O'Reilly logo

Beginning ASP.NET Security by Barry Dorrans

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Keeping Secrets Secret — Hashing and Encryption

Most Web applications will store data that may be considered sensitive — credit card information, Social Security Numbers, and, of course, passwords. In Chapter 5, you saw how you can encrypt ViewState and portions of your configuration files to prevent information leakage, but how do you encrypt other data you wish to protect?

In this chapter, you will learn about the following

  • The four basic areas of cryptography: hashing, generating random numbers, symmetric encryption, and asymmetric encryption

  • Where it is appropriate to use hashing and how to use it

  • The difference between symmetric and asymmetric encryption

  • How to encrypt and decrypt

  • What algorithms are unsafe

  • What the Windows Data Protection API provides, and how to use it

As you read through this chapter, you will find a lot of references to "clear text". Clear text simply refers to the unencrypted data you wish to secure. It may not actually be text at all. Generally, encryption algorithms work on binary data. However, clear text is a phrase derived from "plain text,"which refers to information in the language of the communicating parties, a concept used long before computers were available. So cryptography has stuck with using the word "text" when actually it can refer to binary data as well. When reading about cryptography, "plain text" and "clear text" are often synonymous.

Note

The Open Web Security Application Project (OWSAP) lists insecure cryptographic storage as one ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required