Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document IV truncation for .NET Framework but not .NET Core for TripleDESCryptoServiceProvider #3272

Open
2 of 3 tasks
vcsjones opened this issue Oct 8, 2018 · 1 comment
Open
2 of 3 tasks

Document IV truncation for .NET Framework but not .NET Core for TripleDESCryptoServiceProvider #3272

vcsjones opened this issue Oct 8, 2018 · 1 comment
Labels
area-System.Security Issues related to security practices for .NET developers. doc-enhancement Improve the current content Pri3 Indicates issues/PRs that are low priority
Milestone
Backlog

Comments

@vcsjones
Copy link
Member

vcsjones commented Oct 8, 2018

Issue description

👋 Hi docs folks! On Corefx an issue was filed because of a compatibility difference between .NET Framework and .NET Core for the TripleDESCryptoServiceProvider class that isn't documented anywhere except in the comments of the .NET Framework reference source.

The gist is the initialization vector on TripleDESCryptoServiceProvider (either the IV property or the rbgIV parameter on CreateEncryptor and CreateDecryptor methods) accepts a byte array. In .NET Core, that byte array for IV must be equal to a valid block size of the algorithm. For 3DES, that's 64-bits (8 bytes).

In .NET Framework, it would silently just use the first 8 bytes, even if you gave it 9, or 20.

When migrating from the .NET Framework to .NET Core, users that were erroneously passing in more than 8 bytes started getting exceptions. The fix for this is to just change your code during the migration to pass in just the first 8 bytes.

I'm happy to try to submit a pull request for this, but I'm not sure the best way or place to communicate this. In the remarks section for the class?

Target framework

Check the .NET target framework(s) being used, and include the version number(s).

  • .NET Core (2.0, 2.1)
  • .NET Framework (all of them)
  • .NET Standard
@rpetrusha
Copy link

Thanks for opening this issue, @vcsjones. The Remarks section is the appropriate place for this information. We'd be happy to review a PR if you'd like to submit one. If you have any questions, please don't hesitate to ask.

@mairaw mairaw transferred this issue from dotnet/docs Oct 1, 2019
@dotnet-bot dotnet-bot added the untriaged New issue has not been triaged by the area owner label Oct 1, 2019
@mairaw mairaw added doc-enhancement Improve the current content and removed untriaged New issue has not been triaged by the area owner labels Oct 1, 2019
@mairaw mairaw added this to the Backlog milestone Oct 1, 2019
@PRMerger13 PRMerger13 added the Pri3 Indicates issues/PRs that are low priority label Nov 11, 2020
@carlossanlop carlossanlop added the area-System.Security Issues related to security practices for .NET developers. label Mar 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Security Issues related to security practices for .NET developers. doc-enhancement Improve the current content Pri3 Indicates issues/PRs that are low priority
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@vcsjones @carlossanlop @dotnet-bot @rpetrusha @mairaw @PRMerger13