✅ Guidance needed for encryption
Good day. I want to dive into creating my own encryption method/class. I want it to be similar to what the big companies do as I want to present it forward to the company I work at. They don't have their own encryption method.
I did some research and found the Rijndael algorithm and found it "a worthy" method. My main reason for asking for help is just to ask if you know any recourses or any existing open source methods that I can use to just guide me in completing this project.
If you know any other methods that are secure and also really well sourced please let me know. I am doing this project to further my knowledge with C# and actually have an impressive project to showcase if the company decides to not use it.
12 Replies
Just use an existing encryption algorithm ¯\_(ツ)_/¯
.NET comes with quite a few built-in. RSA, DSA, ECDsa
https://learn.microsoft.com/en-us/dotnet/standard/security/cryptographic-services
Far as Rijndael algorighm goes, pick and choose: https://www.nuget.org/packages?q=rijndael
@ZZZZZZZZZZZZZZZZZZZZZZZZZ My only thought is that if it's public, and anyone can access it, can't one just use it to decrypt data?
Unless they have the encryption key, then no, they cannot
Encryption would be entirely worthless if just knowing the algorithm was enough to decrypt the data
Fair enough. Thanks @ZZZZZZZZZZZZZZZZZZZZZZZZZ . Saved me from making one from scratch.
If I may ask, is making one from scratch good for portfolios though? Or just using an existing one enough..
The rule of thumb is, generally, "don't roll your own crypto"
Chances are it will be worse than any existing implementation
Ok cool haha. Fair enough
What do you want to use encryption for?
I get the impression you're not very familiar with how encryption works, and what its goals are
I want to use it for bytes of data. So convert the variable into it's hash values, and mess it up, order and all and make it make no sense
I mean even taking its binary form and messing around with it..
and why do you want this?
Chat app for one, to store that chat on the cloud. Another thing is storing information like usernames and passwords locally
yeah definitely stick to the already implemented and battle-tested .NET implementations. Make sure you keep your private key private!
To win over management, I would prepare a presentation where you tell them high-level (with pictures) how encryption works (we take data, and crypt it with our secret value, which means we can only read it when we use our secret value to unlock it), and what its goals are:
- in case of a data breach, attackers cannot read chat messages if they do not also have the private key
etc
Good luck!
Thank you!