People, I've got a current application written r C++ and VB6 which uses RC4 (yes I know its not very strong but was sufficient at the time) for certain communications. All participants have access to a locally held shared secret key which is a simple string on which I use a SHA1 hash to derive a key. Now I'm porting a portion of this app using C#. However the .NET framework doesn't appear to have an implementation of RC4. Not a problem I thought creating an RC4 stream wasn't hard. However creating a derived key is proving to be a hurdle I can't overcome. I can't get the System.Security.Crytography.PasswordDeriveBytes class to generate a key from my shared secret because it doesn't know what RC4 is. Just using the SHA1 hash result as the key for the RC4 stream doesn't work so there must be something else the Win32 CryptDeriveKey API call does before using the content of a hash to generate the key. Without know exactly what it does I can't emulate it. I really, really don't want to use interop on this. Here is my current call to the API CryptDeriveKey:- DWORD dwFlags = KeySize * 0x10000; CryptDeriveKey(m_hProv, m_lAlg, hHash, dwFlags, &m_hKey); where hHash is handle to the SHA1 of the shared secret and KeySize is 56. Does any know where I can find out how this initialises the RC4 PRBS ? -- Anthony Jones - MVP ASP/ASP.NET
