What's the best way to encrypt short strings in .NET?

My boss wants me to encrypt some information used during data transfer. The individual strings to be encrypted are between eight and twenty characters long. A single password must be used to encrypt and decrypt so I need a symmetric alogrithm. I don't want to roll my own - I want to use one built into .NET from C#.

So, which algorithm is best?

From stackoverflow

• TripleDes ?

  You can use the System.Security.Cryptography.TripleDESCryptoServiceProvider

  Small amount of code to encrypy/decrypt... does exactly what it says on the tin :)

  Syed Tayyab Ali : I agree with you DES is best option for him.

  James Black : My only concern with DES is how to do a key exchange securely.

  Matthew Flaschen : This issue (key exchange) applies to any symmetric cipher (of course there are also issues with asymmetric), and the OP explicitly requested symmetric. http://en.wikipedia.org/wiki/Key_exchange is a good place to start, but it's a complex topic.

• check this encryption tutorial.

• You could just use RSA encryption, since these are short strings, which will make key exchange simpler.

  How much you can encrypt with RSA is based on the key length.

  I am a fan of the rsa library from bouncy castle.

• See my post here:

  http://stackoverflow.com/questions/202011/encrypt-decrypt-string-in-c

• Rot 26, nobody will figure it out.. it's hiding in plain sight!

  Greg B : LOL .

• TripleDES is a very good option, but you can also consider AesCryptoServiceProvider (AES), which is a modern symmetric cipher.

• .net security classes:

  Hash

  * MD5
  * MD5Cng
  * SHA1
  * SHA1Managed
  * SHA1Cng
  * SHA256
  * SHA256Managed
  * SHA256Cng
  * SHA384
  * SHA384Managed
  * SHA384Cng
  * SHA512
  * SHA512Managed
  * SHA512Cng
  

  Symmetric Encryption: Uses the same key for encryption and decryption.

  * DES
  * DESCryptoServiceProvider
  * TripleDES
  * TripleDESCryptoServiceProvider
  * Aes
  * AesCryptoServiceProvider
  * AesManaged
  * RC2
  * RC2CryptoServiceProvider
  * Rijandel
  * RijandelManaged
  

  Asymmetric Encryption: Uses different keys for encryption and decryption.

  * DSA
  * DSACryptoServiceProvider
  * ECDsa
  * ECDsaCng
  * ECDiffieHellman
  * ECDiffieHellmanCng
  * RSA
  * RSACryptoServideProvider
  

  Matthew Flaschen : That's a very good dump of class names, but most of those have no relevance to the submitter (who wants a /symmetric/ /encryption/ algorithm), not a hash or an asymmetric cipher.

• Here is encrypt & decrypt function with des3 encryption

  ''' <summary>
  ''' Encrypts a memory string (i.e. variable).
  ''' </summary>
  ''' <param name="data">String to be encrypted.</param>
  ''' <param name="key">Encryption key.</param>
  ''' <param name="iv">Encryption initialization vector.</param>
  ''' <returns>Encrypted string.</returns>
  Public Shared Function Encrypt(ByVal data As String, ByVal key As String, ByVal iv As String) As String
      Dim bdata As Byte() = Encoding.ASCII.GetBytes(data)
      Dim bkey As Byte() = HexToBytes(key)
      Dim biv As Byte() = HexToBytes(iv)
  
      Dim stream As MemoryStream = New MemoryStream
      Dim encStream As CryptoStream = New CryptoStream(stream, des3.CreateEncryptor(bkey, biv), CryptoStreamMode.Write)
  
      encStream.Write(bdata, 0, bdata.Length)
      encStream.FlushFinalBlock()
      encStream.Close()
  
      Return BytesToHex(stream.ToArray())
  End Function
  
  ''' <summary>
  ''' Decrypts a memory string (i.e. variable).
  ''' </summary>
  ''' <param name="data">String to be decrypted.</param>
  ''' <param name="key">Original encryption key.</param>
  ''' <param name="iv">Original initialization vector.</param>
  ''' <returns>Decrypted string.</returns>
  Public Shared Function Decrypt(ByVal data As String, ByVal key As String, ByVal iv As String) As String
      Dim bdata As Byte() = HexToBytes(data)
      Dim bkey As Byte() = HexToBytes(key)
      Dim biv As Byte() = HexToBytes(iv)
  
      Dim stream As MemoryStream = New MemoryStream
      Dim encStream As CryptoStream = New CryptoStream(stream, des3.CreateDecryptor(bkey, biv), CryptoStreamMode.Write)
  
      encStream.Write(bdata, 0, bdata.Length)
      encStream.FlushFinalBlock()
      encStream.Close()
  
      Return Encoding.ASCII.GetString(stream.ToArray())
  End Function
  

• Why not just use a SecureString?

  Matthew Flaschen : How does that handle serialization/deserialization?

  Mike Post : Now that I dig deeper, I see that you can't serialize SecureString objects. Bummer.

• DES is pretty much obsolete at this point. Here is the Wikipedia. If you are changing the key a lot, it might be adequate, but if you are relying on a key for a while, AES seems like a better choice.

  Of course it is a question of how much protection you need. But AES is build right in there too.

  I have used AES for small strings, and it works nice.

  What I have read about TripleDES is that since DES is easily crackable, TripleDES is still not substantial.

  Matthew Flaschen : Actually, Wikipedia (http://en.wikipedia.org/wiki/TripleDES#Security) and NIST (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf) (p. 66), say that TripleDES is expected to be secure until 2030.