- The hierarchy of algorithms in .NET Framework:
- The abstract algorithm type classes, such as
SymmetricAlgorithm, AsymmetricAlgorithm, or HashAlgorithm.
- The abstract algorithm classes inherit from an algorithm type class; for example,
Aes, RC2, or ECDiffieHellman.
- Implementation of an algorithm class that inherits from an algorithm class; such as
AesManaged, RC2CryptoServiceProvider, or ECDiffieHellmanCng.
- The CLR uses a stream-oriented design for implementing symmetric algorithms and hash algorithms.
- The core of this design is the
CryptoStream class, which derives from the Stream class.
- Because all the objects are built on a standard interface, you can chain together multiple objects (such as a hash object followed by an encryption object), and you can perform multiple operations on the data without needing any intermediate storage for it.
- The streaming model also enables you to build objects from smaller objects.
- For example, combined encryption and the hash algorithm can be viewed as a single stream object, although this object might be built from a set of stream objects.
- There are four ways a developer can create a cryptography object:
- Create an object by using the
new operator.
- Create an object by calling the
Create method on the abstract class for that algorithm.
- Create an object by calling the
CryptoConfig.CreateFromName method.
- Create an object that implements a class of cryptographic algorithms by calling the
Create method on the abstract class for that type of algorithm.
- When using encryption classes, it is not enough, from a security perspective, to simply force a garbage collection after you have finished using the object.
- All cryptographic classes in the .NET Framework that hold sensitive data implement a
Clear method.
- When called, the
Clear method overwrites all sensitive data within the object with zeros and then releases the object so that it can be safely garbage collected.
Hash Algorithms
- SHA algorithm is a Secure Hash algorithm developed by the National Institute of Standards and Technology along with NSA.
- It is designed to compare the hash value of an original message and compare it to its message digest.
- Can be used to find out if the message produces the same message digest.
- SHA-256, SHA-512, SHA-1, MD5, and all other hashes using the Merkle–Damgård construction are vulnerable to a length extension attack.
- An attacker who knows the length of the MAC key and a particular value of
SHA256(key|data) can compute SHA256(key|data|otherdata) for other data.
- They can choose most of the other data, but even if they couldn't, it's a fatal flaw in a MAC scheme.
- While
SHA256(data|key) is not vulnerable to length extension, is vulnerable to "collisions" due to the same iterated construction.
- HMAC's nesting prevents these and various other attacks.
- Hash-based Message Authentication Code (HMAC) is a keyed hash algorithm that is constructed from the SHA-512.
- The HMAC process mixes a secret key with the message data and hashes the result.
- The hash value is mixed with the secret key again, and then hashed a second time.
- The output hash is 512 bits in length.
- An HMAC can be used to determine whether a message sent over a non-secure channel has been tampered with, provided that the sender and receiver share a secret key.
- The sender computes the hash value for the original data and sends both the original data and hash value as a single message.
- The receiver recalculates the hash value on the received message and checks that the computed HMAC matches the transmitted HMAC.
- If the original and computed hash values match, the message is authenticated.
- If they do not match, either the data or the hash value has been changed.
- HMACs provide security against tampering because knowledge of the secret key is required to change the message and reproduce the correct hash value.
- HMACSHA512 accepts keys of any size and produces a hash sequence of length 512 bits.
