The .NET Symmetric Encryption Algorithms

Symmetric algorithms always use the same key for encryption and decryption and they are fast for encryption and ecryption.

The next table lists symmetric algorithms supported by .NET:


Abstract Algorithm

Default Implementation

Valid Key Size

Maximum Key Size



The strength of the encryption corresponds to the key size. In case of the greater the key size, the harder it is for a brute-force attack to succeed, because there are far more possible key values to test. Keep in mind that the greater symmetric key sizes lead to larger messages and slower encryption times. In most cases, a good standard choice is Rijndael, because it offers solid performance and support for large key sizes.


The major problems with symmetric algorithms are:




Key exchange

When you are using symmetric algorithms to exchange data between two applications hosted by different parties, you have to exchange the key in a secure way.

Brute-force attacks

When you use the symmetric key for a longer period of time, attackers might have enough time to decrypt traffic by just trying any valid combination of bits in a key. With an increasing bit size, the strength of the key increases, but you should use a different key in regular intervals.

Long-term key management

If you have to update keys in regular intervals, you have to exchange them in regular intervals, which might lead to additional security risks. In addition, you have to store the key in a secure place.