Reputation: 127
How to encrypt decrypt string using MACTripleDES?
How to encrypt and decrypt the string using MACTripleDES in C#? Is there any difference between MACTripleDES and TripleDES?
Upvotes: 1
Views: 1509
Answers (2)
Reputation: 93998
MACTripleDES uses CBC-MAC. CBC-MAC uses the CBC mode after padding the message with zeros. This is specified in the withdrawn FIPS 113 specification (DAA). Only the last block is kept:
This means that each and every block of plaintext data before that cannot be retrieved. That is, unless you know the plaintext of the last blocks, in that case you can XOR it with the last block, retrieve the previous ciphertext, and calculate the plaintext by decryption.
TripleDES in CBC mode on the other hand outputs all the blocks of ciphertext, before using it as vector for the next block of plaintext.
using System;
using System.Security.Cryptography;
namespace StackOverflow
{
public class MACTripleDESTest
{
public static void Main(String[] args)
{
// example key
byte[] key = new byte[24];
for (int i = 0; i < key.Length; i++)
{
key[i] = (byte) i;
}
// uses CBC MAC with zero initialization vector and Zero padding
MACTripleDES macTDES = new MACTripleDES(key);
byte[] result = macTDES.ComputeHash(new byte[] { 0x01, 0x02, 0x03, 0x04 });
TripleDES tdes = new TripleDESCryptoServiceProvider();
tdes.Key = key;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.None;
ICryptoTransform tf = tdes.CreateDecryptor();
byte[] pt = tf.TransformFinalBlock(result, 0, tdes.BlockSize / 8);
Console.WriteLine(BitConverter.ToString(pt));
}
}
}
which will result in:
01-02-03-04-00-00-00-00
- when used together with CBC mode encryption and the same key it fails completely
- it will not deliver full security for dynamically sized messages
- the 3DES block size is rather small
Use either AES-CMAC, HMAC or authenticated encryption instead.
Upvotes: 4
Reputation: 61912
A Message Authentication Code (MAC) is similar to a hash in that you can't "decrypt" it. The input is usually some arbitrarily long message, but the output has the size of the Triple DES block size which is limited to 64 bit. Since the input can be larger than the output, you should easily see that it can't be "decrypted", because there are more than one possible input value to the same output value. This is called the Pigeonhole principle.
If the input is smaller or equal to the block size, then you may be able to decrypt the authentication tag to get the corresponding input. Whether you can do this depends on the actual MAC algorithm. For example CBC-MAC has this undesirable property that short messages are simply encrypted which can lead to message forgeries and breaks in confidentiality. There are much better alternatives such as CMAC (OMAC1) which is also based on some block cipher or HMAC which is based on secure hash functions. MACTripleDES is an implementation of CBC-MAC and should never be used.
Usually, a MAC is used for authenticating a message. Since the receiver of the message knows both the message and the key that was used to create the MAC (authentication tag), she can run the MAC algorithm to produce the an authentication tag and compare it with the one that was sent along with the message. If both tags are equal then the receiver can be reasonably sure that the message or the tag wasn't manipulated during transmission.
Upvotes: 2
Related Questions
- AddTransient, AddScoped and AddSingleton Services Differences
- Deep cloning objects
- Difference Between Select and SelectMany
- What is the best way to give a C# auto-property an initial value?
- What is the difference between String and string in C#?
- How to enumerate an enum?
- Case insensitive 'Contains(string)'
- How do you convert a byte array to a hexadecimal string, and vice versa?
- What is the difference between const and readonly in C#?
- How do I get a consistent byte representation of strings in C# without manually specifying an encoding?