c# - Does encapsulating one CryptoStream in several others improve security? -

-

i'm working on project windows phone 7 stores highly secure information. data protected password. if encrypt 1 cryptostream within 3 other cryptostreams (a total of 4 cryptostreams embedded in each other, each using different methods generate key, initialization vector, , salt). method secure enough, or need more cryptostreams (each 1 uses 256 bit aes encryption)?

it far more brute force or socially engineer password crack singly-encrypted stream since password have smaller bitspace key. encrypting multiple times increase time or effort required brute force password o(n) (you want complexity increase o(n^2) or more).

but if need super-secure encryption, don't roll own strategy, pick dod standard (or equivalent) , implement it.

to explain further, aes block cipher 3 different key lengths. first part of strategy determining key length want use. pick 1 @ random, or pick largest, want pick best choice situation. next actual usage of aes. since it's block cipher encode identical plaintext identical ciphertext, want use initialization vector , salt , other such techniques ensure plaintext become different ciphertext.

then there's how derive key password, may weak. if generate key each time, may have accidentally narrowed keyspace , weakened it. have take account random number generator used, may produce predictable values. if use password unlock key storage in way, data protected key store. if fetch key remotely upon successful receipt of password, you've prevented off-line attacks of data , can actively detect brute-force attacks.

finally there's aspect of password itself, far weakest point of encryption strategy. doesn't matter how many ciphers use if user picks weak password. that's why if encrypt data single 128-bit aes encryption it's more attacker attempt compromise password try break encryption.

picking set of strategies have been tested serve better coming own, unless plan spend requisite money on penetration testing , security audits.

for fun, read on how truecrypt it.


Comments

Post a Comment

Popular posts from this blog

objective c - Change font of selected text in UITextView -

-
can suggest me how change font of selected text in uitextview.i cannot use uiwebview since have edit text. have seen pages app.how possible in app. see formatting text within uilabel differently . since need editing, should @ javascript-based editors such ckeditor or tinymce . highly recommend wwdc 2011 video session 511: "rich text editing in safari on ios."
Read more

php - Accessing POST data in Facebook cavas app -

-
so i've got simple form in canvas / iframe facebook app, , i'm trying pass along values post. reading on s.o. , fb's latest docs, understand it, data send via post form can accessed on receiving end $_request object. i read on thread on s.o. in order post forms work need pass along input named "signed_request" value current signed_request (i have signed request working ok otherwise...all login , authentication stuff working fine). isnt mentioned anywhere in official fb docs. so problem comes in $_request object signed request, , bunch of other session stuff. form inputs found. the way can read them set method of form "request" isn't real form method. takes of inputs , sends them args in url. horrible. here's sample page canvas app form i'm using try debug (leaving out authentication stuff): <form enctype="application/x-www-form-urlencoded" method="post" target="_top" id="my_form" action=...
Read more

c# - Getting control value when switching a view as part of a multiview -

-
i have following code in aspx page: <asp:button id="display_button" runat="server" text="display" onclick="button1_click" /> &nbsp; <asp:button id="edit_button" runat="server" text="edit" onclick="button2_click" /> &nbsp; <asp:button id="save_button" runat="server" text="save" onclick="button3_click" visible="false" /> &nbsp; <asp:multiview id="multiview1" runat="server" activeviewindex="0"> <asp:view id="view1" runat="server"> <asp:formview id="view_program" runat="server"> <itemtemplate> <%# eval("status").tostring().trim() %> </itemtemplate> </asp:formview> </asp:view> <asp:view id="view2" runat="server"> ...
Read more