Index
- Intro
- Encryption techniques
- Hashing
- Symmetric and asymmetric encryption
- References
Intro
Welcome back! Today is all about how to encrypt your data, different types of encryption, hashing messages and symmetric encryptionEncryption techniques
An encryption algorithm makes data unreadable to any person or system until the associated decryption algorithm is applied. It does not hide data; it makes it unreadable. People use to confuse encryption with compression and they are not the same.Types:
- File encryption: this is the most basic encryption pattern for .net developers. It's very useful because you will end encrypting your files and any windows user won't be able to read the content of your encrypted messages. This method uses Windows data protection mechanism behind the scenes but this is a kind of short cut. Ex:
const string dataToProtect = "This is a bunch of super secret content!"; var dataToProtectAsArray = Encoding.Unicode.GetBytes(dataToProtect); var fileName = Path.Combine(Environment.GetFolderPath( Environment.SpecialFolder.MyDocuments), "MyDataFile.txt"); // Encrypt a file in the file system File.WriteAllText(fileName, dataToProtect); // now we can encrypt it - only we can access it now File.Encrypt(fileName);
- Windows data protection: this allows you to protect data in memory you might want to save into a database or provide via some web service. In the following example I'm encrypting some data defining a particular scope, which will be used to decrypt it, so it's an extra level of security. Ex:
// Windows Data Protection (we can also protect for the LocalMachine too) // note, the null can be replaced with a byte[] for additional entropy var wdpEncryptedData = ProtectedData.Protect( dataToProtect, null, DataProtectionScope.CurrentUser); var wdpUnEncryptedData = ProtectedData.Unprotect( wdpEncryptedData, null, DataProtectionScope.CurrentUser); var wdpUnencryptedString = Encoding.Unicode.GetString( wdpUnEncryptedData); Debug.Assert(dataToProtect.Equals(wdpUnencryptedString));
- Hashing: the main usage is signing data, which you could think like a wax sealed in an envelope which proves it hasn't been opened since the last time that whoever signed it.
- Symmetric and asymmetric: this encryption technique is focused in sharing data beyond your user's space.
Think about encryption as a process you ran over the message you want to hide. It's a intensive process and the more intensive the more secure but more resources/time you'll need to perform the conversion of your message.
Hashing
Mainly used for signing and validation. A hash is a value which always is generated in the same way for the data that needs to be encrypted. Is a one-way encryption algorithm, which basically means you can't revert the transformation applied (except, maybe, by brute-force attack). It's fast depending on the algorithm. It's also useful to storing information in a shorter way. For example, you might want to store a hashed password in a database.
There are different approaches to create this codes like:
Asymmetric aka "Public key" encryption uses two keys as you know. One is used for encryption and the other for decryption. Commonly used for digital signatures and typical .Net frameworks are:
- MD5: 16 characters which could produce collisions (same hash from different messages) because of the small amount of characters.
- SHA (SHA1, SHA256, SHA384, SHA512): 256 is the most common. Both 384 and 512 take the same amount of time to execute, so go for the 512 in order to get more security.
The longer the hash you want to create the smaller the chances to get any collisions. In the following example, I'll show you how to encrypt a message using SHA256:
As you can see in the previous example, first we are performing a conversion of our password into an array of bytes. That will be the content we'll provide into the SHA256 algorithm instance. Finally we compare the result of the encryption saved in "passwordHash" with the already storedPasswordHash variable which contains the value from the database. If everything matches we'll get the "Password match!" message printed in the console.
// hashing - one-way encryption // this represents a hashed password stored in a database var storedPasswordHash = new byte[] { 148, 152, 235, /* ... more characters ... */ }; var password = Encoding.Unicode.GetBytes("P4ssw0rd!"); var passwordHash = SHA256.Create().ComputeHash(password); // nice convenience method - can also supply a custom comparator if (passwordHash.SequenceEqual(storedPasswordHash)) { Console.WriteLine("Password match!"); }
As you can see in the previous example, first we are performing a conversion of our password into an array of bytes. That will be the content we'll provide into the SHA256 algorithm instance. Finally we compare the result of the encryption saved in "passwordHash" with the already storedPasswordHash variable which contains the value from the database. If everything matches we'll get the "Password match!" message printed in the console.
Symmetric and asymmetric encryption
For this particular encryption approach, we need to use a key in order to perform our encryption. For the symmetric type we use just one key, and for the asymmetric two. First type is faster. There are five algorithms in the .Net framework:- AES (recommended)
- DES
- RC2
- Rijndael
- TripleDES
Asymmetric aka "Public key" encryption uses two keys as you know. One is used for encryption and the other for decryption. Commonly used for digital signatures and typical .Net frameworks are:
- DSA
- ECDiffielHellman
- ECDsa
- RSA (recommended)
References
- http://www.microsoftvirtualacademy.com/training-courses/developer-training-with-programming-in-c
- http://en.wikipedia.org/wiki/Brute-force_attack
0 comments:
Post a Comment