Password Size Effect bits with 33,000 iterations ----------------- ---------------------------------- 5 chars (35 bits) 50 bits 10 chars (70 bits) 85 bits 15 chars (105 bits) 120 bitsThe 33000 iteration count chosen in SimCrypt.NET raises the brute-force attack resistance by adding "computational entropy" of about 15 extra bits. This will improve resistance to direct unsophisticated attack when users choose very weak but still random passwords (e.g. 5 chars) from about 1/2 day to about 50 years. Choosing a good random 15 character password with the implemented 33000 iterations here provides extremely high resistance from direct attack, even though it still only attains effectively 120 bits of the full 256 bit AES key "bandwidth". Nevertheless, an effective symmetric key size of 120 bits is considered more than adequate with current computational capabilities and known attack technology.
A random 16 byte salt value is derived from the default random number generator class RNGCryptoServiceProvider. The salt value is written to the encrypted output file first, followed by the random IV value. Then, the filename length, filename and file contents (all AES encrypted) are written to the output file . With b64 output, a b64 streamed output writes the salt and IV values first. Then the cascaded encryption stream wrapper around the b64 final target stream is used. Decryption reverses the process. For the b64 encoded file, the b64 decoder stream must be read initially to exactly return the correct number of salt bytes, and the IV bytes. Then the b64 decoding stream wrapping the decryption stream is used to recover and write the decrypted file length, name and contents.
Note that PasswordDeriveBytes as used in SimCrypt.NET takes parameters (e.g. interation count, salt etc.) that may not be directly compatible with other implementations of password derived symmetric key data. Also the output file format created by SimCrypt.NET is a simple contatenation of:
byte salt byte IV byte inputfilename length (encrypted) byte inputfilename (encrypted) byte encryptedinputfilecontents (encrypted)
Since strings in .NET are immutable, memory persistence of string data for managed CLR applications is difficult to avoid. No attempts using native methods have been made in SimCrypt.NET to zero or scrub memory associated with user provided passwords. Therefore, this utility should ONLY be used on trusted computers with known history and controlled users. See the first two references for more details on this topic.
Michel I. Gallant