I am asking this question to confirm whether the RijndaelManaged class in C# is equivalent to AES encryption. From what I have been reading, RijndaelManaged was the algorithm of choice to implement AES encyrption. Can someone confirm this please?
Is RijndaelManaged algorithm safe to be used for a web project? Thanks :)
The AES algorithm was selected in a competition held by NIST between 1997 and 2000. The winner was an algorithm called Rijndael.
NIST specified that the AES algorithm was to have a 128-bit block size. As Rijndael supports block sizes of 128, 160, 192, 224, and 256 bits, the final AES specification differs from the original Rijndael specification in that regard. In other words, "AES" and "Rijndael" are the same algorithm, except "AES" is restricted to a block size of 128 bits.
Block size has nothing to do with key size though. The algorithm in question supports 128, 192, and 256-bit keys. Longer keys are not necessarily "stronger", because AES has certain theoretical weaknesses. Either way, 128-bit keys are plenty long enough for the foreseeable future.
As EkoostikMartin said, AES is unbreakable to date. But cryptography is hard, and even professionals don't get it right every time. Using raw cryptographic primitives without knowing exactly what you're doing will likely result in something bad. To put it another way, the cipher is very rarely the weakest link in the "security chain".
If you want to use AES, just use the AesManaged
class - http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged%28v=vs.100%29.aspx
The RijndaelManaged
class you referenced does not exactly fit into the AES specs, mostly since it gives options as far as block sizes. AesManaged
uses the 128-bit block size as specified.
As far as being "safe" for a web project, well its a very strong encryption method (it's never been broken as far as I know), but like anything it must be used correctly.
There are a few differences, notably the ability to change the block size as well as key size. (AES uses a fixed block size of 128 as far as I know)
If you're using CFB in Rijndael the block size will adjust to the feedback size, meaning that you cannot guarantee a block size of 128.
In order to ensure equivalency you will have to use a block size of 128, and either avoid CFB or ensure that the feedback size is also 128.
Another thing to note: if you are using a static IV with CFB then your cipher will be deterministic. Avoid this as the prefixed IV can then be easily identified and used to decrypt your data.
(sorry to raise an old thread, but this information wasn't on here)