How Not to Encrypt a File – Courtesy of Microsoft

The author could spend less time bashing the original article and a little bit more explaining how to do things right.<p>This:<p>&gt; Suggestion to use the encryption key as the IV<p>is a second sub-heading while the words &quot;initialization vector&quot; don&#x27;t appear until much later. Initialization vector is pretty obvious, &quot;IV&quot; isn&#x27;t.<p>Also the author spends time complaining that the original article misunderstands the use of initialization vector while providing no explanation of how it should be used.<p>After reading the post I haven&#x27;t learned anything useful other than that the original article was bad.

While I&#x27;m sure the article is correct, it doesn&#x27;t even attempt to link to resources to say <i>how</i> these things are misunderstandings. For example, I myself don&#x27;t really understand IVs, and from my perspective I&#x27;m left with no clearer of anuidea about <i>why</i> IVs shouldn&#x27;t be considered secret, or why the IV isn&#x27;t required to be able to decrypt the file again.<p>Regardless, it&#x27;s obvious that the fact that bad encryption advice in a MSDN article is horrifying.

Note: All my information re: Microsoft is from no later than 2013.<p>This is indicative of a classic challenge in the industry.<p>To ship code that uses crypto at Microsoft you have to go through an auditing process. To ship code that uses novel crypto, or works directly with crypto primitives, you have to be reviewed by a specialist crypto review board — that contains security and crypto people from across the company, names that you might know (e.g. Niels Ferguson was there last time I needed a review. Hi Niels!)<p>Samples and documentation aren&#x27;t held to the same standard.

Microsoft have already 404d the article: <a href="https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;help&#x2F;307010" rel="nofollow">https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;help&#x2F;307010</a>

As someone in charge of reviewing all crypto code for a sizable chunk of my company, I&#x27;ve yet to see a single case of someone using encryption primitives correctly by naive developers. To tell the truth, I don&#x27;t think I&#x27;ve ever seen a single example of IVs used correctly.<p>At the very best of times I get AES-CBC-HMAC-SHA1 (usually Encrypt-AND-MAC) with binary keys and secret static IV.<p>I&#x27;m still waiting for the developer that will botch AES-GCM with a random nonce so I can have first world problems, but we&#x27;re not there yet.<p>I wanted to call Microsoft sneaky for pulling out this article, but considering basically every top-ranked &quot;how do I encrypt with AES&quot; question on StackOverflow is full of bad advice, I&#x27;m glad they at least did something.

The article says that DES &quot;can be brute forced in a single digit number of days by a modern computer&quot;.<p><pre><code> 2**56 keys &#x2F; 9 days ≈ 92.7 Gkeys&#x2F;s </code></pre> Can modern computers actually compute DES <i>that</i> fast?

Another version of essentially the same article is still live here:<p><a href="https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;help&#x2F;301070&#x2F;how-to-encrypt-and-decrypt-a-file-by-using-visual-basic-.net-or-visual" rel="nofollow">https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;help&#x2F;301070&#x2F;how-to-encry...</a>

Yep, all over the place:<p><a href="https:&#x2F;&#x2F;searchcode.com&#x2F;?q=ASCIIEncoding.ASCII.GetBytes%28sKey%29%3B" rel="nofollow">https:&#x2F;&#x2F;searchcode.com&#x2F;?q=ASCIIEncoding.ASCII.GetBytes%28sKe...</a><p>EDIT: ok maybe not &quot;all over the place&quot;, but it&#x27;s been done.

The article author is complaining about an MSDN article not being updated. The content even says it applies to VS 2005 at its highest. That&#x27;s a hint of how old it is. Is he going to get the print version and complain about that next. If programmers are using this without thought that is on them not the example code.

Raymond Chen wrote some time ago about the variable quality of MS Knowledge Base articles: <a href="https:&#x2F;&#x2F;blogs.msdn.microsoft.com&#x2F;oldnewthing&#x2F;20060424-21&#x2F;?p=31433" rel="nofollow">https:&#x2F;&#x2F;blogs.msdn.microsoft.com&#x2F;oldnewthing&#x2F;20060424-21&#x2F;?p=...</a>

That&#x27;s pretty disturbing. Though to be fair, the article in question was written a while ago (since it targets .NET 2005), and to be less fair, MS doesn&#x27;t really review their documentation very well, at all.

probably you are too youn, in the past when internet wasn&#x27;t so ubiquitus, having a MSDN cd documentation was a live saver. the docs that today have serius content directly descend from that days, the res, as other already said, are just boilerplate autogenerated docs., which nobody maintains anymore because simply the technology is too fast. so probably this doc page abaut usage of DES is directly from 1990 or so... and in that days probably was good enough

It does seem useless to make the IV the same as the key. But is there a reason making the IV the same as the key is worse than using 0 as an IV?<p>Just asking.

To encrypt: tar cz foo | openssl aes-256-cbc -salt -out foo.enc<p>To decrypt: openssl aes-256-cbc -d -in foo.enc | tar xz<p>(foo can be a file or directory)

I feel disgusted after reading this. I wonder how many people applied the advices given by the original article because they made the bad decision to trust the official documentation by MS.

I always look at Microsoft in order to learn how not to do anything &#x2F;s

&gt;It’s a good thing the caesar shift isn’t available in their library or it would probably have ended up in this tutorial.<p><a href="https:&#x2F;&#x2F;docs.python.org&#x2F;2&#x2F;library&#x2F;codecs.html#python-specific-encodings" rel="nofollow">https:&#x2F;&#x2F;docs.python.org&#x2F;2&#x2F;library&#x2F;codecs.html#python-specifi...</a><p>Python does rot13 :)