WinXP SP1: MS_ENHANCED_PROV incompatible with previous versions

[Sergey Lipin]

The data, encrypted on XPSP1 machine by MS Enhanced provider with RC2
agorithm using the 128 or 56-bit key derived from password can not be
encrypted on machines with previous versions of Windows (tested on Win2k,
WinMe, )

[Sergey Lipin]

The data, encrypted on XPSP1 machine by MS Enhanced provider with RC2
agorithm using the 128 or 56-bit key derived from password can not be

decrypted on machines with previous versions of Windows (tested on Win2k,
WinMe, WinXP without SP1) and vice versa.
This fact can be easily tested using MS Platform SDK samples encrypt.exe and
decrypt.exe (Samples\WinBase\Security\Crypto\Encrypt). These samples should
be built with USE_BLOCK_CIPHER definition that turns on the RC2 algorithm
instead of RC4.
Just encrypt any text file with password on XPSP1 machine and then try to
decrypt with the same password on another machine with another OS. The
CryptDecrypt function will fail with NTE_BAD_DATA code.
This incompatibility can cause the loss of functionality of the existing
systems that use encrypted communications across the network.

[sdf]

"Sergey Lipin" <s...@idtdev.com> wrote in message
news:#N1LyjGXCHA.1676@tkmsftngp10...

[Daniel Sie [MS]]

Yes. The behavior has changed. In previous platform, the RC2 always uses
40-bits if you don't set the effective key length, where as since WinXP Sp1,
it will use just the key length. So, on the decrypting machine which is not
WinXP Sp1 or later, you have to set the effective key length.

--
Daniel Sie [MS]

This posting is provided "AS IS" with no warranties, and confers no rights.

"Sergey Lipin" <s...@idtdev.com> wrote in message

news:ejVyotGXCHA.2408@tkmsftngp08...