When would I choose AesCryptoServiceProvider over AesManaged or RijndaelManaged?

Cheeso picture Cheeso · Aug 4, 2009 · Viewed 8k times · Source

I think the distinguishing factors are

  • AesCryptoServiceProvider is FIPS compliant
  • AesManaged is cross-platform, requires .NET 3.0
  • RijndaelManaged runs on .NET 2.0, requires restricting the blocksize

is that about right?

Answer

PaulG picture PaulG · Aug 4, 2009

AesManaged documentation states that

"The AES algorithm is essentially the Rijndael symmetric algorithm with a fixed block size and iteration count. This class functions the same way as the RijndaelManaged class but limits blocks to 128 bits and does not allow feedback modes."

That would suggest its using ECB (Electronic Codebook) mode. This can be a significant weakness to the encrypted data as it means identical blocks of plain text data will result in identical blocks of cipher output.


Edit: (As correction)
Documentation for the Mode property indicates that Mode infact defaults to CBC (which confusingly IS a feedback mode) but cannot be set to CFB or OFB (Cipher Feedback / Output Feedback)