I am asking this question to confirm whether the RijndaelManaged class in C# is equivalent to AES encryption. From what I have been reading, RijndaelManaged was the algorithm of choice to implement AES encyrption. Can someone confirm this please?
Is RijndaelManaged algorithm safe to be used for a web project? Thanks :)
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm. It replaced the older and weaker Data Encryption Standard (DES) when it was selected as the standard symmetric key encryption algorithm by the National Institute of Standards and Technology (NIST).
The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection.
CryptoStream(Stream, ICryptoTransform, CryptoStreamMode) Initializes a new instance of the CryptoStream class with a target data stream, the transformation to use, and the mode of the stream. CryptoStream(Stream, ICryptoTransform, CryptoStreamMode, Boolean) Initializes a new instance of the CryptoStream class.
The AES algorithm was selected in a competition held by NIST between 1997 and 2000. The winner was an algorithm called Rijndael.
NIST specified that the AES algorithm was to have a 128-bit block size. As Rijndael supports block sizes of 128, 160, 192, 224, and 256 bits, the final AES specification differs from the original Rijndael specification in that regard. In other words, "AES" and "Rijndael" are the same algorithm, except "AES" is restricted to a block size of 128 bits.
Block size has nothing to do with key size though. The algorithm in question supports 128, 192, and 256-bit keys. Longer keys are not necessarily "stronger", because AES has certain theoretical weaknesses. Either way, 128-bit keys are plenty long enough for the foreseeable future.
As EkoostikMartin said, AES is unbreakable to date. But cryptography is hard, and even professionals don't get it right every time. Using raw cryptographic primitives without knowing exactly what you're doing will likely result in something bad. To put it another way, the cipher is very rarely the weakest link in the "security chain".
If you want to use AES, just use the AesManaged
class - http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged%28v=vs.100%29.aspx
The RijndaelManaged
class you referenced does not exactly fit into the AES specs, mostly since it gives options as far as block sizes. AesManaged
uses the 128-bit block size as specified.
As far as being "safe" for a web project, well its a very strong encryption method (it's never been broken as far as I know), but like anything it must be used correctly.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With