6 Replies - 359 Views - Last Post: 02 December 2013 - 11:04 AM Rate Topic: -----

#1 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Cryptography in Windows XP

Posted 02 December 2013 - 08:27 AM

My software uses System.Security.Cryptography.SHA256CryptoServiceProvider for database hashing.

Apparently it is not supported by Windows XP. An option is SHA1, but it seems like it is not nearly as secure as SHA256 from the reading I just did. What hashing algorithm would you recommend, to be a secure as possible while retaining backwards compatibility with XP? The software will support XP, Vista, Win7 and Win8.

Thank you!

Is This A Good Question/Topic? 0
  • +

Replies To: Cryptography in Windows XP

#2 jhouns  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: Cryptography in Windows XP

Posted 02 December 2013 - 08:32 AM

I've found an MSDN discussion about this topic. The gist of it is, is that the SHA256CryptoServiceProvider gives the same hash as SHA256Managed (which should be available on XP) but SHA256Managed is slightly slower. Please correct me if I'm wrong. The link I've posted also links to a code project implementation of different hashes.

So you shouldn't have to change hopefully.

This post has been edited by jhouns: 02 December 2013 - 08:33 AM

Was This Post Helpful? 2
  • +
  • -

#3 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Cryptography in Windows XP

Posted 02 December 2013 - 08:34 AM

Thank you jhouns! I'll check it out right now.

I'm running into a multitude of problems now that I'm testing the software in XP. Last week it was crashing, apparently from the icon file, of all things.
Was This Post Helpful? 0
  • +
  • -

#4 jhouns  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 25
  • View blog
  • Posts: 100
  • Joined: 21-December 09

Re: Cryptography in Windows XP

Posted 02 December 2013 - 08:37 AM

XP was beautiful, but now it's more of a 'legacy' system you'll find more and more things start to fail. It's sad really.
Was This Post Helpful? 2
  • +
  • -

#5 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Cryptography in Windows XP

Posted 02 December 2013 - 08:40 AM

That worked! Thank you so much jhouns
Was This Post Helpful? 0
  • +
  • -

#6 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4490
  • View blog
  • Posts: 7,822
  • Joined: 08-June 10

Re: Cryptography in Windows XP

Posted 02 December 2013 - 10:06 AM

Icons making things crash makes a strange sense to me. Vista changed the way icons behaved a bit.

As for your security concerns, it's awesome that you're thinking about security. So many developers don't bother, and I'm glad you're looking for strong hashing algorithms. But I don't think you need to worry too much about SHA-1 being unsafe. From what I've read, it has technically been broken, but it's not something any normal hacker is going to be able to handle, especially if you're salting your hashes.

Can I ask if you're using this hashing algorithm for passwords? If so, you should consider using a hash function designed for that purpose, such as bcrypt or PBKDF2. bcrypt is technically more secure, but either will be just fine, really.

Something I learned when I was getting my security cert: security is always a balance of effectiveness, accessibility, and cost. You can have the most effective security ever, but it'll cost you an arm and leg, or perhaps it will be so restrictive that users can't use it. You can make it cheap and easy, but it won't be effective. The most important thing is to weigh all those variables against risks and estimated damages. What's the potential fallout for you and your company if info is leaked. What's the likelihood of someone trying to crack your info? How do those risks stack up against your dev time and cost? You and your company are the only ones who can answer those questions, but generally, if it's a relatively low-risk environment, I wouldn't balk at using SHA-1 if it were the only thing available to me, though I'd choose better if available.
Was This Post Helpful? 2
  • +
  • -

#7 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Cryptography in Windows XP

Posted 02 December 2013 - 11:04 AM

Yes, I am using the crypto for passwords. I'll look into using bcrypt! I thought about encrypting the entire database, but it seems like the overhead would be too high as the database grew.

At this point, I don't think anyone would even want to hack into our software. Maybe a disgruntled employee?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1