The Artima Developer Community
Sponsored Link

.NET Buzz Forum
Crypto in .Net

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Paschal

Posts: 1621
Nickname: bigapple
Registered: Nov, 2003

Paschal is a .Net developer
Crypto in .Net Posted: Nov 21, 2003 1:32 AM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Paschal.
Original Post: Crypto in .Net
Feed Title: help.net
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/pleloup/Rss.aspx
Feed Description: .Net for mankind !
Latest .NET Buzz Posts
Latest .NET Buzz Posts by Paschal
Latest Posts From help.net

Advertisement

Everyday I learn something, and I like it ;-)

Some valid point on the data encryption post:

From
Wes

Actually for user passwords hashing with a salt is typically the way they are done. They are usually not encrypted with symmetric encryption, because there is usually no reason to be able to decrypt them. If a user loses a password then you simiply reset it. You don't want to, or at least I don't want to be able to decrypt my users passwords, that can lead to a whole can of worms I don't want to deal with.

And from
Securecoder.news(subscribed from now)

The built-in crypto capabilities of the .NET framework are pretty extensive. It contains the ability to do both Symmetric (DES, RC2, Rijndael, TripleDES) and Asymmetric Encryption (DSA, RSA) as well as Hashing (MD5, SHA1, SHA256, SHA384, SHA512).

As far as storing passwords in a database. DON'T!  One of the basic tenets of security is that if you don't need to keep a secret, don't! Passwords are a great example where this should be followed. Hash or even better store a salted hash of the password.

The byproduct of this of course is, how do you go about doing password resets?

Couple of ways I can think of are to have password hints that you are provided by the user when the account is set up that are provided by the user when the password needs to be changed or sending out a temp password to an known and verified e-mail account on file with an explicit and short time window during which you can make the password change.

Of course, for highly secure apps, the cleanest would be to provide a phone number where a human actually verifies the identity of the user and does temp password reset.

And  Andrew Birkett mention this:

There is an implementation of AES (and others) in the System.Security.Cryptography, if you're using C#. It will (hopefully!) be better tested than the version in the article, and I think it delegates to the Win32 CryptoAPI, which means it will run faster than the C#

Strange that in a recent MSDN magazine, they don't mention this namespace at all, but just checked in the docs, and yes a lot of things can be done from there.
Well the article is worthwhile, because James explain the way it works.


 

Read: Crypto in .Net

Topic: Efficient Selling Previous Topic   Next Topic Topic: Dolphins Re-Sign Gadsden

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use