[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cryptography] FOSS library recommendation for VB.NET encryption using AES
- From: "Kevin W. Wall" <kevin.w.wall AT gmail.com>
- Subject: [Cryptography] FOSS library recommendation for VB.NET encryption using AES
- Date: Mon, 5 Mar 2018 19:11:06 -0500
- Arc-authentication-results: i=1; mx.google.com; dkim=neutral (body hash did not verify) firstname.lastname@example.org header.s=20161025 header.b=fGaYxuqU; spf=pass (google.com: best guess record for domain of cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com designates 2001:470:30:84:e276:63ff:fe62:3500 as permitted sender) smtp.mailfrom=cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :to:message-id:date:from:mime-version:dkim-signature:delivered-to :arc-authentication-results; bh=X3O/8PGUbWEvv5jKfuHJdFLDfyaPea81gH7fwhKaOqo=; b=lCudHOizA5xJS0XaSPgXBjLiMqxIFkV//q751PnGc6t6ApvFuHHKkbhDJbwXlO03aD DPYKsAdcy99OJg/qfGTJLTKqE9jNo33hOGE/CyZW9hAEawcfusJHgyQlhX60Vklka7fS aiZlXYvDGb1l+D2rE8Yt4vdoJshJUTJ8iUsXP/cFJJf5htF9QcNY6d46mj4UBV6GgyGs zXlEDgmFLca2CcuQmm1RT+kERWZWuAcU2p8dbt5lelyTy8IBGJKlC+khOx9L0c2hVTmh OnAx173u8PnSL6CeTAOoCIauNSVoAeIigQzddjkE7zefoOZipGmAANFVSpYBRH63JEI4 dfcw==
- Arc-seal: i=1; a=rsa-sha256; t=1520302090; cv=none; d=google.com; s=arc-20160816; b=l6+RNlTPdHgA15XGVaGSaEAszu1KfYcUi3/Afuu5OLZSMBlt8KmH+BvpyHmDXLsx2r /KZERvZWEdAUZpDAb06Wxku+7sJr9xFF1K40eFFdmoSY+x0jz4CbVo7JXBtcizuWvr1V /rCgtmdkqsxTsYpD41ZF2ZegvFBZ+7kZxv1XWyqcgaAd2v3HRnZi32L+hP+3TL9aCAPm EbGJj27Lh2u1BHfhn6uNtRp93Vm39pM2GmzphHUneh6yPBIKNhFaJkM3jGN99oe2DzoG Ze+TB1LSEdVGAlPO8o8/5nIXACHbqle6ebntx1D8nbOuYG2FYBVHbDHmHsXxtSFdGJ8N 70Fw==
- List-archive: <http://www.metzdowd.com/pipermail/cryptography/>
- Sender: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>
- To: Cryptography Mailing List <cryptography AT metzdowd.com>
Someone recently asked me about FOSS libraries that could be used by
VB.NET (sorry; they didn't know what .NET framework; assume at least
4.0), that they could use for encrypting system passwords in stored in
their web.config. Their company policy prohibits the use of PBE.
My first thought was to suggest Microsoft's DPAPI, but that's really
PBE under the hood and I don't think I've seen it mentioned since the
mid 2000s so I'm not sure it's even supported under more recent
versions of the .NET framework.
Anyway, I purposely try to avoid anything related to VB since I break
out in extreme hives whenever I see code written in it. But that also
explains my complete ignorance about any suitable solid AES encryption
open source libraries that would work with VB.NET.
Does anyone have anything I could recommend to him?
P.S.- They've already tried twice to roll their own crypto routines
from the basic AES ones in VB.NET and failed both times (I reluctantly
reviewed their code), so please try to avoid that particular
suggestion as the next review will probably cause me to go into
anaphylactic shock. Really DON'T want to look at any more VB code.
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
The cryptography mailing list
cryptography AT metzdowd.com