[Mono-dev] [PATCH] Fix for Membership.{Encrypt,Decrypt}Password
Marek Habersack
grendel at caudium.net
Tue Nov 21 05:37:35 EST 2006
Hello,
Attached is a diff which reimplements the two methods mentioned in
the subject. The current implementation would break if the password
passed was larger than the symmetric algorithm block size and it
wouldn't take into account the IV embedded into the encrypted password
when decrypting. Also, it assumet the IV (salt) size to be 16 bytes,
which isn't forward-compatible. The reimplementation uses CryptoStream
and the size of the algorithm's IV to fix both of the problems.
At first I thought that embedding the IV in the password passed to
{Encrypt,Decrypt}Password is incorrect according to the MS.NET
documentation, but the tests show that it's the documentation that's
wrong.
The diff also touches SqlMembershipProvider to account for the
salt size fix above. Please review,
best regards,
marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MembershipEncryption.diff
Type: text/x-patch
Size: 4655 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20061121/c825eb2d/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20061121/c825eb2d/attachment-0001.bin
More information about the Mono-devel-list
mailing list