Storing Password with AES 256

Started by chrislegarth, December 11, 2024, 02:48:00 PM

Previous topic - Next topic

chrislegarth

I came across this old post Password to string with AES 256 and was curious if it is indeed using AES 256.  My assumption is that it is but I wanted to verify. I have been using the old RC4 extender for quite some time to store encrypted passwords and I have been asked to see if I can use AES 256.  Any insight would be appreciated.

THANKS!

td

You will have to ask MSFT. It is their .Net classes used in the example. The documentation for the current Framework version of the class can be found here:

https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesmanaged?view=netframework-4.8.1
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

chrislegarth

Thanks Tony!

I tweaked the code from the original post to use Aes.Create() as I read last night that AesManaged is obsolete.
I'll completely admit I don't fully understand everything in the code but when I query for KeySize it does return 256.  So I guess I am good.

   objAes = ObjectClrNew('System.Security.Cryptography.Aes')
   objAesCreate = objAes.Create()

   ;; Set key and initialization vector.
   checkKeySize = objAesCreate.KeySize

spl

As long as you are working with CLR. might consider

System.Security.Cryptography.Rfc2898DeriveBytes to create key(s)

Security.Cryptography.AesGcm as main Aes Instance

[EDIT]:
Probably stepped into this thread w/out asking basic question. Are you looking for AES to basically encrypt User/pw pairs (in which case using credentials and secure-string should suffice) or encrypting text with AES and key?
Stan - formerly stanl [ex-Pundit]

chrislegarth

I'm basically looking to encrypt text with AES to store it in a database so it can, at a later time, be retrieved, decrypted and read.