Crypto - Which algorithm is used?

Nycran

Member
Licensed User
Longtime User
Hi All, just wondering if anyone knows which encryption algorithm is used in the Crypto library?

I need to know:

The cipher, the number of bits used (64/128/256?), the padding method used (EBC, CBC, etc).

I'm encrypting data to send to php on a web server, and I can't decrypt the data unless i know these things.

Thank for your help!
Andy.
 

agraham

Expert
Licensed User
Longtime User
According to the help file for Crypto it is only 40 bits, I suspect RC2, which is not terribly secure - though that may not matter for your app. This may have been chosen because it is quite a fast algortithm - about twice as fast as single DES I believe - and as B4PPC is really targeted at devices this is of value.

If you are prepared to write your own library, which earlier posts imply you are, AND you are prepared to use Compact Framework 2.0 on the device or restrict yourself to the desktop then I would knock up a library to access the .NET System.Security.Cryptography services as this will give you choice of several symmetric and non-symmetric algorithms of much much greater security. I would use TripleDES for symmetric and RSA for public key asymmetric.

Out of interest - did you resolve the resolution issue and if so what was the problem?
 

Nycran

Member
Licensed User
Longtime User
Thanks guys, that will be of help.

I have decided to use V2 of the compact framework, as the SQLite library is just too nice. PHP supports SQLite V3 natively, which means i can invoke a web url, get php to build a SQLite database, and then download it to the device... very easy syncronisation.

I need encryption because I want to encrypt the authentication / login details for each user when they request a database to be built. I may also encrypt the database itself before transit.

I may write my own library as you've suggested, and if I do I'll release it for everyone else. The only problem is that I am using SharpDevelop, which builds "desktop" dll's fine, but not compact. Perhaps I can release the code and have someone else build the compact edition version :)

As for the screen resolution issue, no I still haven't figured that out. For now I'm writing with the default screen size and testing just on the windows version. I can also use the emulator. The AXIM is actually honoring the screen size settings of the IDE.. strange hey.

Anyway, thanks for your help as always. I was really impressed with just how easy it was to invoke a URL and download a file with the HTTP library - the functions were already written! Gotta love cut n paste :)

Andy.
 

Nycran

Member
Licensed User
Longtime User
Hi Erel, thanks for the link. Just to confirm:

* You're using RC2, 128 bit.
* The secret key passed to the crypto library is hashed with the md5 algorithm, and you're then using the first 40 characters of the hash to use as the encryption key.

Is that right?

Also, is there a base64 encode / decode class library? I will need to encode the encryption result before passing it in my URL. My url will be something like:

http://www.mysite.com/rmi.php?username=harry&password=base64encrypted

Cheers,
Andy.
 

agraham

Expert
Licensed User
Longtime User

taximania

Well-Known Member
Licensed User
Longtime User
It must be a device thing.
Doesn't matter what settings I alter in SharpDevelop. .NET, 1.1, 2.0, Net Framework etc, the compiled DLL's work on the Desktop but not my device.

Strange, works for CableGuy :cool:
 

dzt

Active Member
Licensed User
Hi,

Actually I use both tools (VS2005 & #develop).

VS is a better tool in general, but #develop has 2 advantages for this forum. Using it you can easily switch between various frameworks (including Mono Project) and posting the source code, someone can without the need to pay enything to use it.

Of course you can compile for .NETCF but .NETCF 1.0 SDK does not exists out of VS (2003 & 2005)
 

Nycran

Member
Licensed User
Longtime User
I might be wrong but I think he means that whilst you can download the .Net V2 SDK from Microsoft's website (it's about 350 meg), there's no download for V1. To get the V1 SDK on your computer you need to install Visual Studio. That doesn't worry me though, as I've made the decision to use V2 of the framework anyway.

Andy.
 

Nycran

Member
Licensed User
Longtime User
Thanks guys, I just installed the V2 SDK from Microsoft, and now SharpDevelop can compile a Compact Framework dll. Excellent! My first library for Basic4PPC will hopefully provide:

* MD5 Hash
* SHA256 Hash
* AES 128 bit encryption
* Base64 Encoding
* Base64 Decoding

If i manage to get it to work, I'll post the source and the dll.

Cheers,
Andy
 
Last edited:

LineCutter

Active Member
Licensed User
Longtime User
Hash

I'm looking forward to the library, but in the mean time I need to start a program with usernames & passwords where the table holding these will need to be exposed.
That means using a hash (& some fairly insecure encryption) to hold the passwords. I can add them "offline" though :)

Attached is a trivial hash function (based on XOR), wrapped in a test program.
No docs - if you need them then I'm happy to answer questions ;)
 
Top