Evaluate

Encryption and .NET application security

Encrypting sensitive data is an important part of .NET Web application security. Expert Dan Cornell explains how to encrypt your data using the options available.

Published: 06 Mar 2006

What are my options for encrypting data on the .NET platform?

There are a number of cryptographic capabilities available on the .NET platform. The .NET core libraries contain managed implementations of most popular cryptographic functions, including symmetric (secret key) cryptography, asymmetric (public key) cryptography and hashing.

The majority of these capabilities can be found in the System.Security.Cryptography namespace. Available hashing algorithms include MD5, SHA1, SHA256, SHA384 and SHA512. Symmetric algorithms available include DES, RC2, Rijndael (AES) and Triple DES. All of those are industry-proven cryptographic routines available for easy use via .NET libraries. Please note that there have been weaknesses or issues associated with certain algorithms such as MD5, SHA1 and DES, so select algorithms carefully.

Cryptography resources

Protecting encrypted data from attacks

Beginning Cryptography with Java -- Chapter 2, Symmetric Key Cryptography

OWASP Guide to Building Secure Web Applications and Web Services, Chapter 19: Cryptography

Also, starting with the release of Windows 2000, Microsoft has provided a Data Protection API (DPAPI) as part of the operating system. This allows Windows applications to easily have access to powerful encryption capabilities based on either the current user's or the current machine's security identity. At its core, the DPAPI is a Win32 library. Under .NET 1.1 a wrapper library had to be created before DPAPI calls could be made from .NET applications.

An equivalent bridge library has been included in the .NET 2.0 platform, making it even easier to DPAPI-enable applications. This can be found in the DataProtectionConfigurationProvider in the System.Security.Cryptography namespace.

Given increasing requirements to protect sensitive patient and customer information due to laws such as HIPAA and California SB-1386, the use of cryptography in applications is beginning to be a must-have rather than something that's nice to have. Fortunately the .NET platform makes the low-level task of implementing these capabilities unnecessary.

Dig Deeper on Building security into the SDLC (Software development life cycle)

Symmetric vs. asymmetric encryption: Deciphering the differences Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and cons.

DigiCert, Gemalto and ISARA to provide quantum-proof certificates Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.

cryptography Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.

How does Microsoft's FourQ cryptographic library work? Microsoft introduced a new cryptographic library based on FourQ, which the company says is faster than competing algorithms. Expert Michael Cobb takes a closer look at FourQLib.

Utilizing a hash function algorithm to help secure data Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code.

Should developers create libraries of common cryptographic algorithms? In this expert response, Michael Cobb explains why developers don't need to create their own cryptolibraries.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Software Quality experts

View all Software Quality questions and answers

Encryption and .NET application security

Encrypting sensitive data is an important part of .NET Web application security. Expert Dan Cornell explains how to encrypt your data using the options available.

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudComputing

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

SearchAppArchitecture

5 ways to get complex event processing right

5 essential tips for logging microservices

An introduction to combining CQRS and event sourcing

SearchITOperations

How a rules engine can drive -- or derail -- an IT automation strategy

Decipher real-world AIOps use cases from the hype

How to achieve continuous feedback in DevOps pipelines

SearchAWS

Overcome these VMware Cloud on AWS migration challenges

New AWS cost management tool, instance tactics to cut cloud bills

A complete guide to AWS re:Invent 2019

Dig Deeper on Building security into the SDLC (Software development life cycle)

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.