SimCrypt.NET: AES 256 bit Encryption Tool

SimCrypt.NET is a .NET Framework 1.1/2 assembly utility implemented as an easy-to-use GUI for encryption/decryption of any local file. .NET streaming of the standard .NET crypto classes provides efficient memory usage for encryption of arbitrary size files. In addition, cascaded CryptoStreams with the To/FromBase64Transform classes provides the ability to easily generate base64 encoded encrypted files of any size without excessive memory requirements.

SimCrypt.NET uses PasswordDeriveBytes to derive the AES 32 byte (256 bit) key. The 16 byte IV (the default .NET AES cipher parameters) value is the random value created from the default Rijndael constructor. To realize sufficient effective "strength" of the potential 256 bits provided by the AES key-size, it is important in a password-derived key scenario to provide a sufficiently long and random password selected from the character set of numbers, upper/lower case characters and special keyboard symbols. Very roughly, with characters chosen from this set, the following table shows the "effective" key size: 

    Password Size          Effect bits with 33,000 iterations  
  -----------------        ---------------------------------- 
   5 chars (35 bits)              50 bits
  10 chars (70 bits)              85 bits
  15 chars (105 bits)            120 bits
The 33000 iteration count chosen in SimCrypt.NET raises the brute-force attack resistance by adding "computational entropy" of about 15 extra bits. This will improve resistance to direct unsophisticated attack when users choose very weak but still random passwords (e.g. 5 chars) from about 1/2 day to about 50 years. Choosing a good random 15 character password with the implemented 33000 iterations here provides extremely high resistance from direct attack, even though it still only attains effectively 120 bits of the full 256 bit AES key "bandwidth". Nevertheless, an effective symmetric key size of 120 bits is considered more than adequate with current computational capabilities and known attack technology.

A random 16 byte salt value is derived from the default random number generator class RNGCryptoServiceProvider. The salt value is written to the encrypted output file first, followed by the random IV value. Then, the filename length, filename and file contents (all AES encrypted) are written to the output file . With b64 output, a b64 streamed output writes the salt and IV values first. Then the cascaded encryption stream wrapper around the b64 final target stream is used. Decryption reverses the process. For the b64 encoded file, the b64 decoder stream must be read initially to exactly return the correct number of salt bytes, and the IV bytes. Then the b64 decoding stream wrapping the decryption stream is used to recover and write the decrypted file length, name and contents.

Note that PasswordDeriveBytes as used in SimCrypt.NET takes parameters (e.g. interation count, salt etc.) that may not be directly compatible with other implementations of password derived symmetric key data. Also the output file format created by SimCrypt.NET is a simple contatenation of: 

	byte[] salt
	byte[] IV
	byte inputfilename length  (encrypted)
	byte[] inputfilename   (encrypted)
	byte[] encryptedinputfilecontents  (encrypted)

WARNING:
Since strings in .NET are immutable, memory persistence of string data for managed CLR applications is difficult to avoid. No attempts using native methods have been made in SimCrypt.NET to zero or scrub memory associated with user provided passwords. Therefore, this utility should ONLY be used on trusted computers with known history and controlled users. See the first two references for more details on this topic.

References

Michel I. Gallant
neutron@istar.ca