March 23rd, 2002, 04:04 AM
.NET Encryption Algorith source...
I found somewhere that has it. Seems that MS has gone open-source on its new .NET thing, releasing the encryption algorithm. This may seem odd, but it doesn't go unsaid on their part: read the EULA before you download it. No modification, do they want you to do. Click here for it. Just scroll down a bit to "click here to obtain the full source code."
March 23rd, 2002, 04:10 AM
I have heard that, they aren't really opposed to Open Source itself. But they are opposed to the GPL. Which I agree. It is not a license in which you would want to use, if you were in the software business and trying to make money.
March 23rd, 2002, 04:28 AM
.NET is writtten in C#(C Sharp)...they still don't reveal the source code, unless forced to...no matter what you may find...M$ will never just give away their code...unless it it snowing in hell right about now...
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
March 23rd, 2002, 04:35 AM
From the site:
System.Security.Cryptography namespace of the .NET Framework.
The following classes and interfaces are part of the System.Security.Cryptography namespace of the .NET Framework Base Class Library.
SymmetricAlgorithm – is the top level abstraction for all symmetric cryptography algorithms
AsymmetricAlgorithm – is the top level abstraction for all asymmetric cryptography algorithms
RC2 – the RC2 abstraction, subclassing from SymmetricAlgorithm
DES – the DES algorithm abstraction, subclassing from SymmetricAlgorithm
TripleDES – the Triple DES algorithm abstraction, deriving from SymmetricAlgorithm
Rijndael – the Rijdeal abstraction, deriving from SymmetricAlgorithm
RSA – the RSA public key cipher agbstraction, deriving from AsymmetricAlgorithm
DSA – the DSA public key cipher abstraction, deriving from AsymmetricAlgorithm
ICryptoTransform – the interface definition for encryption and decryption transforms. Objects of this type are generated by methods on SymmetricAlgorithm
So it isn't like they are releasing full source. More like bits and pieces, from what it sounds like.
March 23rd, 2002, 04:57 PM
Several of the .NET encryption methods are publicly available ciphers, of which there are open source implementations.
Examples of such implementations are Crypto++, or openSSL
Of course Microsoft's implementations may not be correct, or secure - only with open source can you have the implementation independently scruitinsed.
However, it seems unlikely that with well-known algorithms, even M$ implementations are wildly defective.
If they implement the specification of these algorithms correctly, they will interoperate with other people's implementations.
Of course there's nothing to say that their key generation is secure - various US governmental agencies may have asked them to deliberately choose bad keys (of course any key can legitimately be chosen, so this is impossible to detect externally)
I would certainly be suspicious about their key generation routines not having been tampered with by the US government.
Hence if I was running a non-US government based organisation who required strong encryption, it would be tempting to use either an in-house implementation or an open source one, to ensure that the US government hadn't tampered with it.