Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Encyption of data

Options
  • 21-03-2005 10:41am
    #1
    damnyanks
    Registered Users Posts: 4,276 ✭✭✭


    Hey,

    Not sure if this is the right place to ask or not :)

    I am going to start my project which will be a program that will run off a mobile device (Laptop, PDA, Smart phone). The idea is sensitive data will be sent from device to device through a wireless lan.

    I am going to want to encrypt the data however I am unsure if the .Net encyrption API is any use. Would I be better looking at some other form of encyption, can anyone reccomend something to me?

    thanks


Comments

  • Options
    #2
    bringitdown
    Registered Users Posts: 2,002 ✭✭✭bringitdown


    http://www.openssl.org/ - Ideal, open toolkit for encryption + encrypted data transmission.

    However, Java Security API's (+Java Cryptography Extension) http://java.sun.com/security/ - are probably a bit more useful as you will need to support a variety of platforms, they are easier to pick up also.

    Would implementing encryption in the WLAN not deprecate the need for it tho? WPA is quite secure. WEP less so.


  • Options
    #3
    ressem
    Registered Users Posts: 2,426 ✭✭✭ressem


    Depends on the sort of data you want to send, (passwords, files, streamed video? )
    whether authentication, key distribution and timeouts are an issue (wpa + radius).

    "
    System.Security.Cryptography namespace of Common Language runtime provides classes for

    1. Symmetric Key Encryption
    2. Asymmetric Key Encryption
    3. Hashing
    4. Digital Certificates
    5. XML Signatures
    "
    You're looking at Symmetric Key Encryption?

    The .Net version appears to be as good as any other.

    It's lacking AES, the 3-DES replacement standard.

    I guess that there are no existing systems that you need to communicate with.


  • Options
    #4
    rsynnott
    Registered Users Posts: 4,003 ✭✭✭rsynnott


    You should consider avoiding .NET cryptography, as it's still mostly Windows-bound, and is affected by US export restrictions in many countries; most other APIs are multiplatform


  • Options
    #5
    damnyanks
    Registered Users Posts: 4,276 ✭✭✭damnyanks


    How do you mean its affected by US export restrictions?

    The project requires its written with the .Net framework so anything else isn't possible :)

    thanks for the tips will read up on it :)


  • Options
    #6
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    The US have laws regarding the sale of products created by American companies in some countries, and that includes information, data or techniques. There were also restrictions on the bit-level of encryption keys used, and these still apply in some countries.

    Your name is entirely approporiate under the circumstances :D


  • Advertisement
  • Options
    #7
    rsynnott
    Registered Users Posts: 4,003 ✭✭✭rsynnott


    doodle_sketch wrote:
    The US have laws regarding the sale of products created by American companies in some countries, and that includes information, data or techniques. There were also restrictions on the bit-level of encryption keys used, and these still apply in some countries.

    Your name is entirely approporiate under the circumstances :D

    AES-256 is still verboten here, isn't it? Don't THINK IE does it.


  • Options
    #8
    Rew
    Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    bringitdown wrote:
    Would implementing encryption in the WLAN not deprecate the need for it tho? WPA is quite secure. WEP less so.

    No not at all, WPA might make the WLAN secure but its still possible for others on the network to sniff the traffic (assuming the privacy seperater isn't on). The data is alos vunerable when it hits the wire and is going towards the server. So there are loads of good resaons to encrypt it.

    I did some SSL client/server stuff in Java its handy enough once you get the hang of it. Id recomed using a SSL web server to accept the data from the device, SSL URL calls should be supported on all devices in most languages. If your coding for MS PDA/Smartphone .Net is easier then Java, and if its for Series 40/60/XX then J2ME is the best option. If you use SSL+Web server then the clients can be written in any language really. Iv done stuff for all of em in the past there are loads of pit falls when devloping apps for resource constrained devices.


  • Options
    #9
    ressem
    Registered Users Posts: 2,426 ✭✭✭ressem


    How about

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/bdadotnetarch15.asp

    http://aspalliance.com/articleViewer.aspx?aId=536&pId=-1

    And beginner level
    http://www.microsoft.com/technet/community/events/isframe.mspx

    Gives an idea of what each is used for and relative performance.
    And I was wrong about the AES, they've got Rijndael. There are commercial versions, but you shouldn't need them.

    The US export restrictions were loosened in 2000. Given that the net stuff is just a layer over the windows API makes it hard to tell what responsibilities you have not to redistribute to "the axis of evil", so you'll need a lawyer.


Advertisement