Crypto - Which algorithm is used?

Discussion in 'Questions (Windows Mobile)' started by Nycran, Nov 10, 2007.

  1. Nycran

    Nycran Member Licensed User

    Hi All, just wondering if anyone knows which encryption algorithm is used in the Crypto library?

    I need to know:

    The cipher, the number of bits used (64/128/256?), the padding method used (EBC, CBC, etc).

    I'm encrypting data to send to php on a web server, and I can't decrypt the data unless i know these things.

    Thank for your help!
    Andy.
     
  2. agraham

    agraham Expert Licensed User

    According to the help file for Crypto it is only 40 bits, I suspect RC2, which is not terribly secure - though that may not matter for your app. This may have been chosen because it is quite a fast algortithm - about twice as fast as single DES I believe - and as B4PPC is really targeted at devices this is of value.

    If you are prepared to write your own library, which earlier posts imply you are, AND you are prepared to use Compact Framework 2.0 on the device or restrict yourself to the desktop then I would knock up a library to access the .NET System.Security.Cryptography services as this will give you choice of several symmetric and non-symmetric algorithms of much much greater security. I would use TripleDES for symmetric and RSA for public key asymmetric.

    Out of interest - did you resolve the resolution issue and if so what was the problem?
     
  3. Erel

    Erel Administrator Staff Member Licensed User

  4. Nycran

    Nycran Member Licensed User

    Thanks guys, that will be of help.

    I have decided to use V2 of the compact framework, as the SQLite library is just too nice. PHP supports SQLite V3 natively, which means i can invoke a web url, get php to build a SQLite database, and then download it to the device... very easy syncronisation.

    I need encryption because I want to encrypt the authentication / login details for each user when they request a database to be built. I may also encrypt the database itself before transit.

    I may write my own library as you've suggested, and if I do I'll release it for everyone else. The only problem is that I am using SharpDevelop, which builds "desktop" dll's fine, but not compact. Perhaps I can release the code and have someone else build the compact edition version :)

    As for the screen resolution issue, no I still haven't figured that out. For now I'm writing with the default screen size and testing just on the windows version. I can also use the emulator. The AXIM is actually honoring the screen size settings of the IDE.. strange hey.

    Anyway, thanks for your help as always. I was really impressed with just how easy it was to invoke a URL and download a file with the HTTP library - the functions were already written! Gotta love cut n paste :)

    Andy.
     
  5. Nycran

    Nycran Member Licensed User

    Hi Erel, thanks for the link. Just to confirm:

    * You're using RC2, 128 bit.
    * The secret key passed to the crypto library is hashed with the md5 algorithm, and you're then using the first 40 characters of the hash to use as the encryption key.

    Is that right?

    Also, is there a base64 encode / decode class library? I will need to encode the encryption result before passing it in my URL. My url will be something like:

    http://www.mysite.com/rmi.php?username=harry&password=base64encrypted

    Cheers,
    Andy.
     
  6. Erel

    Erel Administrator Staff Member Licensed User

    Yes, this is right.
    There is no base64 encode/decode library.
    I guess that it shouldn't be hard to create one.
     
  7. agraham

    agraham Expert Licensed User

    I use VS2005 but I am fairly sure sure that other people here (Dzt and Cableguy) are using SharpDevelop to build Compact Framework libraries. See post #11 onwards in this thread.

    http://www.basic4ppc.com/forum/showthread.php?t=35
     
  8. taximania

    taximania Well-Known Member Licensed User

    It must be a device thing.
    Doesn't matter what settings I alter in SharpDevelop. .NET, 1.1, 2.0, Net Framework etc, the compiled DLL's work on the Desktop but not my device.

    Strange, works for CableGuy :cool:
     
  9. dzt

    dzt Active Member Licensed User

    Hi,

    Actually I use both tools (VS2005 & #develop).

    VS is a better tool in general, but #develop has 2 advantages for this forum. Using it you can easily switch between various frameworks (including Mono Project) and posting the source code, someone can without the need to pay enything to use it.

    Of course you can compile for .NETCF but .NETCF 1.0 SDK does not exists out of VS (2003 & 2005)
     
  10. agraham

    agraham Expert Licensed User

    Hi dzt, can you expand on this comment please. I know that I don't know :confused: all the ins and outs of what VS can and cannot do.
     
  11. Nycran

    Nycran Member Licensed User

    I might be wrong but I think he means that whilst you can download the .Net V2 SDK from Microsoft's website (it's about 350 meg), there's no download for V1. To get the V1 SDK on your computer you need to install Visual Studio. That doesn't worry me though, as I've made the decision to use V2 of the framework anyway.

    Andy.
     
  12. Nycran

    Nycran Member Licensed User

    Thanks guys, I just installed the V2 SDK from Microsoft, and now SharpDevelop can compile a Compact Framework dll. Excellent! My first library for Basic4PPC will hopefully provide:

    * MD5 Hash
    * SHA256 Hash
    * AES 128 bit encryption
    * Base64 Encoding
    * Base64 Decoding

    If i manage to get it to work, I'll post the source and the dll.

    Cheers,
    Andy
     
    Last edited: Nov 11, 2007
  13. LineCutter

    LineCutter Active Member Licensed User

    Hash

    I'm looking forward to the library, but in the mean time I need to start a program with usernames & passwords where the table holding these will need to be exposed.
    That means using a hash (& some fairly insecure encryption) to hold the passwords. I can add them "offline" though :)

    Attached is a trivial hash function (based on XOR), wrapped in a test program.
    No docs - if you need them then I'm happy to answer questions ;)
     
Loading...