[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] FOSS library recommendation for VB.NET encryption using AES

Someone recently asked me about FOSS libraries that could be used by
VB.NET (sorry; they didn't know what .NET framework; assume at least
4.0), that they could use for encrypting system passwords in stored in
their web.config. Their company policy prohibits the use of PBE.

My first thought was to suggest Microsoft's DPAPI, but that's really
PBE under the hood and I don't think I've seen it mentioned since the
mid 2000s so I'm not sure it's even supported under more recent
versions of the .NET framework.

Anyway, I purposely try to avoid anything related to VB since I break
out in extreme hives whenever I see code written in it. But that also
explains my complete ignorance about any suitable solid AES encryption
open source libraries that would work with VB.NET.

Does anyone have anything I could recommend to him?

P.S.- They've already tried twice to roll their own crypto routines
from the basic AES ones in VB.NET and failed both times (I reluctantly
reviewed their code), so please try to avoid that particular
suggestion as the next review will probably cause me to go into
anaphylactic shock. Really DON'T want to look at any more VB code.
Blog: http://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
The cryptography mailing list
cryptography AT metzdowd.com