Today's New Learning: on Tri DES

Hehe di lang ako maka getover sa natutunan ko today kaya spill ko lang. :D

On our previous project, we used Triple DES algorithm as our cipher for encryption/decryption. Implementing Tri DES in .NET allows you to provide a private key and an initialization vector of your own choice. Hehe wala namang kaso saken kung sa code gawin encrypt/decrypt. Fallback lang ng ganun for me is pahirapan pag nagquery ka sa SQL server at puro encrypted values makikita mo. Looking at the brighter side ng ganung scenario, secured talaga kahit on the developer's end. hehehe. rawrr dami kong kwento.

so ang totoong kwento ay eto. One of my teammates is working on report builder and she uses the data of our previous project. So gaya ng sinabi kong fallback kanina, since encrypted values laging irereturn ni SQL server, encrypted values din ilalabas ni report builder unless padaanin mo ung data sa decyptor na nasa loob ng code. So para inde na ganun, naghanap kami ng way to decrypt values on sql server itself kahit inde sa sql server nagencrypt. Natuwa kami na sql server 2005 is capable of encrypting/decrypting data using Tri DES algo using symmetric keys and certificates. Hanap naman ulet kami ng way for us to provide the IV we used in the code for the decryption process kaso naiyak kami sa aming nalaman...

SQL Server 2005 101 New Learning:

"You cannot specify an initialization vector (IV) when encrypting data. An IV is automatically generated by SQL Server. The IV is used to further obfuscate the encrypted result of block ciphers such as AES and DES. The obsfucation provided by an IV helps further eliminate patterns from encrypted data that cryptanalysts can use in attempts to hack encrypted data."

-Pro T-SQL 2005 Programmer's Guide by Michael Coles

Ang saya! Ang higpit ni sql >_< ! So since inde namin magagamit ung IV na sinet namin, no choice but to pass encrypted data on code for decryption. hehehe. ayus!

Ayun! that's it for today's new learning :D:D