting? Or are you asking about a system where you may get a different (valid) result, based on the key you use?
If by "decrypted" you just mean arrive at the clear text in some way, then it is certainly possible to create such a cryptographic scheme. In fact it already exists:
Take an asymmetric encryption scheme, eg: RSA where you have the public key but not the private key. Now we get a message that's been encrypted with the public key (and therefore needs the private key to decrypt it). We can get the original message by "brute force" (yes, this'll take an enormously long time given a reasonable key/block size) going through all possible candidates and encrypting them ourselves until we get the same encrypted text. Once we get the same encrypted text we know what the decrypted text would be without ever having discovered the private key.
Yes.
Proof: Encryption can be considered as a black box, so you get an input and an output and you have no idea how the black box transforms the input to get the output.
To reverse engineer the black box, you "simply" need to enumerate all possible Turing machines until one of them does produce the same result as the one you seek.
The same applies when you want to reverse the encryption.
Granted, this will take much more time than the universe will probably live, but it's not impossible that the algorithm will find a match before time runs out.
In practice, the question is how to efficiently find the key that will decode the output. This is a much smaller problem (since you already know the algorithm).
It's called encoding.
But everyone with the encoding algorithm can "decrypt" the message. This is the only way of keyless encryption.

Resources