2

I'm using dll for cryptography(des) which written by someone.Dll includes encrypt,decyrpt class,and that classes includes methods.Des required 8 bytes(64 bit) key.I describes a string for key.(a character is one byte).And then encoding bytes.

        string keyText= "abcdefghsdsdfsdfsdf";

        UTF8Encoding encoding = new UTF8Encoding();

        byte[] keyfile = new byte[8];
        keyfile = UTF8Encoding.UTF8.GetBytes(keyValue);

above way,even though i described size of byte array 8,size of byte array overflow,it s been length of string value.

Any suggestion. Thanks.

Improve this question
5
  • Shouldn't that be new byte[8], not 7? Commented Sep 4, 2011 at 23:02
  • 3
    DES has known vulnerabilities. Do not use it. Also, use System.Security.Cryptography. Commented Sep 4, 2011 at 23:02
  • 3
    There is no need to initialize keyfile to an empty byte array. GetBytes returns a new byte array. Commented Sep 4, 2011 at 23:03
  • @Tim its 8,i wrote wrong sorry,@SLaks i prefer to write my code,but i have to use dll. Commented Sep 4, 2011 at 23:05
  • @engcmreng - Ok. I deleted my answer (since it was wrong on more than one account) Marcelo's answer is the one you should look at. Commented Sep 4, 2011 at 23:12

3 Answers 3

Reset to default
4

To do it correctly, look at the PasswordDeriveBytes Class, and pick one of the overloaded methods.

Yes, you'll have to pick a Salt but that can be a fixed value baked into your program. A Salt does not have to be kept secret.

And to answer the technical, not security related question:

    byte[] keyfile = new byte[8];
    keyfile = UTF8Encoding.UTF8.GetBytes(keyValue)

This code creates 2 arrays. The first one is 8 bytes but it is immediately discarded. GetBytes() creates a new one with a size it determines. You need to hash that array and then you can pick the first 8 of the hash, which is what PasswordDeriveBytes does for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

+1; The right solution, though it doesn't answer the question related to why assignment works that way.
@Merlyn: that was addressed fully in a now deleted question... But you're right, I edited.
Henk i dont use System.Security.Cryptography,i use dll(maybe its wrote using System.Security.Cryptography;but idont know,and i just have two classes and one methods for each classes).I want to learn,can i convert whole string value to i described size of byte array(for example its 8)
@engcmreng: You shouldn't use that DLL. You should use System.Security.Cryptography. If there is a need to encrypt data, there is a need to do it right. Check SLaks' answer on the OP (DES is broken and not recommended).
@Merlyn yeah it's tricky but a Salt just serves to foil statiscal attacks but it's not a key and it is not a secret. Using the same one is more of a problem (think 2 users with 123 as password) but I wouldn't worry about it in most cases.
|
1

There is no point in initializing keyfile to an empty byte array. GetBytes returns a new byte array that replaces the initial one, and it will be as large as necessary to encode the entire input.

To get just eight bytes of the encoding, why don't you just supply the first eight characters? They are all ASCII, so they'll occupy one byte each:

 byte[] keyfile = UTF8Encoding.UTF8.GetBytes(keyValue.Substring(0, 8));

More to the point, if you are using keyText as a password to synthesise a encryption key, this is a really bad idea. You are simply discarding any password characters after the first eight. Instead, use some form of cryptographic hash to convert passwords into keys. I just noticed Henk Holterman's answer points to an appropriate API.

Improve this answer

2 Comments

Using only the first 8 chars make a very unsecure key. And think of the the poor user memorizing a long pass-phrase. Also see xkcd.com/936
thanks marcelo,yeah its ok ur solution,but i want to convert whole string value to byte array size of 8.its possible?
0

You have created an array with 7 items (not 8), but you are not using that array at all. The GetBytes method returns a new array, and you put the reference of that array in the variable, leaving the array that you created to the garbage collector.

If you want to get the first 8 bytes of an array, copy the contents instead of replacing the array:

string keyText= "abcdefghsdsdfsdfsdf";

UTF8Encoding encoding = new UTF8Encoding();

byte[] keyfile = new byte[8];
byte[] decoded = UTF8Encoding.UTF8.GetBytes(keyValue);

Array.Copy(decoded, keyfile, 8);
Improve this answer

4 Comments

Guffa,i dont want to first 8 bytes of an array,actually i want to get whole.
@engcmreng: Well, that's what you asked for... So, if you want the whole array, just don't create an array first, just use the array that GetBytes returns.
(my englis is weak that i explain wrong i want),i want to whole string,but extra i want to make size of byte array 8.
@engcmreng: Well, that's not possible with the Encoding.GetString method. You would need to do something completely different, like getting a hash code for the string and get the first 8 bytes of the hash code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.