4

In Asp.NET you can use the MachineKey.Protect to encrypt data. We are thinking of using this to encrypt some data which will be stored in a hidden fields within a web page, these hidden fields are used when the web page is posted back.

I have read that when encrypting it is better to use a different Initialisation Vector each time as if the same one is used over and over again the encryption becomes easier to crack.

Surely by using MachineKey.Protect over and over again the encryption becomes easier to crack as the same IV is being used. The data I am protecting is not super sensitive so I don't need a gold standard solution, I am just checking that I am not about to do something that is very weak. If MachineKey.Protect is a medium strength solution that is fine.

Thanks for your help.

Jake
  • 181
  • 1
  • 3

1 Answers1

5

The MachineKey.Protect method automatically generates a random IV during encryption. You can see this in effect by protecting the same values multiple times:

for (int n = 0; n < 10; n++)
{
    byte[] data = MachineKey.Protect(Encoding.ASCII.GetBytes("This is a test."), "testing");
    var sb = new StringBuilder();
    for (int i = 0; i < data.Length; i++)
        sb.AppendFormat("{0:x2}", data[i]);
    Console.WriteLine(sb.ToString());
}

Output:

beb18d854f133f948e090a9d563d5670f3ccf9d337449357fba831e728e105fed44785e432d3f1dbe8c50a7f867570a3ce7d198b51faf34fb3f44511c876f715
dd62fe62ca56ff6f9cf4bb6b0f715f77106aa11ef081105099800850ce38a2d7d8d986f35f8e0db3ac32d5702a7cbfb2efb421770449a90587cd4895ec70a5af
fa548a8fb928fa3039eed3b2d0bf2fc53c4899da39acaad443170726f8a2fdfacf40684542b5429445c82f66cac529f94a750c2ec52532984e752e722f6accfa
ef37f809db93f2e8e1a45a58bc5def741239be955038b87d8712dcb8bfbae853e2dd21556b836dde41c56dcce6970c699107cc9a796dbbf14cf8ff231cfe7f08
fdb4e87ee327dfe4b0d3ae3edf66a4b3dc9eab7434d8e730eaf3424034bd2b6935b0b92613b13bf703cac6951d92761e9a34ec815dd5e66e9e514baf5181edab
1203a0891da6e7bc09f6037a3419be62a07dbb1b5e3c3ab2449e7163e5b082d9a6ef4338b17132e95e04ef8df00582afca2aa0576003260766f256659b971f11
0a96d6f17169789d86c0812c810826efe356c5ec5ad4f88d1d79620c7d9a31b665244e095ef711a3f555b29ac04dc684de4971396cdb621c34c6753ad16cbebe
0a537e35e7554831c0870e762996f3b9d23ed3ae3363133341097e7a80ed3fca12c9beb1592ecb1d4d2ca4cc2178837996484ee71773e4ce5dcd911220d38e17
9e943971c1847254cba338a69973d55e857e55fb0bdaf62b18bbe4cfd39647256d31ac88a9c75823594c062b2def6c618429af60618150f640590c6ef7a0d565
18028aa0c81dd5dc03ed972d0a066803841f1cb0a43eadbb4cf001ecafbc38f3604579f84196e9c6344cb3f676f53add0d4054b1daa5eca119c46522201ae27c

If you step into the decompiled sources for System.Web.dll and System.Security.dll, you'll find that the MachineKey.Protect call loads a provider from a factory which ultimately wraps the underlying DPAPI protection methods - specifically CryptProtectData, using the hash of the purposes list as the "optional entropy" field. The DPAPI automatically applies a salt and a MAC.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • I would have thought that the machinekey would have needed the random iv to decrypt the string? – Jake May 18 '15 at 18:18
  • @Jake Yes. The IV is embedded within the output data. – Polynomial May 18 '15 at 19:00
  • 5
    Correction: MachineKey.Protect doesn't use DPAPI by default. It instead uses information derived from the value of stored in Web.config. (This also allows it to work in a server farm, whereas using DPAPI wouldn't allow for this.) The security of MachineKey.Protect depends on the quality of the entropy in and the steps taken to shield that value from unauthorized access, e.g., by employing encrypted config. – Levi Jul 12 '15 at 23:52
  • @Levi This may depend on which version of the .NET framework you load, and whether you're looking at the desktop or web platform. The info above was derived from reverse engineering the framework assemblies, so I guess we're looking at different versions. – Polynomial Jul 13 '15 at 08:55
  • 2
    @Polynomial The behavior hasn't changed since its introduction in .NET 4.5. I should know - I wrote the code. :) – Levi Jul 13 '15 at 22:11
  • @Levi Ah, well I shall defer to your knowledge on the matter. Weird though - I'm sure I got that description of behaviour from RE'ing the assemblies. – Polynomial Jul 15 '15 at 13:27