[release/5.0] Change default FeedbackSize for TripleDES internal implementation #43370
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
In .NET Framework, TripleDESCryptoServiceProvider defaults to a feedback size of 8, and TripleDESCng defaults to a feedback size of 64. The static Create by default would return TripleDESCryptoServiceProvider, thus the TripleDES from Create would have a default feedback size of 8. This changes the default sizes of TripleDES to behave more similarly to .NET Framework to make porting CFB code from Framework easier. The internal 3DES implementation (and thus TripleDESCryptoServiceProvider, since that is a wrapper around the internal implementation) now defaults to a feedback size of 8. TripleDESCng and user-derived classes from TripleDES will continue to use a feedback size of 64.
bartonjs
approved these changes
Oct 13, 2020
bartonjs
added
Servicing-approved
|
Servicing approved the change via #43259, since we didn't want the change in 6.0 if we weren't going to do it in 5.0. |
vcsjones
reviewed
Oct 13, 2020
...ests/System/Security/Cryptography/AlgorithmImplementations/TripleDES/TripleDESCipherTests.cs
Outdated
Show resolved
Hide resolved
…thmImplementations/TripleDES/TripleDESCipherTests.cs Co-authored-by: Kevin Jones <kevin@vcsjones.com>
|
Committed the test so we can get updated results. |
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley |
|
Test failures in "System.Numerics.Vectors.Tests" and installer "Can_Run_App_With_StatiHost" appear unrelated. |
|
@bartonjs you signed off, but I since committed that Win7 change so I'll let you confirm that's correct and merge this yourself.. |
|
Breaking change doc issue is dotnet/docs#21103. |
bartonjs
added
breaking-change
ghost
added
the
needs-breaking-change-doc-created
|
Oh, we have a flaw in my bot programming, haha |
danmoseley
added
breaking-change
|
Disabled that while I figure it out. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #43259 to release/5.0
/cc @bartonjs @vcsjones
Customer Impact
Reported by a customer in #43234.
A new mode of symmetric encryption was added to .NET 5, CFB mode. This mode already exists in .NET Framework. When it was brought to .NET 5, the default
FeedbackSizefor some implementations ofTripleDESdiffered from the .NET Framework implementation. Customers that were relying on theFeedbackSize's default value in .NET Framework may get incompatible encryption results when porting their .NET Framework code to .NET 5. This is difficult to diagnose - the observed behavior is different results when encrypting data in this mode.Testing
The default values for
FeedbackSizeof various algorithms was manually validated against .NET Framework. Unit tests are introduced to solidify the behavior and prevent it from regressing.Risk
Minimal. The default
FeedbackSizeforTripleDESInternalImplementationwas changed from 64 to 8. Since this mode is new in .NET 5, it does not break compatibility with previous versions of .NET Core. It changed the default behavior from previous previews and RCs of .NET 5.